Skip to main content

Greetings! We're trying to come to a "happy medium" for our users to prevent them from grabbing software willy-nilly. 

Our environment is:

  • Utilizing PreStage Enrollment
  • Monterey with some Big Sur leftovers, moving soon to Monterey and up
  • Users are admins

I've been able to come up with countermeasures to most of the truly problematic stuff users can do as admin but I'm getting stuck on blocking disk image. The restriction was dropped in Catalina, and I found some posts suggesting blocking the DiskImageMounter app. This seems to work; the app is blocked and the warning pops up.

But the image is mounted anyway.

Is this a speed thing? Mounting the image is happening quicker than the "kill process" feature works?

Has anyone had any success blocking this in Big Sur and up? 

Thanks!

@azimmer84 You _could_ try blocking the process aimed hdiutil which DiskImageMounter is calling to mount an image. You'll need to disable that block when you want to run the macOS Monterey upgrade as it will require mounting  disk image as part of the upgrade process.

Even though Config Profile > Restrictions > Media > Hard Disk Media > Disk Images is deprecated we still use it as it still works.  We have to enable it for our environment so some apps require DMGs. 

In your case uncheck it or check the Require Authentication

 

@azimmer84 You _could_ try blocking the process aimed hdiutil which DiskImageMounter is calling to mount an image. You'll need to disable that block when you want to run the macOS Monterey upgrade as it will require mounting  disk image as part of the upgrade process.


This works. It ejects the image moments after throwing the popup, rather than leaving it open. Hacky but robust, not likely to be suddenly dropped in Ventura.

This works. It ejects the image moments after throwing the popup, rather than leaving it open. Hacky but robust, not likely to be suddenly dropped in Ventura.


@azimmer84 I think you flagged the wrong post as an answer, what exactly works?

@azimmer84 I think you flagged the wrong post as an answer, what exactly works?


Your suggestion about blocking hdiutil seems best for us. New to these forums. Sorry if I hit the wrong button...

Your suggestion about blocking hdiutil seems best for us. New to these forums. Sorry if I hit the wrong button...


@azimmer84 Thanks. I was curious because I never tested it myself, and wanted to know if I should file it for potential future use :-)

Terms & ConditionsCookie settings