Help

Can you prevent boot disk modification?

duffcalifornia
Contributor

Posted on ‎10-31-2016 09:20 AM - last edited on ‎03-04-2025 08:06 AM by Community Manager

I'm looking for a solution (script, plist modification, configuration profile, anything) that will allow a user to open Disk Utility to format external drives but not be allowed to modify the internal boot drive. Is there a way to do this that I'm missing?

0 Kudos
Reply
2 REPLIES 2

rhooper
Contributor III

Posted on ‎11-01-2016 04:42 AM

What about the EFI being set? This does not allow the user to boot to an external drive, Target Disk mode or Boot Camp without knowing the EFI password. But it allows me to load an external pen drive or other disk and format it.
You can do this in the JSS; Policies > Options > EFI>

0 Kudos
Reply

duffcalifornia
Contributor

Posted on ‎11-01-2016 06:33 AM

No, we don't care (ironically?) about what gets done with external data storage - this policy only mandates that internal storage must be encrypted. The concern is that we will encrypt a drive and it will report as encrypted, but a user will then add a partition. That would make the machine report back as only boot drives encrypted, which would leave us open to legal liability should the machine get stolen or lost.

0 Kudos
Reply
Back to Top