Learn about turning on Remote Desktop on Mac computers using Kandji
Enabling Remote Desktop turns on the ability to both observe and control the Mac for all local users, but does not initiate a VNC or Screen Sharing connection. Tools like Apple Remote Desktop or Screen Sharing can be used to screen share to a target device. Third party tools are also available.
Using the Turn on Remote Desktop action in the device actions menu for eligible Mac computers sends an MDM command that turns on the ability to both observe and control the Mac for all local users on the Mac. This is the default configuration applied by macOS when it receives this MDM command from Kandji.
To more granularly customize permissions, the kickstart command-line utility included in macOS can be used and be deployed as a Custom Script.
Please note that while the kickstart command can be used to perform more granular settings to Remote Desktop, it can no longer be used to enabled or disable Remote Management as of macOS 12.1 or later.
For example, you can use the Audit Script available on the Kandji support GitHub repository to ensure Remote Desktop is configured more granularly.
And if not, you can use the Remediation Script available on the Kandji support GitHub repository to allow only a user with the username of "ladmin" to have full privileges. See the comments in the script for additional customization options, along with:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -h