Config Profile to Fully Disable Airdrop Mac OS Big Sur

Matt_Roy93
Contributor

I am looking for a way to fully disable Airdrop for CIS standard security reasons on our Macs, the typical 

defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES removes the option from finder but this option still lives in the go menu and the CIS check continues to fail.  Any Ideas or special config profiles people have created?
1 ACCEPTED SOLUTION

boberito
Valued Contributor

You should be using a configuration profile to block airdrop. 

https://github.com/usnistgov/macos_security/blob/main/rules/os/os_airdrop_disable.yaml 

But also after disabling you may have to logout or restart in order to get rid of everything and fully disable it.

View solution in original post

9 REPLIES 9

tlarkin
Honored Contributor

Yeah we block airdrop in the media restrictions and I think `sharingd` in the application firewall which is the bonjour process that Air Drop uses 

boberito
Valued Contributor

You should be using a configuration profile to block airdrop. 

https://github.com/usnistgov/macos_security/blob/main/rules/os/os_airdrop_disable.yaml 

But also after disabling you may have to logout or restart in order to get rid of everything and fully disable it.

Thank you for the link and info.

How do the YAML files in the link you provided work with Jamf? I hope you can help me answer. Thank you very much

user-nrEKyEeSDZ
New Contributor

Can you please provide Bash script

Hi, hello.
Thank you very much for your reply. I have tested using scripts or commands. The restart does not take effect. Of course it is because my equipment is controlled by Jamf. There is mutual exclusion in the restricted type of load. I refer to the Manual of Apple Platform Deployment, and the function of user description file push is normal. But be aware of the problem of being mutually exclusive in the same scope and payload type. So far I have solved this problem. This is done according to the Apple manual. https://support.apple.com/zh-cn/guide/deployment/dep01d95140c/1/web/1.0
————————————————————————————————
高亚静 售前工程师
北京和诚诺信科技有限公司西安分公司
陕西省西安市高新区天谷八路211号环普产业园G3楼1F-101号
Beijing Hecheng Nuoxin Technology Co., Ltd. Xi 'an Branch
No. 1F-101, G3, Huanpu Industrial Park, No. 211, Tiangu Eighth Road, Xi 'an High-tech Zone, Shaanxi Province
Office : 029-68204033
Mobile :18629022670
Email:gaoyj@sunpiestore.com

Matt_Roy93
Contributor

Here is the script to disable Airdrop, "defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES" It does require user logout, login or reboot.  Also FYI the config profile method is the best practice way of disabling this.

nachiket_s
New Contributor II

Try executing "killall Finder" command after you execute  "defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES" command.

Its working for me and I no longer see Airdrop in Go Menu and if you try to access it from spotlight then it will show following error - The operation can't be completed because the item can't be found.

If you want to reenable it do the same process but with NO syntax in the default.write command

Sanchi
Contributor

This code as a custom payload in a Config Profile will do it.  Set the domain to: com.apple.applicationaccess

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>allowAirDrop</key>
	<false/>
</dict>
</plist>


Set to "true" if you want to turn it on.