Mac OSX - Restart VNC Server over SSH

mac_restart_vnc_over_ssh.md

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent

Additional Commands from Apple Website:

• Original Apple Support Site Link
• Google Cache Link
• Web Archive Link

Sample commands

The commands in this article work with Apple Remote Desktop 3.2 and later.

Restart the ARD Agent and helper:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent

Turn on Remote Desktop Sharing, allow access for all users, and enable the menu extra:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -allUsers -privs -all -clientopts -setmenuextra -menuextra yes

Turn on Remote Desktop Sharing, allow access for specified users:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers

You must use the -configure, -access, and -privs options in a separate command to specify the set of users and their access privileges. For example, this command is for users with the short names "teacher" and “student." It gives them access to observe (but not control) the computer, and to send text messages:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users teacher,student -access -on -privs -ControlObserve -ObserveOnly -TextMessages

Unlike other kickstart options, you can’t combine the allowAccessFor options with other kickstart options. You must use it as in the last two samples above. You might have to call kickstart more than once to finish a computer’s setup. Remove access privileges for specified users ("student" in this example):

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -users student -access -off

Disable ARD Agent and remove access privileges for all users:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off

Yep, it's a good idea to undo FDA post-upgrade. Though, I'll postpone troubleshooting until I get a machine that I can crash w/o consequences :)

Some of the automation is built on top of this collection https://github.com/samdoran/ansible-collection-macos (maintained by a former colleague of mine who was in charge of the Ansible Core CI infra before me). I'm hoping to open up the playbooks for making macOS VMs / host upgrades at some point — the only reason they are in a private repo are historical and that it may contain some sensitive data in the Git tree that nobody audited...

@webknjaz

Fixed the original script.

Oh shit, you've got impressive work going man!Please excuse me for digging into your history. I've used cherrypy quite a bit in the past. I didn't realize you were a primary developer of ansible, that's sick!

Unless its a personal project you're working on, I'm surprised an org as large as redhat couldn't provide you with resources to test that :p That statement should be taken lightly/jokingly

I can't make any promises on this, but if you're able to wait I might be able to test it for you, if you'd like to work on it together. I have an old mac floating around that could use a bit of help with upgrading. I just have to find it first. I'd also like to get back into ansible, part of another effort I'm working on is slightly reinventing the wheel with regards to system management, and I think ansible has the right amount of customization through modules to achieve some of the more case specific needs.

Again I would need some time, I have more pressing priorities that need to be taken care of.

Let me know if that sounds interesting to you

Oh shit, you've got impressive work going man!Please excuse me for digging into your history. I've used cherrypy quite a bit in the past. I didn't realize you were a primary developer of ansible, that's sick!

Yeah, thanks :) I'm not alone on most of the projects, though, that's always team work! I'm one of like a dozen people on the Ansible Core Team, for example. In case of CherryPy, there's other people with the commit bit (I think I was the last maintainer to gain access but it's not being developed very actively).

Unless its a personal project you're working on, I'm surprised an org as large as redhat couldn't provide you with resources to test that :p That statement should be taken lightly/jokingly

There's a lot of bureaucracy around such things but I'm going to request a mac mini at some point to have access to breaking stuff w/o breaking remote machines that power our CI :D
I haven't requested it because the workaround of asking the support to click a few things locally worked and then the priorities shifted temporarily..

The project is managing said CI for ansible/ansible and a lot of community collection projects. So it's on the intersection of work-work and community contributions/support.

I can't make any promises on this, but if you're able to wait I might be able to test it for you, if you'd like to work on it together. I have an old mac floating around that could use a bit of help with upgrading. I just have to find it first.

Don't worry, it's something I addressed for now and will figure out later when I return to poking macos (it works for now). Maybe I'll get to extracting more automation for publishing in the open one day...

I'd also like to get back into ansible, part of another effort I'm working on is slightly reinventing the wheel with regards to system management, and I think ansible has the right amount of customization through modules to achieve some of the more case specific needs.

In that case, you may find some of my laptop automation @ https://github.com/webknjaz/ansible-gentoo-laptop, with hacks varying from "oh, that's curious" to "don't repeat this at home" :)
I think that some of the userspace setup I have (like the github repo clones layout) is nice, though.

Again I would need some time, I have more pressing priorities that need to be taken care of.

Let me know if that sounds interesting to you

Thanks for the offer! It's not as urgent and should be covered by RH when I ask for it (I kept postponing replying here until I forgot for a while..)

I was mostly sharing the observations to keep a public record of findings that I couldn't locate on the internet before poking around myself, in hopes that this will help somebody googling in the future.