I try to enable Remote Control for Big Sur with a script. I try that :
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -allowAccessFor -specifiedUsers /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users admin -privs -DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -RestartShutDown -SendFiles -ChangeSettings /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -menu /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate
With Apple Remote Desktop I have a black screen. I run this command :
tccutil reset ScreenCapture
No more black screen. But, I can observe, but not control! 😅
You can not enable this via a script with Big Sur. It has to be an MDM command. For a quick fix, go into Jamf Pro / Management Commands / Disable Remote Desktop and then enable it again. This will keep all the settings from your script in place and will actually allow you to remote the device. At least that works for me. Hope that helps.
Chiming in would really like to be able to automate this. I did some research and it is possible to run it as a script. I am not good with scripting but this is my logic:
- Export UUID of the devices from Smart Group via API
- Flatten the UUIDs into an XML
- Apply to a script like this and change the lines to "/computercommands/commands/EnableRemoteDesktop" as per API doc
That's pretty much what I did. I used powershell since that's what we have to use here on our job server. It runs several times per day and scans a smart group called "Remote Desktop Not Enabled" and calls that API. The script is a big long and uses functions from my script library, but the meat of it looks like:
I am thinking more inline with running it as script on the client's computer once a day, That should be more manageable for me since I don't need to pull a Smart Group and make a XML out of it. I can supply the api credentials in the policy parameters to avoid putting them in the script.
The script will be deployed via a policy and JAMF will run the script as root. I have setup a few JAMF accounts specifically for API calls and send MDM commands. I just have to make the script to use the API account credentials in the Script parameters in the policy and the script will pull the UDID of the computer is it run on, then run an API call to JAMF to send the EnableRemoteDesktop command.
That's my theory anyways, I have not written anything in this calibre so I might not do it after all. It's likely cheaper to find a new guy in my department to make this a daily duty. 🤣