Skip to main content

Hi,

I'm trying to set the preference for Safari via a configuration profile. Is this possible with a config profile? I can't get it to take on Ventura.

Many thanks in advance.

Hey there, the CIS page actually shows that this can indeed be set with a config profile like yours. Note that the checkbox will not be disabled but if you uncheck it and relaunch Safari it'll be checked again.

Oh. I was off because I thought the box would be grayed out. Thanks, I tried it again and your right: It is checked again. Thanks, @jmahlman 

I did a script below, but the config profile is better.

 

#!/bin/sh

currentUser=$(ls -l /dev/console | awk '{print $3}')

sudo -u $currentUser /usr/bin/defaults write /Users/$currentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WebKitPreferences.privateClickMeasurementEnabled -bool true


exit 0

 

Wanted to put it out there that there is a bug with the current version of Jamf Compliance Editor which renders this control broken.  Took me quite a bit of time to solve this, going to report it to the GitHub to have their documentation updated.

You need to modify the Audit with this after the "result_value=$("

/usr/bin/profiles -P -o stdout | /usr/bin/grep '"WebKitPreferences.privateClickMeasurementEnabled" = 1' | /usr/bin/awk '{ if ($1) {print "1"} else {print "0"}}

 

#!/bin/bash #####----- Rule: os_safari_advertising_privacy_protection_enable -----##### ## Addresses the following NIST 800-53 controls: # * N/A rule_arch="" if [[ "$arch" == "$rule_arch" ]] || [[ -z "$rule_arch" ]]; then #echo 'Running the command to check the settings for: os_safari_advertising_privacy_protection_enable ...' | tee -a "$audit_log" unset result_value result_value=$(/usr/bin/profiles -P -o stdout | /usr/bin/grep '"WebKitPreferences.privateClickMeasurementEnabled" = 1' | /usr/bin/awk '{ if ($1) {print "1"} else {print "0"}}' ) # expected result {'integer': 1} # check to see if rule is exempt unset exempt unset exempt_reason exempt=$(/usr/bin/osascript -l JavaScript << EOS 2>/dev/null ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('org.cis_lvl1.audit').objectForKey('os_safari_advertising_privacy_protection_enable'))["exempt"] EOS ) exempt_reason=$(/usr/bin/osascript -l JavaScript << EOS 2>/dev/null ObjC.unwrap($.NSUserDefaults.alloc.initWithSuiteName('org.cis_lvl1.audit').objectForKey('os_safari_advertising_privacy_protection_enable'))["exempt_reason"] EOS ) if [[ $result_value == "1" ]]; then /bin/echo "$(date -u) os_safari_advertising_privacy_protection_enable passed (Result: $result_value, Expected: "{'integer': 1}")" | /usr/bin/tee -a "$audit_log" /usr/bin/defaults write "$audit_plist" os_safari_advertising_privacy_protection_enable -dict-add finding -bool NO /usr/bin/logger "mSCP: cis_lvl1 - os_safari_advertising_privacy_protection_enable passed (Result: $result_value, Expected: "{'integer': 1}")" else if [[ ! $exempt == "1" ]] || [[ -z $exempt ]];then /bin/echo "$(date -u) os_safari_advertising_privacy_protection_enable failed (Result: $result_value, Expected: "{'integer': 1}")" | /usr/bin/tee -a "$audit_log" /usr/bin/defaults write "$audit_plist" os_safari_advertising_privacy_protection_enable -dict-add finding -bool YES /usr/bin/logger "mSCP: cis_lvl1 - os_safari_advertising_privacy_protection_enable failed (Result: $result_value, Expected: "{'integer': 1}")" else /bin/echo "$(date -u) os_safari_advertising_privacy_protection_enable failed (Result: $result_value, Expected: "{'integer': 1}") - Exemption Allowed (Reason: "$exempt_reason")" | /usr/bin/tee -a "$audit_log" /usr/bin/defaults write "$audit_plist" os_safari_advertising_privacy_protection_enable -dict-add finding -bool YES /usr/bin/logger "mSCP: cis_lvl1 - os_safari_advertising_privacy_protection_enable failed (Result: $result_value, Expected: "{'integer': 1}") - Exemption Allowed (Reason: "$exempt_reason")" /bin/sleep 1 fi fi else /bin/echo "$(date -u) os_safari_advertising_privacy_protection_enable does not apply to this architechture" | tee -a "$audit_log" /usr/bin/defaults write "$audit_plist" os_safari_advertising_privacy_protection_enable -dict-add finding -bool NO fi

 

 

Terms & ConditionsCookie settingsAccessibility statement