Enabling Remote Desktop on Catalina

jhuls
Contributor III

I've looked at several threads on how to do this and with what I've learned it works for my Mojave test machine but not Catalina. In Catalina it enabled but just hangs when trying to connect unless enabled manually. If enabled manually it works fine.

I have a configuration profile assigned with an identifier of com.apple.screensharing.agent

Code requirement: identifier "com.apple.screensharing.agent" and anchor apple

and post event of Allow.

In a policy I have the following script run...

#! /bin/sh

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users $4 -access -on -privs -ControlObserve -ShowObserve -clientopts -setmenuextra -menuextra yes

exit

Can someone shed some light on things?

7 REPLIES 7

Cayde-6
Release Candidate Programs Tester

There is the MDM command to enable Remote Desktop.

You can trigger this individually from a computer records management tab OR via the actions button from a search

Cayde-6
Release Candidate Programs Tester

eef141a037484ea2b0d829eff129b7b1

Cayde-6
Release Candidate Programs Tester

851ac119023b481b9f2a464cbb8986d8

jhuls
Contributor III

Thanks. I wasn't aware of that as it seems I don't have access to it. It looks like I'll be contacting our application support team to make arrangements.

jcarr
Release Candidate Programs Tester

One caveat is that the MDM command to enable/disable Remote Management enables it for ALL users on the system. If you want to configure Apple Remote Desktop for a single user (e.g. localadmin), you'll need to run a script to set those preferences. The newer macOS security model doesn't allow you to enable ARD via script, but you can still configure the preferences.

Here's an example that I have used in the past. Run this script by policy and send the short name of the user to be configured for ARD (e.g. arduser ladmin) as Parameter 4:

#!/bin/sh

# ARD User short named passed to this script from Jamf Pro policy as parameter $4

logger "$0: Configure Apple Remote Desktop access for $4."

usermissing=`finger -ms $4 2>&1 1>/dev/null | wc -l`

if [ ${usermissing} -eq 1 ]; then
    echo "User $4 not found."
    logger "$0: User $4 not found."
    exit 1
fi

# Hide ARD user from login window

dscl . create /Users/$4 IsHidden 1

# Configure Apple Remote Desktop access only for specified users

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers

# Configure Apple Remote Desktop Agent for ARD user specified by parameter $4

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users $4 -access -on -privs -all -clientopts -setmenuextra -menuextra yes

# Hide 'Other' from Login Window

defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool false

exit 0

supson
New Contributor III

@jcarr DO I have to add the 'adruser' part or can I just put the username 'ladmin'?

Stephen1818
New Contributor

I am trying to stop Apple Remote Desktop service for a lab when a user is logged in. To use lockdown browser ARD must be turned off.

I would like to use the -stop command this would turn Apple remote desktop back on after restarting.

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -stop

I cannot get the command to work from self service.  It needs to be run with sudo.  Has anyone tried this.