- Jamf Nation Community
- Products
- Jamf Pro
- Re: accessibility access on mojave
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
accessibility access on mojave
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-12-2019 12:01 PM
https://support.logmeininc.com/central/faq/on-my-mac-why-do-i-get-an-accessibility-access-message-after-i-install-or-update-the-host-software-000143399
how would you guys across it from both machines with and without admin access?
is ARD/apple screensharing the best for remote support as an alternative?
right now our users have admin access and should be for at least the near future, but eventually we would need to remove access but still maintain the ability
we would ideally push it to all users who currently have or dont have admin rights (we have some stragglers).
any ideas?
thanks!
Labels:
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-12-2019 12:22 PM
I just use vnc://ip.address.of.machine with remote management enabled in sharing, everything works great.
If you want to go the hamachi route you can use the PPPC utility and apply a configuration profile to automatically accept the permissions that hamachi needs. This would prevent the dialog box from appearing, and it doesn't require the user to be an admin. Taccy is another good utility to help you determine what permissions the app needs.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-12-2019 12:27 PM
@mlizbeth how many machines are being managed and how often are there remote support requests?
i havent used VNC here, but is it similar to ard/screenshare or is there a separate needed?
lastly, how did you deploy remote management to your users? config file or via a combo of scripts?
thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-12-2019 12:30 PM
@jcheLC We have 200 currently, most of the Faculty/Staff machines don't see many problems, so I usually only remote in to our lab environments in this manner. However, all of our machines have this configuration enabled.
VNC is the protocol that the Screen Sharing app uses, so it'll work the same.
I used a script to enable remote management and restrict login to 1 specific user.
I think Screen Sharing needs a physical user click to enable it, while remote management you can still script out. This changed in Mojave. When enabling Remote Management in this way, Screen Sharing will become enabled, but in System Preferences it explicitly states "Screen Sharing is being controlled by Remote Management"
#!/bin/bash
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -activate -configure -clientopts -setmenuextra -menuextra no
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -users its -access -on -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -allowAccessFor -specifiedUsers -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -restart -agent -menu
/usr/sbin/systemsetup -setremotelogin on
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -config -clientopts -setmenuextra -menuextra no
exit 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-14-2019 04:45 PM
@mlizbeth Thanks for the script example. Do you just put in 1 specific user account in this line after - specifcUsers?
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -allowAccessFor -specifiedUsers -nameofspecificaccount -privs -all
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-15-2019 07:28 AM
I only put one user since nobody else needs remote access
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure **-users its** -access -on -privs -allOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-15-2019 08:36 AM
@mlizbeth Thanks for the info. I'll test it out on one of my Mojave systems. Most of our computers are still on High Sierra, and the few that are on Mojave have access issues with ARD due to the privacy changes.
