-
-
Save nateware/3915757 to your computer and use it in GitHub Desktop.
# Step 1: Set priveleges | |
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -allUsers -privs -all | |
Starting... | |
Setting allow all users to YES. | |
Setting all users privileges to 1073742079. | |
Done. | |
# Step 2: Allow VNC clients | |
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvnclegacy -vnclegacy yes | |
Starting... | |
Set the client options. | |
Done. | |
# Step 3: Set VNC password (change it at the end of the line (i.e. don't use supersecret)) | |
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -clientopts -setvncpw -vncpw supersecret | |
Starting... | |
Set the client options. | |
Done. | |
# Step 4: Restart service | |
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent -console | |
Starting... | |
Stopped ARD Agent. | |
Stopped VNC Privilege Proxy | |
Stopped RFB Register MDNS | |
Done. | |
# Step 5: If no ARD services have been activated on the machine before, it is also necessary to run the following command | |
$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate | |
Starting... | |
Activated Remote Management. | |
Done. |
Super useful.
Super useful indeed. I was able to use this to log into a Circle CI instance to debug an issue via reverse ssh. Wouldn't have been able to figure out what was going on without this. Thanks.
Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences.
so sad
works well on 10.13.6, thanks
10.13.6, 10.14 - Does not work.
I'm currently working remote exclusively (Covid-19) and this saved me a trip to the office. (OS X 10.14.6)
The warning appears, but it actually works without "Screen Sharing" being enabled. Having "Remote Management" on apparently does the same thing.
Thanks for the note @aserraric! Glad to hear it was helpful.
I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.
I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.
Yup. You can enable/disable VNC from CLI but NOT set password. This may have started in Mojave possibly, but definitely
the case now in Catalina as of June 2020.
However, the VNC password (hash) set from the Sharing pane GUI is stored in a (root-owned) pref file in /Library/Preferences. This file can be managed via scripts if you have admin rights and are creative with SSH and scripting, and/or have a Mac management system such as Jamf etc.
Edit: typos.
Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:
- when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
- on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.
Do you have any idea why?
Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:
- when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
- on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.
Do you have any idea why?
I dont know. Sorry.
Hi, I'm currently testing the 10.15.4 as well. Indeed the change of the vnc password doesn't work on the command line.
But I have another particular behavior:
- when I enable VNC with the GUI, the remote access to the mac with Dameware from a Windows works perfectly.
- on the other hand when I enable VNC in command line, the connection is done on the mac but the screen is black, I can't do anything.
Do you have any idea why?
I dont know. Sorry.
you can add below to your script
perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8})./$1/; @p = unpack "C", $; foreach (@k) { printf "%02X", $ ^ (shift @p || 0) }; print " "' | sudo tee /Library/Preferences/com.apple.VNCSettings.txt")
I tested on 10.15.4. For whatever reason, -setvncpw -vncpw password seems to be setting the password to something else coz the vncviewer is getting authentication failure
But then I manually type the password into the system preferences > sharing > computer settings... > vnc viewer may control screen with password: without changing anything else that was done by the command line. Then the authentication started working.
This is very strange and just that last bit breaks the whole thing.
you can add below to your script
perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8})./$1/; @p = unpack "C", $; foreach (@k) { printf "%02X", $ ^ (shift @p || 0) }; print " "' | sudo tee /Library/Preferences/com.apple.VNCSettings.txt")
All this is nice but ... how do you solve the
"Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences."
issue ?
I'm actually doing ssh to a Mac mini hosted on AWS EC2 ...
All this is nice but ... how do you solve the
"Warning: macos 10.14 and later only allows control if Screen Sharing is enabled through System Preferences."
issue ?I'm actually doing ssh to a Mac mini hosted on AWS EC2 ...
This video https://www.youtube.com/watch?v=FtU2_bBfSgM and this gist explain that nicely: https://gist.github.com/sebsto/6af5bf3acaf25c00dd938c3bbe722cc1
@nateware you just saved my day (20.5hrs)
worked on
Amazon EC2 macOS Catalina 10.15.7, and
Amazon EC2 macOS Mojave
endpoint details are - IP, Username, Pass
Great script. It's working on BigSur too.
% uname -a
Darwin ip-172-31-30-21.us-east-2.compute.internal 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:07:06 PST 2021; root:xnu-7195.81.3~1/RELEASE_X86_64 x86_64
Love this script, have used it a few times to get me out of trouble.
On Mac OS 12.3 Any advice on how this works now? I get the following errors and I am able to login but get a black screen.
Trying to read up on this MDM configuration stuff but sounds relatively new and I'm not a Mac person so I'm not very familiar with how to manage these machines from a fully remote setting.
Screen recording might be disabled. Screen Sharing or Remote Management must be enabled from System Preferences or via MDM.
Screen control might be disabled. Screen Sharing or Remote Management must be enabled from System Preferences or via MDM.
On Mac OS 12.3 Any advice on how this works now? I get the following errors and I am able to login but get a black screen.
Trying to read up on this MDM configuration stuff but sounds relatively new and I'm not a Mac person so I'm not very familiar with how to manage these machines from a fully remote setting.
Screen recording might be disabled. Screen Sharing or Remote Management must be enabled from System Preferences or via MDM. Screen control might be disabled. Screen Sharing or Remote Management must be enabled from System Preferences or via MDM.
Similar issue. Not a Mac user and would definitely appreciate any suggestion to enable the built-in VNC server via terminal.
Related: https://support.jumpdesktop.com/hc/en-us/articles/216425923-Mac-How-do-I-enable-the-VNC-Server-built-into-the-Mac-
how to define headless resoulution?
Here is a script to set VNC password in macos 10.14 and later:
echo runnerrdp | perl -we 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; $_ = <>; chomp; s/^(.{8}).*/$1/; @p = unpack "C*", $_; foreach (@k) { printf "%02X", $_ ^ (shift @p || 0) }; print "\n"' | sudo tee /Library/Preferences/com.apple.VNCSettings.txt
Origin: https://raw.githubusercontent.com/JohnnyNetsec/github-vm/main/mac/start.sh
Thanks a bunch for this. My headless Mac Pro was showing a grey screen via Screen Share and it came right back after running these commands.