Help

Enable remote management (full control) in Mojave??

taugust04
Valued Contributor

Posted on ‎09-01-2018 07:13 PM

So...

Prepare your institution for iOS 12 or macOS Mojave
[https://support.apple.com/en-us/HT209028](link URL)

"For increased security, using the kickstart command to enable remote management on a Mac will only allow you to observe it when sharing its screen. If you wish to control the Mac while sharing its screen, enable remote management in System Preferences."

So any thoughts on how we can enable full control Apple Remote Desktop management in 10.14? Some of us still have computer labs to manage. I know JAMF Remote provides some of this functionality, but the full console where you see all your systems in Apple Remote Desktop still hasn't been replicated nicely by a third party product.

Its hard to believe how many more things we now need to enable manually in the year 2018 for the sake of security. I remember the good old days where I could just a schedule re-image an entire lab without any intervention... sigh... Apple really needs DEP to catch up with their security policies they keep rolling out...

Labels:
121 REPLIES 121

nberanger
Contributor

Posted on ‎11-25-2020 05:33 AM

@Tildo If you look at the script, you can see this line defines all users:

# Allow Apple Remote Desktop accesss only for specified users $ardkickstart -configure -allowAccessFor -allUsers -privs -all

If you want, you can instead define users by changing it to -allowAccessFor -specifiedUsers

Then you can define the users you want.

If you want to read more about options available with Kickstart, check out the man page by running this in Terminal:

man /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart

Cheers!

kwoodard
Contributor III

Posted on ‎11-25-2020 10:23 AM

Thanks @nberanger , that's how I would attack this. I have this set for all users as sometimes a computer isn't on a domain for the domain admins to gain access. Standard users can't do anything as all the tools they could possibly use for RM are blocked. They only get access to some software titles in the Applications folder, everything else, no dice.