2.4.9 Disable Remote Management

Information

Remote Management is the client portion of Apple Remote Desktop (ARD). Remote Management can be used by remote administrators to view the current Screen, install software, report on, and generally manage client Macs.

The screen sharing options in Remote Management are identical to those in the Screen Sharing section. In fact, only one of the two can be configured. If Remote Management is used, refer to the Screen Sharing section above on issues regard screen sharing.

Remote Management should only be enabled when a Directory is in place to manage the accounts with access. Computers will be available on port 5900 on a macOS System and could accept connections from untrusted hosts depending on the configuration, definitely a concern for mobile systems.

Rationale:

Remote management should only be enabled on trusted networks with strong user controls present in a Directory system. Mobile devices without strict controls are vulnerable to exploit and monitoring.

Impact:

Many organizations utilize ARD for client management.

Solution

Perform the following to disable remote management:
Graphical Method:

Open System Preferences

Sharing

Uncheck Remote Management

Terminal Method:
Run the following command to disable remote management:

$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop

Starting...
Removed preference to start ARD after reboot.
Done.

Additional Information:

/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -help

See Also

https://workbench.cisecurity.org/files/3197

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CSCv7|4.3, CSCv7|9.2, CSCv7|14.3

Plugin: Unix

Control ID: 0ed70c8ffd9d6b5f410f9976688667ce9a8f3ed8b845404705cdcbd95c91f323