Jamf Nation Community

NaomiT · ‎10-12-2016

Hi,

We currently have JSS version 9.96. I would like to set up screen sharing in Casper Remote. I checked on a student test Mac (Sierra OS) that Remote Login is enabled by default but screen sharing is not. I checked in Casper Admin and Casper Remote but I was not able to find the setting to enable screen sharing.

Is there a setting that is in the base image, Casper Suite, or a script that enables screen sharing?

stevevalle · ‎10-12-2016

As part of our SOE, we have both Remote Login (ssh) & Remote Management (screen sharing) enabled.

To share the screen of another computer, ssh must be enabled on the target computer and if the target computer has OS X 10.10 or later, Screen Sharing must also be enabled on the computer

System Preferences > Sharing > Remote Login
System Preferences > Sharing > Remote Management

Hope that helps!

NaomiT · ‎10-13-2016

Thank you @stevevalle. I was trying to find out how to enable these settings on the back end. We will have our devices across the school district and will need to use Casper Remote to troubleshoot.

TJ_Edgerly · ‎10-13-2016

We have a policy set to run this periodically (once a week):

#!/bin/sh

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users <ADMIN ACCOUNT>

I can also push this script to "fix" a screen sharing computer that says it is not enabled.

*Note: we do have a local admin account for each school for the onsite tech. We also have the Startup script ensure SSH is enabled to push on the backend

NaomiT · ‎10-14-2016

Thank you @TJ.Edgerly. I can definitely use this.

easyedc · ‎10-14-2016

Out of curiosity @TJ.Edgerly but why are you deactivating it? I use a single line with restart as my variable. We do occasionally see remote access hiccups and am curious if you added the deactivate to solve some problem.

#!/bin/sh
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin -privs -all -restart -agent -menu
exit 0

NaomiT · ‎10-19-2016

Hi @TJ.Edgerly .

I have a follow up question. I found that I can just VNC using the internal IP address listed in the JSS to remote in on the computer. When testing this I had to manually enable screen sharing (Remote Management) and add our local admin group for our engineers. Is there also a script I can run to automate adding our local admin group to allow our engineers access to VNC?

Another issue I came across was restricted software. I have noticed that I can only restrict software like (FaceTime, Messages, AppStore, & Email) for students when I also have the configuration profile set to only allow certain software to run. If I just have restricted software set and no configuration profile to restrict applications it will allow these apps to run. Is this supposed to work this way?

Any thoughts/suggestions are greatly appreciated.

TJ_Edgerly · ‎10-19-2016

@easyedc Only reason for the deactivation was during an earlier OS, the one line would not work...but when i put the deactivate/reactivate line separated....it would. It has worked is subsequent releases, so i never went back to clean it up.

@NaomiT If i'm understanding you correctly, you are trying to add a specific local admin to the Remote Management List (Not sure if you are referring to "Remote Login" or "Remote Management" under the System preferences>>>Sharing section.

If you want to add under the Remote management section with a local admin user, the script i posted above allows you to set a specific account.

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users <ADMIN ACCOUNT>

Ex. (To add kadmin account)

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -users kadmin

*If a computer is not allowing VNC, leverage a casper remote session and just have the script run (I just created a "Repair ARD" script that is in the JSS). This typically repairs the issues 90% of of the time.

If you are wanting to add a user under the Remote Login Service you have a few options:

[https://www.jamf.com/jamf-nation/discussions/7153/remote-login-all-users
](link URL)

sudo systemsetup -setremotelogin on

running from a casper remote session, will turn the remote login back on. Since my account is local admin account, it is re-enabled if is was disabled.

Hope this helps. Let me know if you have any questions or if you can post some screen shots of what you're are trying to enable and where.

NaomiT · ‎10-20-2016

@TJ.Edgerly Thank you! I have attached a screenshot.

I would like to automate enabling screen sharing and adding the group I have listed in the screen shot.

TJ_Edgerly · ‎10-21-2016

@NaomiT I see, In the past is have just leveraged the Remote Login and Remote Management section (VNC is still enabled with those two options).

Since I enable remote Management that portions takes over the Screen sharing portion.

NaomiT · ‎10-21-2016

@TJ.Edgerly I was able to use the script you posted above and now I have the "Screen Sharing is currently being controlled by the Remote Management service" message like you posted above as well. The problem I have is that the user group is not listed under Remote login (Kadmin) in your example. I used this script below:

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users 9200LocalAdmin -privs -all -restart -agent -menu

I'm not familiar with scripting and not sure where I made the mistake.