Jamf Nation Community

fabian_ulmrich · ‎02-18-2014

Hi guys,

some parents of our students asked me to disable the "Private Browsing" option in Safari. But I don't find a way to disable it forever? Is anyone experienced how to disable it forever?

Thanks,
Fabian

mm2270 · ‎02-18-2014

Are you using Managed Preferences? If so there's an option for that under com.apple.Safari, and can be User Level Enforced from what I can see.
If you're only using Configuration Profiles, there may be a way with those as well. If not built in, then you may be able to create a custom Profile to deploy out.

The relevant defaults command would be something like this

defaults write com.apple.Safari WebKitPrivateBrowsingEnabled -bool false

blackholemac · ‎02-18-2014

I use a Configuration Profile to handle that here though the good old defaults command achieves the same thing. With a config profile though it forces it on the users. I apply this config at the computer level. Here is my configuration profile (minus our identifier settings) if it helps. Note that this profile also blocks enabling the Developer menu, allows pop-ups (we have to here) and disables automatic opening of even safe downloads. You can maybe use this as a start to customize for your organization if nothing else:

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1">
<dict>
<key>PayloadUUID</key>
<string>D10EA6B7-8EF7-4969-999B-094C38EE794D</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadOrganization</key>
<string>Lafayette School Corporation</string>
<key>PayloadIdentifier</key>
<string>D10EA6B7-8EF7-4969-999B-094C38EE794D</string>
<key>PayloadDisplayName</key>
<string>Student Safari</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string/>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadUUID</key>
<string>188EF5F9-758E-4E86-A8D1-01DE724DAFE4</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadOrganization</key>
<string>YOURORGHERE</string>
<key>PayloadIdentifier</key>
<string>188EF5F9-758E-4E86-A8D1-01DE724DAFE4</string>
<key>PayloadDisplayName</key>
<string>Custom</string>
<key>PayloadDescription</key>
<string/>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>PayloadContent</key>
<dict>
<key>com.apple.Safari</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>com.apple.Safari.ContentPageGroupIdentifier.WebKit2PrivateBrowsingEnabled</key>
<false/>
<key>com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically</key>
<true/>
<key>HomePage</key>
<string>http://www.YOURURLHERE.com</string>
<key>IncludeDevelopMenuPreferenceKey</key>
<false/>
<key>AutoOpenSafeDownloads</key>
<false/>
</dict>
</dict>
</array>
</dict>
</dict>
</dict>
</array>
</dict>
</plist>

fabian_ulmrich · ‎02-18-2014

@mm2270 Yeah right, I tried using MCX but that didn't really work because it is just turns "Private Browsing" off. A configuration profile might be the better solution for that. I'll try what @blackholemac posted.

Thanks so far.

fabian_ulmrich · ‎02-19-2014

@blackholemac Tried to run your configprofile with some changes to payloads but a user is still able to activate "Private Browsing" same as I use MCX. Any ideas? Maybe you need to run a launch daemon which is calling a script to check if 'WebKitPrivateBrowsingEnabled' is set to true. if true, set it to false!? Something like this.

blackholemac · ‎02-19-2014

I will check it again, but I know I had that one working really well here...mainly because I used MCXtoProfile to generate it and tested it before building mass amounts of images. In short, I use MCX (Managed Preferences) on 10.6 clients only and all of my 10.8 clients are done via profile.

I'll check into it. I don't use a launchdaemon though...mainly because if I do, I have to remember to repackage it. You did set it to be a computer level profile and not a user level one didn't you? That is how I push this particular one.

fabian_ulmrich · ‎05-22-2014

Sorry for my late response guys. I totally forgot about this topic. My clients are running 10.9.x, maybe this has changed with this OS. Tried to convert the specific MCX .plist file into a profile as well as pushing it via MCX. Everytime it's set to FALSE but the user still can change it in Safari settings. I would like to have it disabled completely, FOREVER :D Best thing would be to get rid of the menu object "Private Browsing".

jcarr · ‎05-25-2014

Is this possible via Configuration Profile for iOS devices?

fabian_ulmrich · ‎05-26-2014

Hi there,

definitely what should be requested at Apple. The only thing I know is you can disable Safari at all or filter any webcontent via Apple Configurator Profile. Have you researched the Web a little bit? There might be a way to add keys and values to an existing profile!?

Johnna · ‎11-01-2017

Hello

I'm wondering if this is still applicable or did someone find a better way? I have a 1:1 student iPad environment and need to disable both Safari private browsing & Google incognito browsing. Any help is GREATLY appreciated!

wdpickle · ‎08-17-2021

For iPad's you can now deploy a Configuration profile with the Content Filter set to limit adult content and it removes the option of Private Browsing

pnamingha · ‎11-18-2021

Where is the option to restrict private browsing. I don't see that subset anywhere related to Safari

Jamf Nation Community

Disable "Private Browsing" on Safari