Posted on 11-16-2011 01:29 PM
Does anyone have experience blocking Firewire by policy?
Posted on 11-16-2011 02:04 PM
Blocking firewire or external drives (including USB)?
You'd really want to do this via Managed Preferences instead of policy so that you can apply it selectively and undo it later if you need. I use the following in Managed Preferences (using underscores to show indentation):
Display Name: Removable Media Access
Description: Control the types of Removable Media users can mount.
Apply Setting To: System Level Enforced
Domain: /Library/Preferences/com.apple.systemuiserver
Key: mount-controls
Value:
<dict>
<key>blankcd</key>
<array/>
<key>blankdvd</key>
<array/>
<key>cd</key>
<array/>
<key>disk-image</key>
<array/>
<key>dvd</key>
<array/>
<key>harddisk-external</key>
<array>
____<string>authenticate</string>
____<string>eject</string>
</array>
<key>harddisk-internal</key>
_<array/>
</dict>
The "authenticate" string gives administrators the ability to mount removable media. If you eliminate that string then all removable media is ejected. Add one or both of those strings to any of the keys in the list.