VNC Restriction/disabling for Mojave

New Contributor II

So I've been tasked with restricting VNC for all users. This includes not neutering "Go To Server" so that folks can use the other services if needed, and not completely disabling the Sharing preferences for the same reason. In addition it needs too be a policy that can exclude certain users in the Q&A team who need to VNC to test boxes.

I know that Kickstart is problematic in Mojave, therefore the following article may only be marginably helpful:

I'm aware that there is a plist out there that will enable certain features of kickstart and have a rough draft version installed, but here are my questions:

  • Anybody out there have experience with this workflow and how successful has it been?

  • Any other graceful solutions?


New Contributor II

Using the following feature in the kickstart disables VNC viewers may control screen with password in Remote Management > Computer Settings...

-clientopts -setvnclegacy -vnclegacy no