Jamf Nation Community

Networld · ‎07-14-2021

Hi,

I try to enable Remote Control for Big Sur with a script. I try that :

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -allowAccessFor -specifiedUsers
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users admin -privs -DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -RestartShutDown -SendFiles -ChangeSettings
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -menu
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate

With Apple Remote Desktop I have a black screen. I run this command :

tccutil reset ScreenCapture

No more black screen. But, I can observe, but not control! 😅

J_Mukite · ‎07-14-2021

You can not enable this via a script with Big Sur. It has to be an MDM command. For a quick fix, go into Jamf Pro / Management Commands / Disable Remote Desktop and then enable it again. This will keep all the settings from your script in place and will actually allow you to remote the device. At least that works for me. Hope that helps.

swapple · ‎07-17-2021

How do you automate that? We have to toggle that setting for each machine?

J_Mukite · ‎07-19-2021

I only do this on an as needed bases, not every machine. It only takes a few seconds and I don't mind it. I don't believe you can do this in mass in the Jamf Pro UI. You might be able to do with with the Jamf Pro API. I'll see what I can find out.

scottwertz · ‎02-03-2022

Did you get that working? I'm trying to EnableRemoteDesktop through the API but I get an error "The method specified in the request is not allowed for the resource identified by the request URI".

MNussbaum · ‎04-14-2022

Ever have any luck with this? Would be nice if there is a command we can trigger from the computer to automate this on the MDM side versus having to manually click the button.

killer23d · ‎11-09-2022

Chiming in would really like to be able to automate this. I did some research and it is possible to run it as a script. I am not good with scripting but this is my logic:

- Export UUID of the devices from Smart Group via API

- Flatten the UUIDs into an XML

- Apply to a script like this and change the lines to "/computercommands/commands/EnableRemoteDesktop" as per API doc

https://gist.github.com/talkingmoose/f2fbca97b3b5b58d4192be1e2f326eff

https://github.com/rtrouton/rtrouton_scripts/blob/main/rtrouton_scripts/Casper_Scripts/clear_failed_...

scottwertz · ‎11-10-2022

That's pretty much what I did. I used powershell since that's what we have to use here on our job server. It runs several times per day and scans a smart group called "Remote Desktop Not Enabled" and calls that API. The script is a big long and uses functions from my script library, but the meat of it looks like:

$Params = @{ "URI" = ""; "Method" = 'GET'; "ContentType" = 'application/xml'; "Header" = $Header }

$Params.URI = 'https://' + $Site + '/JSSResource/computercommands/command/EnableRemoteDesktop/id/' + $ID

$Params.Method = 'POST'

$Params.ContentType = 'text/xml'

[XML]$result = Invoke-RestMethod -NoProxy @Params

I think the curl equivalent of that would look like this (I haven't tested this):

/usr/bin/curl -s -u "$jamfUsername:$jamfPassword" https://mysite.jamfcloud.com/JSSResource/computercommands/command/EnableRemoteDesktop/id/$ID -X POST # NOTE capital letters for POST

killer23d · ‎11-10-2022

I am thinking more inline with running it as script on the client's computer once a day, That should be more manageable for me since I don't need to pull a Smart Group and make a XML out of it. I can supply the api credentials in the policy parameters to avoid putting them in the script.

scottwertz · ‎11-10-2022

So do all of your users have Jamf accounts with permissions to execute that API? Or would you be including the username and password of an admin-level account in the script?

killer23d · ‎11-10-2022

The script will be deployed via a policy and JAMF will run the script as root. I have setup a few JAMF accounts specifically for API calls and send MDM commands. I just have to make the script to use the API account credentials in the Script parameters in the policy and the script will pull the UDID of the computer is it run on, then run an API call to JAMF to send the EnableRemoteDesktop command.

That's my theory anyways, I have not written anything in this calibre so I might not do it after all. It's likely cheaper to find a new guy in my department to make this a daily duty. 🤣

scottwertz · ‎11-10-2022

A Jamf policy. Gee, why didn't I think of that? Need...more...coffeeee.....

Jamf Nation Community

Enable Remote Control to Big Sur