Learn about turning on Remote Desktop on Mac computers using Kandji
What is Remote Desktop?
Remote Desktop on macOS gives you the flexibility to access and manage your Mac computers from a different location by leveraging Apple or other third-party tools to initiate screen sharing.
How does Remote Desktop work?
Remote Desktop leverages the virtual network computing (VNC) protocol to facilitate screen-sharing sessions between admin and client Mac computers. Kandji utilizes the EnableRemoteDesktop MDM command to allow all local users on the Mac to observe and control the device, which is the standard configuration set by macOS.
Once Remote Desktop is activated, you can use the following Apple tools to start a screen-sharing session, depending on your needs:
- Apple Remote Desktop - This is a comprehensive tool designed for managing multiple Mac computers remotely. It allows IT administrators to control screens, send files, and execute commands on client Macs.
- Screen Sharing - This built-in feature of macOS allows users to view and control another Mac's screen over the network. It is simple to set up and doesn't require additional software. However, it is typically limited to local network connections and offers basic functionality compared to Apple Remote Desktop
Enabling Remote Desktop in the Kandji Web App
- Navigate to the Device Record for the Mac you'd like to enable Remote Desktop on.
- Open the Device Action Menu, and select Turn on Remote Desktop.
Disabling Remote Desktop in the Kandji Web App
- Navigate to the Device Record for the Mac you'd like to disable Remote Desktop on.
- Open the Device Action Menu, and select Turn off Remote Desktop.
Enabling or Disabling Remote Desktop in Bulk
To enable or disable Remote Desktop on multiple devices at once, you can use the Device Actions API script (GitHub Link)
Customizing Permissions when Enabling Remote Desktop
Using the Turn on Remote Desktop device action enables all local users on the Mac to observe and control the device, which is the default configuration applied by macOS. To customize permissions more specifically, you can use the kickstart command-line utility included in macOS and deploy it as a Custom Script.
Please be aware that while the kickstart command can still be used to apply more detailed settings for Remote Desktop, it is no longer capable of enabling or disabling Remote Management starting from macOS 12.1 or later.
For instance, you can use the Audit Script from the Kandji support GitHub repository to ensure that Remote Desktop is configured with more detailed settings. If it is not configured as desired, you can utilize the Remediation Script from the same repository to grant full privileges only to a user with the username "ladmin." Refer to the comments in the script for further customization options, along with:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -h