Jamf Nation Community

@Karlifry There is an "Enable Remote Desktop" command in the Management Commands screen of the Management tab of a computer record in your Jamf Pro console but it's not clear if that's going to be useful for you. Apple traditionally requires that users manually approve Camera, Microphone, or Screen Recording access and you may experience the same with the Remote Desktop access. You should also check with the vendor for your Remote Desktop tool to see if they offer any guidance on managing it via MDM.

If this is mission critical, you may want to look at Apple Remote Desktop. Apple Remote Desktop can be enabled remotely by sending the "Set Remote Desktop (macOS 10.14.4 or later)" command via MDM.

The only issue is that the MDM command enables Remote Management for ALL users.  If you want to specify ARD access for only one user (e.g. your 'localadmin' user), you can run a script (example shown) by policy.  The policy can even include a payload to create a new 'arduser' to be used exclusively for Apple Remote Desktop.

#!/bin/sh

# ARD User short named passed to this script from Jamf Pro policy as parameter $4

logger "$0: Configure Apple Remote Desktop access for $4."

usermissing=`finger -ms $4 2>&1 1>/dev/null | wc -l`

if [ ${usermissing} -eq 1 ]; then
	echo "User $4 not found."
	logger "$0: User $4 not found."
	exit 1
fi

# Hide ARD user from login window

dscl . create /Users/$4 IsHidden 1

# Configure Apple Remote Desktop access only for specified users

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -specifiedUsers

# Configure Apple Remote Desktop Agent for ARD user specified by parameter $4

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users $4 -access -on -privs -all -clientopts -setmenuextra -menuextra yes

# Hide 'Other' from Login Window

defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool false

exit 0