Extension attribute for Remote Management status?

stevehahn
Contributor

I've been asked to turn off the Remote Management option on all clients, so that technicians cannot access client machines through Apple Remote Desktop and instead must use Casper Remote (since Casper Remote screen sharing sessions can be configured to require approval on the client end, and all sessions are logged on the JSS).

I'm writing an extended attribute that will monitor the status of the Remote Management service, so that we can have a Smart Group of clients that have it turned on (and we can get emails when the status changes). It's proving a bit more complicated than I hoped--ideally, you could just run "kickstart status" and get usable output, but as far as I can tell the kickstart command has no option to query status.

There's a command here: http://apple.stackexchange.com/questions/90848/check-remote-management-status-via-terminal but the problem with it is that it only works if it is run as the currently logged in user; since Casper runs scripts as root I get a false result. Here's what I've put together thus far:

#!/bin/sh
ardStatus=`launchctl list | grep screensharing | wc -l`

if [ $ardStatus = 0 ]; then
    echo "<result>Disabled</result>"
else
    echo "<result>Enabled</result>"
fi

In my testing so far, the script returns Enabled if there is an active Casper Remote screen sharing session--but we only want Enabled to return if the Remote Management checkbox under Sharing in System Preferences is turned on.

1 ACCEPTED SOLUTION

mm2270
Legendary Contributor III
2 REPLIES 2

mm2270
Legendary Contributor III

stevehahn
Contributor

@mm2270 Perfect, thanks! My search-fu must have been off.