2 weeks ago
Hey everyone, new to Jamf here. We have a remote desktop app that requires us to allow access via the remote desktop setting in privacy and security (shown below). We have many remote machines and are trying not to have to enable it one by one. Anyone know if it's possible to set this in Jamf? I looked in the PPPC on our config profile but I don't see this "Remote Desktop" setting.
Solved! Go to Solution.
2 weeks ago
PPPC doesn't support a Remote Desktop key yet. Someone did submit an issue for it on GitHub...
https://github.com/jamf/PPPC-Utility/issues/128
...But Jamf can only support the keys that Apple provides, and so far it doesn't look like Apple has provided any yet, at least according to this:
So we may just need to wait on Apple for a key at this point unfortunately.
2 weeks ago
Once you have the remote desktop application name and .app Try using this app: https://github.com/jamf/PPPC-Utility
To answer your question yes you can add the app and pre-approve it with Jamf.
Create a configuration profile then test deploy it = Privacy Preferences Policy Control Profile
2 weeks ago
@Karlifry There is an "Enable Remote Desktop" command in the Management Commands screen of the Management tab of a computer record in your Jamf Pro console but it's not clear if that's going to be useful for you. Apple traditionally requires that users manually approve Camera, Microphone, or Screen Recording access and you may experience the same with the Remote Desktop access. You should also check with the vendor for your Remote Desktop tool to see if they offer any guidance on managing it via MDM.
2 weeks ago
PPPC doesn't support a Remote Desktop key yet. Someone did submit an issue for it on GitHub...
https://github.com/jamf/PPPC-Utility/issues/128
...But Jamf can only support the keys that Apple provides, and so far it doesn't look like Apple has provided any yet, at least according to this:
So we may just need to wait on Apple for a key at this point unfortunately.
2 weeks ago
ah OK. Thats what I assumed but was wondering if I was missing something. Thank you all for the info!
2 weeks ago
If this is mission critical, you may want to look at Apple Remote Desktop. Apple Remote Desktop can be enabled remotely by sending the "Set Remote Desktop (macOS 10.14.4 or later)" command via MDM.
The only issue is that the MDM command enables Remote Management for ALL users. If you want to specify ARD access for only one user (e.g. your 'localadmin' user), you can run a script (example shown) by policy. The policy can even include a payload to create a new 'arduser' to be used exclusively for Apple Remote Desktop.
#!/bin/sh
# ARD User short named passed to this script from Jamf Pro policy as parameter $4
logger "$0: Configure Apple Remote Desktop access for $4."
usermissing=`finger -ms $4 2>&1 1>/dev/null | wc -l`
if [ ${usermissing} -eq 1 ]; then
echo "User $4 not found."
logger "$0: User $4 not found."
exit 1
fi
# Hide ARD user from login window
dscl . create /Users/$4 IsHidden 1
# Configure Apple Remote Desktop access only for specified users
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers
# Configure Apple Remote Desktop Agent for ARD user specified by parameter $4
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users $4 -access -on -privs -all -clientopts -setmenuextra -menuextra yes
# Hide 'Other' from Login Window
defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool false
exit 0