kickstart - macOS

Overview

The kickstart command on macOS is used to enable, disable, and manage Apple Remote Desktop (ARD), a technology allowing remote management of macOS systems. This command is primarily used by system administrators to configure ARD-related settings directly from the command line to set up systems for remote access, install software updates, or perform inventory tasks on multiple Macs from a central location.

Syntax

The basic syntax of the kickstart command is as follows:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart [options]

Admin privileges are required to use the kickstart command, so it is typically prefaced with sudo.

Options/Flags

  • -activate: Activates ARD agent and helper.
  • -deactivate: Deactivates ARD agent and stops the service.
  • -configure: Used to specify configuration options like users, access privileges, and restarts.
    • -allowAccessFor: Defines users who can access ARD (-allUsers, -specifiedUsers).
    • -access: Defines specific access privileges (-on, -off, -privs).
    • -users: Specifies users when using -specifiedUsers.
    • -restart: Restarts ARD agent after configuration changes.
    • -stop: Stops the ARD agent.
  • -status: Displays the status of ARD, showing whether it’s active and if so, which users have access.

Default values depend on the system defaults or last configured settings using kickstart.

Examples

  1. Activating ARD for all users:

    sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -allowAccessFor -allUsers

  2. Deactivating ARD:

    sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop

  3. Grant specific users access with specific privileges:

    sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -users admin,user1 -access -on -privs -all -restart

Common Issues

  • Permission Issues: Users might face permission issues if they do not use sudo or lack administrative privileges.
  • User Configuration Conflicts: Incorrect user names or privilege settings can lead to access issues. Always double-check user names and assigned privileges.

Integration

kickstart can be integrated with other macOS administrative tools such as cron for scheduling tasks or combined with ssh for executing remote configurations on multiple machines:

Example of remote execution:

ssh admin@remoteMac 'sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users admin'
  • ssh: Secure shell for running commands on remote machines.
  • cron: Time-based job scheduler in Unix-like operating systems.

Further reading on Remote Management can be found in the Apple Remote Desktop Administrator’s Guide.