Remote Management is the client portion of Apple Remote Desktop (ARD). Remote Management can be used by remote administrators to view the current screen, install software, report on, and generally manage client Macs. The screen sharing options in Remote Management are identical to those in the Screen Sharing section. In fact, only one of the two can be configured. If Remote Management is used, refer to the Screen Sharing section above on issues regard screen sharing. Remote Management should only be enabled when a Directory is in place to manage the accounts with access. Computers will be available on port 5900 on a macOS System and could accept connections from untrusted hosts depending on the configuration, which is a major concern for mobile systems. As with other sharing options, an open port even for authorized management functions can be attacked, and both unauthorized access and Denial-of-Service vulnerabilities could be exploited. If remote management is required, the pf firewall should restrict access only to known, trusted management consoles. Remote management should not be used across the Internet without the use of a VPN tunnel. Rationale: Remote Management should only be enabled on trusted networks with strong user controls present in a Directory system. Mobile devices without strict controls are vulnerable to exploit and monitoring. Impact: Many organizations utilize ARD for client management. Remediation: Graphical Method: Perform the following steps to disable Remote Management: 1. Open System Settings 2. Select General 3. Select Sharing 4. Set Remote Management to disabled Terminal Method: Run the following command to disable Remote Management: $ /usr/bin/sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop Starting... Removed preference to start ARD after reboot. Done. NOTE: If this rule is patched, Remote Desktop will be blocked. Mac OS 13 has the limitation and expects Remote Management to be enabled only through UI. Please consider this before remediating the rule.

[Yes/No]

Remediation: Graphical Method: Perform the following steps to disable Remote Management: 1. Open System Settings 2. Select General 3. Select Sharing 4. Set Remote Management to disabled Terminal Method: Run the following command to disable Remote Management: $ /usr/bin/sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop Starting... Removed preference to start ARD after reboot. Done.