Skip to main content
Question

CIS Benchmark 2.4.7 Disable Bluetooth Sharing

  • October 18, 2017
  • 3 replies
  • 102 views
W
Forum|alt.badge.img+7

I've been making my way through configuring CIS benchmark restrictions. I've been able to find ways to implement turning off all other sharing preferences in the System Preferences > Sharing Pane, but Bluetooth sharing has been a bit off.

My goal is to either disable bluetooth sharing by configuration profile or policy and then set a restriction for the sharing pan altogether. I can't seem to find a way to disable bluetooth sharing through the terminal for macOS Sierra using the "defaults" command. I've also tried disabling it through a custom configuration profile, but have not been able to locate what domain this setting is a part of or what value is needed to disable it.

Any tips?

    3 replies

    golbiga
    Forum|alt.badge.img+21
    • golbiga
    • Employee
    • October 18, 2017

    Have you checked out Jamf Professional service's CIS Settings?

    Allen

      B
      Forum|alt.badge.img+5
      • bmodesitt
      • New Contributor
      • October 18, 2017

      This one is trickier than your typical defaults write, since it's a user-level ByHost plist. Here's a quick and dirty script:

      #!/bin/bash

hardwareUUID=$(system_profiler SPHardwareDataType | grep 'Hardware UUID:' | cut -d: -f2 | tr -d ' ')
user_homes=($(ls /Users))
for user_name in ${user_homes[@]}; do
        plist_file="/Users/$user_name/Library/Preferences/ByHost/com.apple.bluetooth.$hardwareUUID.plist"
        if [ -f "$plist_file" ]; then
            echo "Writing settings for $user_name.."
            defaults write "$plist_file" PrefKeyServicesEnabled -bool false
            chown $user_name $plist_file
        fi
done
killall blued
      W
      Forum|alt.badge.img+7
      • walts_9
      • Author
      • Contributor
      • October 19, 2017

      @golbiga Hmmm I have not seen that yet. I'll do some testing. I played around with it a bit and was having some issues re-mediating a few things. Unfortunately, bluetooth was one of the things I had trouble re-mediating. I'll keep testing though.

      @bmodesitt hmm this seemed to work. I'll have to take a look at a few of these commands and your workflow. This is a good teachable moment seeing as I'm a beginner at scripting.

      Terms & ConditionsCookie settingsAccessibility statement