Jamf Nation Community

jhuls · ‎04-14-2020

I've looked at several threads on how to do this and with what I've learned it works for my Mojave test machine but not Catalina. In Catalina it enabled but just hangs when trying to connect unless enabled manually. If enabled manually it works fine.

I have a configuration profile assigned with an identifier of com.apple.screensharing.agent

Code requirement: identifier "com.apple.screensharing.agent" and anchor apple

and post event of Allow.

In a policy I have the following script run...

#! /bin/sh

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users $4 -access -on -privs -ControlObserve -ShowObserve -clientopts -setmenuextra -menuextra yes

exit

Can someone shed some light on things?

Cayde-6 · ‎04-15-2020

There is the MDM command to enable Remote Desktop.

You can trigger this individually from a computer records management tab OR via the actions button from a search

Cayde-6 · ‎04-15-2020

Cayde-6 · ‎04-15-2020

jhuls · ‎04-15-2020

Thanks. I wasn't aware of that as it seems I don't have access to it. It looks like I'll be contacting our application support team to make arrangements.

jcarr · ‎12-10-2020

One caveat is that the MDM command to enable/disable Remote Management enables it for ALL users on the system. If you want to configure Apple Remote Desktop for a single user (e.g. localadmin), you'll need to run a script to set those preferences. The newer macOS security model doesn't allow you to enable ARD via script, but you can still configure the preferences.

Here's an example that I have used in the past. Run this script by policy and send the short name of the user to be configured for ARD (e.g. arduser ladmin) as Parameter 4:

#!/bin/sh

# ARD User short named passed to this script from Jamf Pro policy as parameter $4

logger "$0: Configure Apple Remote Desktop access for $4."

usermissing=`finger -ms $4 2>&1 1>/dev/null | wc -l`

if [ ${usermissing} -eq 1 ]; then
    echo "User $4 not found."
    logger "$0: User $4 not found."
    exit 1
fi

# Hide ARD user from login window

dscl . create /Users/$4 IsHidden 1

# Configure Apple Remote Desktop access only for specified users

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers

# Configure Apple Remote Desktop Agent for ARD user specified by parameter $4

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users $4 -access -on -privs -all -clientopts -setmenuextra -menuextra yes

# Hide 'Other' from Login Window

defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool false

exit 0

supson · ‎01-07-2021

@jcarr DO I have to add the 'adruser' part or can I just put the username 'ladmin'?

Stephen1818 · ‎10-25-2021

I am trying to stop Apple Remote Desktop service for a lab when a user is logged in. To use lockdown browser ARD must be turned off.

I would like to use the -stop command this would turn Apple remote desktop back on after restarting.

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -stop

I cannot get the command to work from self service. It needs to be run with sudo. Has anyone tried this.

Jamf Nation Community

Enabling Remote Desktop on Catalina