Help

Disabling the SD Card Reader

jrserapio
Contributor

Posted on ‎03-17-2014 05:19 PM

I tried searching but could not find anything to help me. Closest i could find was this https://jamfnation.jamfsoftware.com/discussion.html?id=4558
One of the many restrictions that I have to enforce at my company is External Volumes. They either have to be read only or disabled. I have gotten this to work for External USB and Thunderbolt Drives formatted in HFS. I changed permissions on the AppleSDXC.kext file to remove read and execute for all users, and this worked for 10.8.x but is no longer working in Mavericks.

What I would like to achieve is
a) only administrators can mount external volumes (can't get this to work with MCX or CP) regardless of type (Thunderbolt, SD Card, USB or Firewire) or b) all external volumes are set to read-only for all users not in the admin group.

Does anyone have any tricks or have run into this same problem?

Labels:
0 Kudos
4 REPLIES 4

maccentric
New Contributor II

Posted on ‎03-18-2014 05:32 AM

Test it first but you could use the disableUSB.sh (https://jamfnation.jamfsoftware.com/viewProductFile.html?fid=455) script but rather then moving the IOUSBMassStorageClass.kext, you could move the AppleSDXC.kext

0 Kudos

jrserapio
Contributor

Posted on ‎03-18-2014 10:51 AM

Thanks for the response. If there is no other alternative I may have to end up doing that. In my original plan, I was just going to move all the kexts for all the devices that were to be disabled. Ended up not going that route as Kexts get replaced on some OS updates/upgrades.

0 Kudos

CypherCookie
Contributor

Posted on ‎03-10-2016 02:06 AM

This is super annoying. I'm surprised Apple haven't bought out a config profile to lock down the SD card slot!

To deal with this i ended up creating a script and a launch agent.

The script essentially checks the user permissions and if it is not an admin runs the script to dismount the SD card automatically.

That in essence is all the logic you need to do it.

0 Kudos

cdinges
New Contributor II

Posted on ‎07-27-2016 03:31 PM

First time posting / trying to help out so forgive me....

To disable the SD card on the Mac / JSS you can go into Configuration Profiles > Create A Profile > Restrictions and Create A Payload. Uncheck Internal & External Drives to completely disable USB Drives & SD Cards. I have tested this on 4 machines so far within our environment and it seems to be working great...

One caveat...if a user were to look in Disk Utility, they will still see the disks but they will not mount.

0 Kudos