Disable Remote Management

What the Apple Remote Desktop disabler does

This Automox Worklet™ disables Apple Remote Desktop on macOS endpoints by deactivating the ARDAgent service. The Worklet calls Apple's built-in kickstart binary at /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart with the -deactivate and -stop flags. That single command terminates the running ARDAgent process, removes the Remote Management state, and turns off the Sharing pane's Remote Management toggle without requiring a reboot.

The evaluation script uses pgrep ARDAgent to detect whether the agent is currently listening. If ARDAgent is running, the Worklet exits 1 and remediation is scheduled. If the process is absent, the Worklet exits 0 and reports the endpoint as compliant. The check is idempotent and safe to schedule on a recurring policy, so endpoints that re-enable Remote Management through System Settings, MDM drift, or a help-desk action are caught on the next evaluation cycle.

The Worklet targets ARDAgent specifically because it is the single process that backs every Apple Remote Desktop capability: VNC-style screen control, observe-only screen sharing, file copy, and the historically exploited -sendUnixCommand path. Stopping ARDAgent is the supported Apple method for fully turning Remote Management off from the command line.

Why disable Apple Remote Desktop on macOS

Apple Remote Desktop has a documented history as a macOS attack vector. The ARDAgent process exposes a privileged AppleScript interface that historically accepted -sendUnixCommand with root execution, and Remote Management ports (3283/UDP and 5900/TCP) are routinely scanned on the public internet. CIS Benchmark control 2.4.13 explicitly requires Remote Management to be disabled on managed Mac endpoints, and most Mac hardening baselines (mSCP, NIST 800-53 AC-17, SOC 2 CC6.6) treat an enabled ARDAgent as a finding. Leaving Remote Management on a fleet that is already controlled by Automox or an MDM creates a parallel administrative path with weaker authentication than the management plane.

This Worklet runs /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop on every Mac in scope, which collapses the ARDAgent listener on ports 3283/UDP and 5900/TCP. A subsequent Mac that drifts back into Remote Management surfaces in the activity log at the next evaluation rather than waiting for a port scan or an audit. CIS Benchmark control 2.4.13 receives deterministic per-host evidence on each policy run.

How ARDAgent deactivation works

1. Evaluation phase: The Worklet runs pgrep ARDAgent and captures the exit code. Exit code 0 means the agent is running and the endpoint is non-compliant, so the script exits 1 to schedule remediation. Any non-zero pgrep result means ARDAgent is not listening, the endpoint is already in the desired state, and the Worklet exits 0 with the message 'Remote Management is already disabled.'

2. Remediation phase: The Worklet invokes /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart with the -deactivate and -stop arguments. kickstart -deactivate clears the active Remote Management configuration and the Sharing pane toggle, and -stop terminates the running ARDAgent process. The script echoes 'Remote Management is enabled. Disabling.' when ARDAgent was detected, and the next policy evaluation confirms compliance by finding no ARDAgent process.

Apple Remote Desktop hardening requirements

• macOS endpoint with bash available (the default shell on all supported macOS versions)

• Root privileges for the Automox agent so kickstart can write to /Library/Application Support/Apple/Remote Desktop and stop the LaunchDaemon (the default agent context already meets this)

• ARDAgent.app present at /System/Library/CoreServices/RemoteManagement/ (shipped by default on every macOS release; the Worklet exits cleanly if the path is missing)

• Confirm that no business workflow depends on Apple Remote Desktop before broad deployment; if Apple's Remote Desktop client is the help-desk tool of record, pair this Worklet with an exemption group rather than disabling it fleet-wide

• Optional companion: a Worklet that also disables Remote Login (SSH) when the hardening baseline calls for closing both Sharing services together

Expected ARDAgent state after remediation

After remediation, ARDAgent is no longer running and Remote Management is off in System Settings under General → Sharing (or System Preferences → Sharing on older macOS releases). The Worklet's next evaluation finds no ARDAgent process and exits 0 without invoking kickstart, so the endpoint reports as compliant on every subsequent policy run. Network scans against ports 3283/UDP and 5900/TCP no longer show the macOS endpoint as a listening Remote Management host.

Validate on a pilot endpoint by running pgrep ARDAgent and confirming an empty result and exit code 1. Audit the Sharing pane and verify the Remote Management checkbox is cleared. For audit evidence, capture the Automox activity log for the policy run, the pgrep exit code from a manual re-check, and a screenshot of the Sharing pane. The remediation persists across reboots because kickstart -deactivate updates the underlying configuration rather than only stopping the process; an administrator must re-enable Remote Management through the Sharing pane or kickstart -activate before ARDAgent will return.