- Jamf Nation Community
- Products
- Jamf Pro
- Dealing w/ Screen Sharing on MacOS 10.14 and 10.15
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-15-2019 08:06 AM
Good morning everyone,
I was wondering how everyone is handling setting up screen sharing remotely / by script on device enrollment. We used to run a script that would add our local admin account to the System Preferences > Sharing settings. It appears that starting in 10.14 (maybe 10.13) this ability was removed from the OS and we have been smacking our head against the wall trying to fix it. Is there a script or configuration profile that we should be using to add this account for screen sharing purposes? Based on my understanding, we can no longer use the kickstart resource to initiate this configuration change.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-22-2019 08:54 AM
You can use Kickstart to enable Remote Management, which then enables Screen Sharing (and is managed by Remote Management).
The reason you cannot Kickstart screen sharing anymore is the same rationale behind User Approved MDM.
If you push the package/script remotely, anyone can enable it (or enroll a device in a JSS) without needing user intervention. This was a security measure added in 10.13 that requires a PHYSICAL click for User Approved MDM and enabling screen sharing. Apple won't let you script it or use a VNC to do so anymore. Why it's that way, I don't know.
#!/bin/sh
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -activate -configure -clientopts -setmenuextra -menuextra no
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -users lab -access -on -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -allowAccessFor -specifiedUsers -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -restart -agent -menu
/usr/sbin/systemsetup -setremotelogin on
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -config -clientopts -setmenuextra -menuextra no
exit 0This however, configures Screen Sharing/Remote Login for a specific user only.
Reply
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-15-2019 08:21 AM
Check out this support doc on creating a PPPC profile to enable screen sharing: https://support.apple.com/en-us/HT209161
If you're running Jamf 10.13 or later there's also a command to enable or disable remote desktop.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-22-2019 07:11 AM
@sshort when you issue the JAMF command how do you assign which user account has access?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-22-2019 07:24 AM
Curious as to why this (ARD particularly, not just Screen Sharing) is not exposed in the GUI. It appears that you have to either use the Remote Command or a script.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-22-2019 08:54 AM
You can use Kickstart to enable Remote Management, which then enables Screen Sharing (and is managed by Remote Management).
The reason you cannot Kickstart screen sharing anymore is the same rationale behind User Approved MDM.
If you push the package/script remotely, anyone can enable it (or enroll a device in a JSS) without needing user intervention. This was a security measure added in 10.13 that requires a PHYSICAL click for User Approved MDM and enabling screen sharing. Apple won't let you script it or use a VNC to do so anymore. Why it's that way, I don't know.
#!/bin/sh
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -activate -configure -clientopts -setmenuextra -menuextra no
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -users lab -access -on -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -configure -allowAccessFor -specifiedUsers -privs -all
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -targetdisk / -restart -agent -menu
/usr/sbin/systemsetup -setremotelogin on
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -config -clientopts -setmenuextra -menuextra no
exit 0This however, configures Screen Sharing/Remote Login for a specific user only.
Reply
