Configure Remote Access (ARD) via Script

Ricky
Contributor

Hello!

We have a couple labs that came in on High Sierra and are unable to use our old script for enable Remote Desktop access.

This is what we used to push out in a policy. Even after a restart we are having no luck. Any thoughts?

5 REPLIES 5

dmw3
Contributor III

This works for us with High Sierra.

#!/bin/sh
####################################################################################################
#
# Copyright (c) 2010, JAMF Software, LLC.  All rights reserved.
#
#       Redistribution and use in source and binary forms, with or without
#       modification, are permitted provided that the following conditions are met:
#               * Redistributions of source code must retain the above copyright
#                 notice, this list of conditions and the following disclaimer.
#               * Redistributions in binary form must reproduce the above copyright
#                 notice, this list of conditions and the following disclaimer in the
#                 documentation and/or other materials provided with the distribution.
#               * Neither the name of the JAMF Software, LLC nor the
#                 names of its contributors may be used to endorse or promote products
#                 derived from this software without specific prior written permission.
#
#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
####################################################################################################
#
# SUPPORT FOR THIS PROGRAM
#
#       This program is distributed "as is" by JAMF Software, LLC's Resource Kit team. For more
#       information or support for the Resource Kit, please utilize the following resources:
#
#               http://list.jamfsoftware.com/mailman/listinfo/resourcekit
#
#               http://www.jamfsoftware.com/support/resource-kit
#
#       Please reference our SLA for information regarding support of this application:
#
#               http://www.jamfsoftware.com/support/resource-kit-sla
#
####################################################################################################
#
# ABOUT THIS PROGRAM
#
# NAME
#   enableARD.sh -- Enable ARD and Configure Remote Management Settings
#
# SYNOPSIS
#   sudo enableARD.sh
#   sudo enableARD.sh <mountPoint> <computerName> <currentUsername> <targetUsername>
#
#   If the $targetUsername parameter is specified (parameter 4), this is the account that will be 
#   granted access to ARD.
#
#   If no parameter is specified for parameter 4, the hardcoded value in the script will be used.
#
# DESCRIPTION
#   This script enables and configures remote management settings for a user.  There are a number
#   of options that the script is capable of configuring, which should be specified in the privs
#   string.  Please see the kickstart man page for more information.
#
#   The following options are available in the kickstart application:
#
#       -DeleteFiles
#       -ControlObserve
#       -TextMessages
#       -ShowObserve
#       -OpenQuitApps
#       -GenerateReports
#       -RestartShutDown
#       -SendFiles
#       -ChangeSettings
#       -ObserveOnly
#       -mask
#
#   ARD access is granted and priviliges  are assigned to an individual account on computers running 
#   Mac OS X 10.3 and later. It can be used with a hardcoded value in the script, or read in as a 
#   parameter.  Since the Casper Suite defines the first three parameters as (1) Mount Point, 
#   (2) Computer Name and (3) username, we are using the forth parameter ($4) as the passable 
#   parameter.  We do not use $3 since it may not match up to the username that we want to grant
#   access for.
#
####################################################################################################
#
# HISTORY
#
#   Version: 1.1
#
#   - Created by Tedd Herman on August 5th, 2008
#   - Modified by Nick Amundsen on August 5th, 2008
#
####################################################################################################
#
# DEFINE VARIABLES & READ IN PARAMETERS
#
####################################################################################################


# HARDCODED VALUE FOR "USERNAME" IS SET HERE
targetUsername="admin-user"


# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "USERNAME"
if [ "$4" != "" ] && [ "$targetUsername" == "" ];then
    targetUsername=$4
fi

# DEFINE WHICH PRIVILEGES WILL BE SET FOR THE SPECIFIED USER
privs="-DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings"

####################################################################################################
# 
# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
#
####################################################################################################

if [ "$targetUsername" != "" ]; then
    echo "Enabling Apple Remote Desktop Agent..."
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
    echo "Setting Remote Management Privileges for User: $targetUsername ..."
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -privs $privs -users $targetUsername
else
    echo "Error:  The parameter 'targetUsername' is blank.  Please specify a user."
fi

davidhiggs
Contributor III

I found using kickstart to setup ARD doesn't allow you to configure it so that the curtain function works. Anyone else find that and know of a workaround?

blackholemac
Valued Contributor III

To make that work it’s important to distinguish where you seek to configure the functionality you wish to use.

The kickstart command does a great job in our environment to get a remote Mac configured and authorized with the right logins.

If you are wishing to configure the admin application properly simply configure the setting you want in the GUI, capture the resulting .plist, strip the .plist down to only what you wish to force, then build a custom .mobileconfig file (user domain) and scope it out or if you just want to set it up initially, deploy the .plist to your users.

jwilson
New Contributor II

Need a little help with this script. I have edited the username per this line

HARDCODED VALUE FOR "USERNAME" IS SET HERE

targetUsername="admin-user"

The script keeps failing. Am I missing something ?? Should I be editing something else as well ?

Here is the error from Jamf52013d63c5dd45379d9b270cb8f9abf5

HappyTrails
New Contributor III

Any resolution to this issue?