![]() ![]() I used the same logic to produce an extension attribute that returns the devices status. If RD is off and permissions are set, remove permissions. If RD is on and permissions are set, do nothing. If RD is on and permissions aren't set, run kickstart script via trigger. If RD is off and permissions arent set, do nothing (device is waiting for a MDM command). (Obviously if preMonterey, just run the command as is). If so, check what services are running and check if my admin accounts listed under its privs. The long and short of it is: I wrote a script that checks if the device is on MacOS 12 onwards. I worked my own solution together that's a little bit of a faff really - but it was fun to do. In the black screen state, I didn't fancy locating the device in JAMF, sending a 'disable ARD' command and page refresh (repeated twice to it turned to enable), then doing the same with the enable command, just to be able to access a device which I'd still have to kickstart again. Failing Unix commands and restart commands - it does get you past the black screen issue though. I spotted that if I'd already triggerred my kickstart ARD policy and then ran the MDM command, the privileges weren't applying to my admin account. ![]() With Monterey, you can only enable ARD via MDM command. I noticed issues with Monterey and suspect it's going to be this way going forward. That's an interesting way of handling it. If you have anything right now, we can try to work out a set of smart group criteria to scope these policies off of. You can then send another policy that reenables those services via the same payload and the following commands: /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -allUsers -privs -all -clientopts -setmenuextra -menuextra /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agentĪs for how to automatically trigger these policies to run, i'm not sure how you would be able to trigger off of that error type without some kind of bread crumb or push button action, that would be something to investigate further for sure. I've recently had to do a mass disabling of remote management and remote login services to my devices, which to do that I sent out a policy with the following in the Files and Processes -> Execute Command payload: systemsetup -f -setremotelogin off /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |