Start Mac VNC server from command line

gistfile1.txt

# Step 1: Set priveleges

$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -allUsers -privs -all

Starting...
Setting allow all users to YES.
Setting all users privileges to 1073742079.
Done.

# Step 2: Allow VNC clients

$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvnclegacy -vnclegacy yes 

Starting...
Set the client options.
Done.

# Step 3: Set VNC password (change it at the end of the line (i.e. don't use supersecret))

$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvncpw -vncpw supersecret

Starting...
Set the client options.
Done.


# Step 4: Restart service

$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -console

Starting...
Stopped ARD Agent.
Stopped VNC Privilege Proxy
Stopped RFB Register MDNS
Done.


# Step 5: If no ARD services have been activated on the machine before, it is also necessary to run the following command

$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate

Starting...
Activated Remote Management.
Done.

Thanks a bunch for this. My headless Mac Pro was showing a grey screen via Screen Share and it came right back after running these commands.

Super useful.

Super useful indeed. I was able to use this to log into a Circle CI instance to debug an issue via reverse ssh. Wouldn't have been able to figure out what was going on without this. Thanks.

Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences.

so sad

works well on 10.13.6, thanks

10.13.6, 10.14 - Does not work.

I'm currently working remote exclusively (Covid-19) and this saved me a trip to the office. (OS X 10.14.6)
The warning appears, but it actually works without "Screen Sharing" being enabled. Having "Remote Management" on apparently does the same thing.

Thanks for the note @aserraric! Glad to hear it was helpful.

I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.

I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.

Yup. You can enable/disable VNC from CLI but NOT set password. This may have started in Mojave possibly, but definitely
the case now in Catalina as of June 2020.

However, the VNC password (hash) set from the Sharing pane GUI is stored in a (root-owned) pref file in /Library/Preferences. This file can be managed via scripts if you have admin rights and are creative with SSH and scripting, and/or have a Mac management system such as Jamf etc.

Edit: typos.

Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:

• when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
• on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.

Do you have any idea why?

Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:

• when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
• on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.

Do you have any idea why?

I dont know. Sorry.

Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:

• when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
• on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.

Do you have any idea why?

I dont know. Sorry.

you can add below to your script

perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8})./$1/; @p = unpack "C", $; foreach (@k) { printf "%02X", $ ^ (shift @p || 0) }; print " "' | sudo tee /Library/Preferences/com.apple.VNCSettings.txt")

I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.

you can add below to your script

perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8})./$1/; @p = unpack "C", $; foreach (@k) { printf "%02X", $ ^ (shift @p || 0) }; print " "' | sudo tee /Library/Preferences/com.apple.VNCSettings.txt")

All this is nice but ... how do you solve the
"Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences."
issue ?

I'm actually doing ssh to a Mac mini hosted on AWS EC2 ...

All this is nice but ... how do you solve the
"Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences."
issue ?

I'm actually doing ssh to a Mac mini hosted on AWS EC2 ...

This video https://www.youtube.com/watch?v=FtU2_bBfSgM and this gist explain that nicely: https://gist.github.com/sebsto/6af5bf3acaf25c00dd938c3bbe722cc1

@nateware you just saved my day (20.5hrs)
worked on
Amazon EC2 macOS Catalina 10.15.7, and
Amazon EC2 macOS Mojave

endpoint details are - IP, Username, Pass

Great script. It's working on BigSur too.

% uname -a
Darwin ip-172-31-30-21.us-east-2.compute.internal 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:07:06 PST 2021; root:xnu-7195.81.3~1/RELEASE_X86_64 x86_64