Use the kickstart command-line utility on macOS Mojave 10.14

To control a remote Mac with Screen Sharing, turn on Remote Management on the target device. Or use these steps to manage devices that are enrolled in Mobile Device Management (MDM).

For increased security in macOS 10.14, Screen Sharing gives you view-only access when you use the kickstart command-line tool to enable Remote Management on a Mac. If you want to both view and control the remote Mac with Screen Sharing, open System Preferences on the target Mac, click Sharing, then select the Remote Management checkbox. If Remote Management is already selected, deselect it and select it again.

Use Screen Sharing to control a Mac that's enrolled in MDM

If your Mac is enrolled in Mobile Device Management (MDM) via User Approved MDM enrollment or via Device Enrollment, you can allow the Mac to be controlled with Screen Sharing.

  1. Use kickstart to enable Remote Management.
  2. Use the Privacy Preferences Policy Control payload. Use the PostEvent key and set the the Identifier string to com.apple.screensharing.agent. Set the IdentifierType string to bundleID.

Here's an example com.apple.TCC.configuration-profile-policy payload that you can use as part of a configuration profile:

<key>Services</key>
<dict>
  <key>PostEvent</key>
  <array>
    <dict>
      <key>Allowed</key>
      <true/>
      <key>CodeRequirement</key>
      <string>identifier "com.apple.screensharing.agent" and anchor apple</string>
      <key>Comment</key>
      <string>Allow Control mode when starting Remote Management via kickstart</string>
      <key>Identifier</key>
      <string>com.apple.screensharing.agent</string>
      <key>IdentifierType</key>
      <string>bundleID</string>
    </dict>
  </array>
</dict>
Published Date: