Help

Bluetooth Device Management - Restrict/Allow

MakeItSo
New Contributor

Posted on ‎02-23-2022 09:08 AM

Hi All!

Prior to my current role, Bluetooth restrictions seemed to be all or nothing. Either users were free to connect to various Keyboards, Mice and Headsets or not at all.

Now I have a mandate to allow specific, vendor approved Keyboards, Mice and Headsets...but nothing else via Bluetooth.

What is your preferred method of managing BlueTooth devices in macOS/Jamf?  BlueTooth must be enabled but not discoverable and auto-pairing/file transfer type functionality needs to be disabled. 3rd Party Product? Config Profile? Script? Some combination of the 3?

0 Kudos
Reply
3 REPLIES 3

YanW
Contributor III

‎02-23-2022 01:14 PM - edited ‎02-24-2022 04:12 AM

I'm currently working on this. I can't figure out how to just allow specific vendor/device to connect. The only way I found so far is to disable bluetooth with <key>DisableBluetooth</key> <true/> in com.apple.MCXBluetooth then, turn on when the user need to pair a new device but that's no ideal in our environment. 

I'm using this to turn off Bluetooth Sharing. It doesn't disable it though.

 

 

#!/bin/sh

currentUser=$(/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }')

btSharing=$(sudo -u "$currentUser" defaults -currentHost read com.apple.Bluetooth PrefKeyServicesEnabled -bool false)

if [ $btSharing = "1" ]; then

sudo -u "$currentUser" defaults -currentHost write com.apple.Bluetooth PrefKeyServicesEnabled -bool false

fi

exit 0

 

 

Turn off bluetooth if is on. 

 

 

#!/bin/sh

## 1 is ON, 0 is OFF
btStatus=`defaults read /Library/Preferences/com.apple.Bluetooth ControllerPowerState`

if [ "$btStatus" = "1" ]; then

	sudo defaults write /Library/Preferences/com.apple.Bluetooth ControllerPowerState -int 0 && \sudo pkill bluetoothd

fi
exit 0

 

 

 

 

Reply

YanW
Contributor III
In response to YanW

Posted on ‎02-24-2022 06:49 AM

Correction: com.apple.MCXBluetooth plist will completely disable it. The Configuration Profile Bluetooth Restriction will keep the paired devices but can't pair any new ones. 

0 Kudos
Reply

pcurtner
New Contributor II

Posted on ‎10-26-2023 04:06 PM

Since this topic just came up in my org, it's worth noting that Jamf Pro 10.50+ and macOS Sonoma will now have payloads to disable Bluetooth Sharing.

Slight build on @YanW 's EA above:

#!/bin/bash

# return current status of Bluetooth Sharing

# Bluetooth Sharing must have been previously enabled for this to return any numeric value regardless of current status
# otherwise, a non-zero value will be returned:
#
#   The domain/default pair of (com.apple.Bluetooth, PrefKeyServicesEnabled) does not exist


currentUser=$(stat -f%Su /dev/console)

state=$(sudo -u "$currentUser" defaults -currentHost read com.apple.Bluetooth PrefKeyServicesEnabled)

if [ "$state" = "1" ]; then
        status="Enabled"

elif [ "$state" = "0" ]; then
        status="Disabled"

elif [ -z "$state" ]; then
        status="Never Enabled"
fi

echo "<result>$status</result>"

exit 0

Tested on 12.7 - 14.1.

0 Kudos
Reply