Remote management not working after imaging?

cpizanias
Contributor

I tried using Apple Remote Desktop to make a Client Installer and then created a script to run kickstart in order to enable my ability to remotely manage my Mac's via ARD. It does manage to apply all the settings properly, but then does not allow me to control the computer remotely via ARD or via Casper Screen Sharing. It will work if I toggle remote management off and then back on in System Preferences. Not sure if there's some way to correct this behavior?

Here's the ard script I'm running as part of my base image. Yeah the sudo is probably redundant:

#!/bin/sh
sudo /kickstart -targetdisk / -activate -configure -clientopts -setvnclegacy -vnclegacy yes -setreqperm -reqperm  yes -setmenuextra -menuextra no -configure -allowAccessFor -allUsers -privs -DeleteFiles -TextMessages  -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings -ControlObserve -restart -agent -menu
exit 0
13 REPLIES 13

dpertschi
Valued Contributor

Yes. I've seen similar, but have no answers to why yet.

If I ssh into the machine and re-run my kickstart command, it will start working.

jwojda
Valued Contributor II

I get this a lot too.

MAD0oM
Contributor

sounds like you may need to add some lines in your script? Try ?

#!/bin/sh
##remove database
sudo rm -rf /var/db/RemoteManagement
#####remove plist
sudo rm /Library/Preferences/com.apple.RemoteDesktop.plist sudo rm ~/Library/Preferences/com.apple.RemoteDesktop.plist
################your line below
sudo /kickstart -targetdisk / -activate -configure -clientopts -setvnclegacy -vnclegacy yes -setreqperm -reqperm yes -setmenuextra -menuextra no -configure -allowAccessFor -allUsers -privs -DeleteFiles -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings -ControlObserve -restart -agent -menu exit 0

let me know if that helps

cpizanias
Contributor

Thanks for trying @MAD0oM but unfortunately it did not work.

cpizanias
Contributor

I did notice that when I ssh and run the kickstart command I get

Starting...
Activated Remote Management.
WARNING: Failed to read /etc/hostconfig at /kickstart line 1123.
Stopped ARD Agent.
Set the client options.
Setting allow all users to YES.
Setting all users privileges to 255.
Restarted Menu Extra (System UI Server).
Done.

Not sure what that warning means but it does end up working and letting me ARD in afterwards.

MAD0oM
Contributor

@cpizanias

hmm

how about loading and unloading after your line?

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

Josh_Smith
Contributor III

This has worked well for me:

#!/bin/bash
targetUsername="ARDaccount"
privs="-all"

if [ "$targetUsername" != "" ]; then
    echo "Enabling Apple Remote Desktop Agent..."
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
    echo "Setting Remote Management Privileges for User: $targetUsername ..."
    /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -privs $privs -users $targetUsername
else
    echo "Error:  The parameter 'targetUsername' is blank.  Please specify a user."
fi

cpizanias
Contributor

@Josh.Smith So that works for me to fix the ARD issue if I push it as a package via Remote but if I include it as a script that runs as part of the image config it still gives me the issue of the correct preferences being set but not having ARD permissions.

cpizanias
Contributor

@MAD0oM Sadly does not resolve. 😕

dmw3
Contributor III

I push this script out as a policy and it resolves this issue with ARD:

https://jamfnation.jamfsoftware.com/viewProduct.html?id=12&view=scripts

Nix4Life
Valued Contributor

@cpizanias when does the script run? is it part of the image or a first boot? I have used the following "borrowed" script in my first boot since 10.10.1 and is currently working with 10.11.5. my local admin is part of my autoDMG image, not sure if that matters:

# Set Remote Management for the adminuser
################################
# adminUser = Admin User Name for Remote Access
adminUser=youradminusernamehere
# Define Remote Management Settings
privs="-DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings"
# Apply Remote Management
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users $adminUser -privs -all -restart -agent -menu

Josh_Smith
Contributor III

@cpizanias Make sure the script in your image configuration is set to run at reboot, or if you are deploying as a package have it "install on boot drive after imaging".

monaronyc
Contributor

Anyone know how to get the settings in the 'Computer Settings' drop down also scripted?

Apple Menu > System Preferences > Sharing > Remote Management > Computer Settings

We need the "Anyone may request permission to control screen' checked and 'VNC viewers may control screen with password: yada yada' checked and with password.