My suspicion is that the TCC database is involved. I have (so far) been unsuccessful in determining where the restricted access setting is stored. When you enable Screen Sharing manually in the ‘Sharing’ preference pane, it will grant full access.
This command will enable Screen Sharing access, but it will be observe only. You have to restart System Preferences to pick up the change in the UI. You can enable Screen Sharing (when ARD/Remote Management is disabled) from the command line with: $ sudo launchctl load -w /System/Library/LaunchDaemons/ This limitation extends to Screen Sharing. You can still use kickstart to disable Remote Management access. You can only manually enable the access privileges in the ‘Sharing’ preference pane, which requires administrator privileges to unlock. You get a nice (red) warning in the shell and when you go into the Remote Management preference pane, no active access is enabled. The kickstart tool will enable ARD access and configure the users but not enable any access privileges. If you rely on Apple Remote Desktop for remote control and remote assistance, this will disrupt your installation workflow. This continues Apple’s effort to require user interaction for every configuration that can provide on going access to sensitive data or the system a Mac, like User-Approved MDM and the new privacy controls. If you wish to control the Mac while sharing its screen, enable remote management in System Preferences. In macOS Mojave, Apple will restrict the functionality of kickstart:įor increased security, using the kickstart command to enable remote management on a Mac will only allow you to observe it when sharing its screen. Scripting OS X: Control Apple Remote Desktop Access with Munki.Apple Support: Use the kickstart command-line utility in Apple Remote Desktop.Mac Admins have been using the command line tool kickstart to enable and configure Apple Remote Desktop access on clients with scripts through a management system. The piece of information I want to focus on for this post affects Apple Remote Desktop client configuration (called ‘Remote Management’ in the ‘Sharing’ preference pane). Update: Apple has posted a new article describing how to avoid this with a Privacy Configuration Profile. You can test deployments with the public beta or developer release of Mojave right away. However, in contains a few firecrackers which will affect many Mac deployments. This article is not quite the bombshell that the infamous HT208020 for High Sierra is. Apple Support: Prepare your institution for iOS 12 or macOS Mojave.Last week, Apple posted one of the first support articles specifically for macOS Mojave: