A Script to Disable Handoff

bmarks
Contributor II

I could find any other info about this, so I figured I'd post this script that I created for disabling Handoff without using the GUI. There are two settings that need to change, and they are located inside a plist file in: ~/Library/Preferences/ByHost

We use this in conjunction with a launchdaemon to make sure that this stays disabled for our users.

#!/bin/bash

loggedInUser=$(ls -l /dev/console | awk '{ print $3 }')
uuid=$(/usr/sbin/system_profiler SPHardwareDataType | grep "Hardware UUID" | cut -c22-57)
handoff1=$(defaults read /Users/$loggedInUser/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.$uuid.plist ActivityAdvertisingAllowed)
handoff2=$(defaults read /Users/$loggedInUser/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.$uuid.plist ActivityReceivingAllowed)
echo "$handoff1"
echo "$handoff2"

if [[ "$handoff1" == "0" || "$handoff2" == 0 ]]; then echo "Exit Message: OK" exit 0
else defaults write /Users/$loggedInUser/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.$uuid.plist ActivityAdvertisingAllowed -bool no defaults write /Users/$loggedInUser/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.$uuid.plist ActivityReceivingAllowed -bool no echo "Exit Message: Handoff Disabled"
fi
exit 1

24 REPLIES 24

bpavlov
Honored Contributor

Thanks for sharing. I haven't thought this through completely but I'm curious, why would you want to disable Handoff? I take it there's something it does that creates a problem. But what is that problem? Again, I haven't given this much thought but figured I'd ask to get your perspective.

bmarks
Contributor II

Our Security team was concerned that customer data could easily pop up on non-company-owned computers/devices. We don't prevent our users from enabling iCloud, so the thought was that an email or a document that was in the process of being composed on a work computer could inadvertently get copied to a user's personal Mac or iOS device. Rather than educate our users not to do this, we created a launchdaemon to turn Handoff off on OS X.

Sean_Polden
Contributor

While your concerns are valid, there may not be a need to worry.

As handoff relies on both (or multiple) devices being signed in with the same iCloud account AND being in 30 ft proximity of each other with bluetooth enabled (also must support BT LE) AND need to be on the same network/subnet, pretty sure unless all this is met, handoff will not work.

Also documents/mail will not handoff to another device unless the end user interacts with the receiving device to tell it to pick up the document/mail via handoff.

- Sean

pblake
Contributor II

@bmarks - How is this working for you? Well? The launchdaemon you used, how often do you have it set to run for it to be effective? Any help would be appreciated.

Kyuubi
Contributor

Does this script work on Yosemite? Has anyone tried an Automator App?

evobe
New Contributor II

This script seems to be working with some modifications in El Capitan. Our problem is that the first pass through produces a file not found error. Then if handoff is enabled it won't always reliably disable. Not sure what the reason for that is. We set the option to be && and not ||. How is it working in your environment?

bmarks
Contributor II

(EDIT: Actually, the below info may have always been the case. With that said, I had no issues running it as-is on El Capitan.)

I wonder if you need to run it with elevated privileges since there's a command in the script that's now in a SIP-protected directory. I got the following output just now without sudo'ing first:

2016-02-08 10:12:52.901 defaults[9771:4745243] 
The domain/default pair of (/Users/bmarks/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.A66713F0-EF1E-5CFA-8E9C-60755DFCE01B.plist, ActivityAdvertisingAllowed) does not exist
2016-02-08 10:12:52.960 defaults[9772:4745267] 
The domain/default pair of (/Users/bmarks/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.A66713F0-EF1E-5CFA-8E9C-60755DFCE01B.plist, ActivityReceivingAllowed) does not exist

However, I get the expected results if I elevate to root privileges.

evobe
New Contributor II

We experienced the exact same issues and elevating privileges helped as well. Thanks for the info, works in El Capitan for sure.

p4gs
New Contributor

This script runs sucessfully for me with elevated privileges on El Capitan (10.11.3). However, when I go to System Preferences > General, Handoff is still enabled. Anyone else notice that?

Also, has anyone tried adapting this as an MDM profile and had success?

djdavetrouble
Contributor III

How are you running this as a policy? I tried to trigger at login, but absolutely nothing happens...

thoule
Valued Contributor II

I modified the script a bit to hit up all users on the local machine and to change things only when they need it. A big thing was the script was set to turn off only if turned on (if missing, fail miserably).

#!/bin/bash

LocalHomes=$(/usr/bin/dscl . -list /Users NFSHomeDirectory | grep -v /var/ | grep -v /Library/ | awk '$2 ~ /^// {print $2;}')
uuid=$(/usr/sbin/system_profiler SPHardwareDataType | grep "Hardware UUID" | cut -c22-57)

for OneHome in $LocalHomes; do
    handoff1=$(defaults read $OneHome/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.$uuid.plist ActivityAdvertisingAllowed)
    handoff2=$(defaults read $OneHome/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.$uuid.plist ActivityReceivingAllowed)

    if [[ "$handoff1" != "0" ]]; then
        defaults write $OneHome/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.$uuid.plist ActivityAdvertisingAllowed -bool no
    fi

    if [ "$handoff2" != "0" ]; then
        defaults write $OneHome/Library/Preferences/ByHost/com.apple.coreservices.lsuseractivityd.$uuid.plist ActivityReceivingAllowed -bool no
    fi
done

Dalmatian
Contributor

this script doesn't work for me neither on 10.11 nor 10.12

any ideas?

i've got the same output of it doesn't exsit.

jcarr
Contributor III

I modified the above script to allow for two policies; one to disable and another to enable handoff on macOS Sierra devices (to facilitate high stakes testing).

Disable Handoff for all users:

#!/bin/bash

LocalHomes=$(/usr/bin/dscl . -list /Users NFSHomeDirectory | grep -v /var/ | grep -v /Library/ | awk '$2 ~ /^// {print $2;}')

for OneHome in $LocalHomes; do
    userName=$(/bin/echo $OneHome | awk -F "/" '{print $NF;}')
    sudo -u $userName defaults write $OneHome/Library/Preferences/ByHost/com.apple.coreservices.useractivityd.plist ActivityAdvertisingAllowed -bool no
    sudo -u $userName defaults write $OneHome/Library/Preferences/ByHost/com.apple.coreservices.useractivityd.plist ActivityReceivingAllowed -bool no
done

Enable Handoff for all users:

#!/bin/bash

LocalHomes=$(/usr/bin/dscl . -list /Users NFSHomeDirectory | grep -v /var/ | grep -v /Library/ | awk '$2 ~ /^// {print $2;}')

for OneHome in $LocalHomes; do
    userName=$(/bin/echo $OneHome | awk -F "/" '{print $NF;}')
    sudo -u $userName defaults write $OneHome/Library/Preferences/ByHost/com.apple.coreservices.useractivityd.plist ActivityAdvertisingAllowed -bool yes
    sudo -u $userName defaults write $OneHome/Library/Preferences/ByHost/com.apple.coreservices.useractivityd.plist ActivityReceivingAllowed -bool yes
done

Dinnerticketboy
New Contributor III

Just tried the 'Disable Handoff' script on Sierra 10.12.5 and it doesn't seem to do anything.
'System Preferences', 'General' - still showing the tick within 'Allow Handoff between this Mac and your iCloud devices'

Dinnerticketboy
New Contributor III

Oops! the script does work, just needs user to logoff/restart to take effect.

Does anyone know of a way to actually disable this options via configuration profile, so the user can't switch it on again themselves?
Thanks in advance

paulskinner
New Contributor

jcarr's scripts work here. Thanks!

Habib-Rahman
New Contributor II

Hi Everyone I used the script and also did a restart this didn't work. Any ideas, please?  

Use a Configuration Profile.
Restrictions Payload
Under the tab Functionality
uncheck Allow Handoff (macOS 10.15 or later)

burdett_0-1630510693652.png

 

 

Hi @burdett - thank you for your replay I have this already in place and it seems this doesn't work, I have applied the scope to my MAC to see if this works and it still showing as ticketed on, and then I used the scripts provided above and still not working. Any other ideas would be really helpful? Thank you.  

Habib-Rahman
New Contributor II

I have a way of using the terminal to do this - 

sudo -u $(whoami) defaults write "$HOME/Library/Preferences/ByHost/com.apple.coreservices.useractivityd.plist" ActivityAdvertisingAllowed -bool no

this seems to work now I need to find a way to imbed this in JAMF so we do not need to do this manually.

burdett
Contributor

@Habib-Rahman, sorry I over looked were your were using macOS Sierra 10.12.5,  Configuration profiles need macOS 10.15 or later.  

For this system  create a policy in jamf, choose options -> Files and Processes,  add your command in the field "Execute Command".  Choose options -> General,  -> Execution Frequency, set to run once per user per computer. In the scope add your device.   This should Disable Handoff.  

Habib-Rahman
New Contributor II

Hi @burdett thank you for the advice I did what you said and done many restarts however this still not working. Screenshot 2021-09-07 at 19.48.34.png

It still shows as enabled however when I run this command manually i works:

 

sudo -u $(whoami) defaults write "$HOME/Library/Preferences/ByHost/com.apple.coreservices.useractivityd.plist" ActivityAdvertisingAllowed -bool no

 

 

I even have a Configuration Profiles >> Restrictions >> Functionality >>Allow Handoff (macOS 10.15 or later)

Screenshot 2021-09-07 at 19.59.16.png

Even though I have turned it off, nothing seems like it's working? any ideas what else I can do please? 

Thank you so much.

Habib 

 

burdett
Contributor

Habib-Rahman, When JAMF runs a command it runs it as an elevated account using the JAMF manager account.   I don't think

sudo -u $(whoami)

is returning the correct value.   For these older macOS < 10.15 I would create and test the script  thoule posted on ‎09-02-2016. This scrip is using a different method for setting the path for the users home folder.   For devices running current macOS > 10.52, Use a Configuration Profile with Restrictions Payload and uncheck uncheck Allow Handoff.

Hi @burdett - thank you for your reply I have macOS > 10.52, Use a Configuration Profile with Restrictions Payload and uncheck Allow Handoff, however it seems still not to be working as well, I have tested multiple times with different variants however for some this doesn’t seem to work. 

When you run this command on terminal it works defaults -currentHost write com.apple.coreservices.useractivityd ActivityAdvertisingAllowed -bool no

 But when I do the  Configuration Profiles >> Restrictions >> Functionality >>Allow Handoff (macOS 10.15 or later) nothing seems to happen.

 

Screenshot 2021-09-14 at 09.32.45.png