Help

Trying to improve 0 touch deployment

moulson13
New Contributor

Posted on ‎08-01-2024 06:46 AM

Hi there,

 I have recently started a new roll and am trying to fix up the JAMF instance on site. One thing that is really bothering me is that through deployment I need to have the user(s) enable Remote Management. I keep getting the error 

On Macs with macOS 13 and onwards, Jamf is no longer able to automatically enable Remote Management. If you haven't already, please do so manually before proceeding forward with deployment.

Im sure this is great from a security standpoint for users however, when sending computers to users and asking them to do that is a bit of a headache.

I guess what Im asking is, is there a way around this error/warning and a way to enable this with out relaying on the user?

Thank you.  

0 Kudos
5 REPLIES 5

AJPinto
Honored Contributor III

Posted on ‎08-01-2024 07:06 AM

If you are new to Apple management, one word of advice. You do it Apples way, or you don't do it at all. Apple no longer allows Remote Management to be enabled programmatically, there is no way around this or to force it. You can enable Screen Sharing with an MDM command on Supervised Devices which allows you to use ARD or Screen Sharing to access a device for support situations which really has nothing to do with deployment.

 

What is your current deployment process? 

0 Kudos

mschlosser
Contributor II

Posted on ‎08-01-2024 07:31 AM

Remote connection to the gui is sort of a 'nice to have feature', but not strictly necessary in my opinion; as you did deeper into jamf function, you'll find there is almost always a way to do what you need, whether they be PPPC Payloads, or package installs, with scripts, or standalone scripts or the commands apple builds into the command line.

If you GUI connections as and absolute last resort, and typically not necessary, you'll start to like jamf and apple's method's a lot more.

i've come other believe that if I have to touch a user's mac, something went wrong, art sounds goofy, but i find it helps to view every issue, no matter what it is, how would I do this, if i couldn't touch the computer?

M

0 Kudos

AJPinto
Honored Contributor III
In response to mschlosser

Posted on ‎08-01-2024 09:12 AM

Apple protects screen recording permissions pretty hard. You can toggle Screen Recording off and on for supervised devices as a mass action or in the inventory record, it must be an MDM command so this cannot be scripted beyond scripting Jamf API commands to do this. Once Screen Recording has been enabled, you can use shell scripts to change who has access to what.

 

PrivacyPreferencesPolicyControl.Services | Apple Developer Documentation

mschlosser
Contributor II
In response to AJPinto

Posted on ‎08-01-2024 09:30 AM

ah, thats a good point, good to know that some of those things are being added back as mass actions.

0 Kudos

obi-k
Valued Contributor III

Posted on ‎08-01-2024 08:15 AM

Your mileage may vary, but here's a Jamf Script:

https://github.com/jamf/Jamf-Nation-Scripts/blob/master/enableARD.sh

You just need to enter your "targetUsername" in the script.

0 Kudos