This works for us with High Sierra.

1#!/bin/sh
2####################################################################################################
3#
4# Copyright (c) 2010, JAMF Software, LLC.  All rights reserved.
5#
6#       Redistribution and use in source and binary forms, with or without
7#       modification, are permitted provided that the following conditions are met:
8#               * Redistributions of source code must retain the above copyright
9#                 notice, this list of conditions and the following disclaimer.
10#               * Redistributions in binary form must reproduce the above copyright
11#                 notice, this list of conditions and the following disclaimer in the
12#                 documentation and/or other materials provided with the distribution.
13#               * Neither the name of the JAMF Software, LLC nor the
14#                 names of its contributors may be used to endorse or promote products
15#                 derived from this software without specific prior written permission.
16#
17#       THIS SOFTWARE IS PROVIDED BY JAMF SOFTWARE, LLC "AS IS" AND ANY
18#       EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19#       WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20#       DISCLAIMED. IN NO EVENT SHALL JAMF SOFTWARE, LLC BE LIABLE FOR ANY
21#       DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22#       (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
23#       LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
24#       ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25#       (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26#       SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27#
28####################################################################################################
29#
30# SUPPORT FOR THIS PROGRAM
31#
32#       This program is distributed "as is" by JAMF Software, LLC's Resource Kit team. For more
33#       information or support for the Resource Kit, please utilize the following resources:
34#
35#               http://list.jamfsoftware.com/mailman/listinfo/resourcekit
36#
37#               http://www.jamfsoftware.com/support/resource-kit
38#
39#       Please reference our SLA for information regarding support of this application:
40#
41#               http://www.jamfsoftware.com/support/resource-kit-sla
42#
43####################################################################################################
44#
45# ABOUT THIS PROGRAM
46#
47# NAME
48#   enableARD.sh -- Enable ARD and Configure Remote Management Settings
49#
50# SYNOPSIS
51#   sudo enableARD.sh
52#   sudo enableARD.sh <mountPoint> <computerName> <currentUsername> <targetUsername>
53#
54#   If the $targetUsername parameter is specified (parameter 4), this is the account that will be 
55#   granted access to ARD.
56#
57#   If no parameter is specified for parameter 4, the hardcoded value in the script will be used.
58#
59# DESCRIPTION
60#   This script enables and configures remote management settings for a user.  There are a number
61#   of options that the script is capable of configuring, which should be specified in the privs
62#   string.  Please see the kickstart man page for more information.
63#
64#   The following options are available in the kickstart application:
65#
66#       -DeleteFiles
67#       -ControlObserve
68#       -TextMessages
69#       -ShowObserve
70#       -OpenQuitApps
71#       -GenerateReports
72#       -RestartShutDown
73#       -SendFiles
74#       -ChangeSettings
75#       -ObserveOnly
76#       -mask
77#
78#   ARD access is granted and priviliges  are assigned to an individual account on computers running 
79#   Mac OS X 10.3 and later. It can be used with a hardcoded value in the script, or read in as a 
80#   parameter.  Since the Casper Suite defines the first three parameters as (1) Mount Point, 
81#   (2) Computer Name and (3) username, we are using the forth parameter ($4) as the passable 
82#   parameter.  We do not use $3 since it may not match up to the username that we want to grant
83#   access for.
84#
85####################################################################################################
86#
87# HISTORY
88#
89#   Version: 1.1
90#
91#   - Created by Tedd Herman on August 5th, 2008
92#   - Modified by Nick Amundsen on August 5th, 2008
93#
94####################################################################################################
95#
96# DEFINE VARIABLES & READ IN PARAMETERS
97#
98####################################################################################################
99
100
101# HARDCODED VALUE FOR "USERNAME" IS SET HERE
102targetUsername="admin-user"
103
104
105# CHECK TO SEE IF A VALUE WAS PASSED IN PARAMETER 4 AND, IF SO, ASSIGN TO "USERNAME"
106if [ "$4" != "" ] && [ "$targetUsername" == "" ];then
107    targetUsername=$4
108fi
109
110# DEFINE WHICH PRIVILEGES WILL BE SET FOR THE SPECIFIED USER
111privs="-DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings"
112
113####################################################################################################
114# 
115# SCRIPT CONTENTS - DO NOT MODIFY BELOW THIS LINE
116#
117####################################################################################################
118
119if [ "$targetUsername" != "" ]; then
120    echo "Enabling Apple Remote Desktop Agent..."
121    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
122    echo "Setting Remote Management Privileges for User: $targetUsername ..."
123    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -privs $privs -users $targetUsername
124else
125    echo "Error:  The parameter 'targetUsername' is blank.  Please specify a user."
126fi

I found using kickstart to setup ARD doesn't allow you to configure it so that the curtain function works. Anyone else find that and know of a workaround?

To make that work it’s important to distinguish where you seek to configure the functionality you wish to use.

The kickstart command does a great job in our environment to get a remote Mac configured and authorized with the right logins.

If you are wishing to configure the admin application properly simply configure the setting you want in the GUI, capture the resulting .plist, strip the .plist down to only what you wish to force, then build a custom .mobileconfig file (user domain) and scope it out or if you just want to set it up initially, deploy the .plist to your users.

Need a little help with this script. I have edited the username per this line

HARDCODED VALUE FOR "USERNAME" IS SET HERE

targetUsername="admin-user"

The script keeps failing. Am I missing something ?? Should I be editing something else as well ?

Here is the error from Jamf

Any resolution to this issue?