Jamf Nation Community

1. Set the Sidebar prefs on your admin system to show nothing in "Sharing"
2. In WGM/Prefs/Details, add your com.apple.sidebarlists.plist to "Often"

3. Remove all but the following from the entry:

4. All of your bound clients will have the "Sharing" section turned off.
   Note: If the user turns any portion of it back on in Finder/ Preferences, the "Sharing" will return (escalations might get this fixed... hint, hint)

Of course you are using WGM/MCX to manage your Mac preference policies, right?

:-)

-- John DeTroye Email: johnd at apple.com
Sr. Consulting Engineer Work: 303-933-1807
Systems Management Specialist Fax: 303-979-6616
Apple - Education iChat: johnd at mac.com
Tips and Tricks Docs - http://idisk.mac.com/johnd

Just this specific setting refuses to follow the rules. "Often" will reset at logout to admin-defined values, normally. There's always something that just won't follow the rules. And if you are managing more than a few Macs, using the defaults command just seems like a lot of work versus setting network-based policies; but that's just me...

johnd
-- John DeTroye Email: johnd at apple.com
Sr. Consulting Engineer Work: 303-933-1807
Systems Management Specialist Fax: 303-979-6616
Apple - Education iChat: johnd at mac.com
Tips and Tricks Docs - http://idisk.mac.com/johnd

I run a shell script to handle this. Here's my code for this:

#!/bin/sh # # Created by Kevin Bernstein on 2008-06-13. All rights reserved. # export PATH="/usr/local/bin:/usr/local/sbin:/usr/local/lib:/usr/ local/include:/usr/bin:/bin:/usr/sbin:/sbin" LEOUSERLIST=dscl . list /Users home | awk '/Users/ { print $1 }' USERNAMES=(${LEOUSERLIST}) echo "";echo "* * Sidebar Update" for (( i = 0 ; i < ${#USERNAMES[@]} ; i++ )) do USERSFOLDER=`dscl . -read /Users/${USERNAMES[$i]} home | awk -s {'print $2'}` if [[ -e $USERSFOLDER/Library/Preferences/ com.apple.sidebarlists.plist ]]; then /usr/libexec/PlistBuddy -c "set :networkbrowser:CustomListProperties:com .apple.NetworkBrowser.bonjourEnabled false" $USERSFOLDER/Library/ Preferences/com.apple.sidebarlists.plist chown ${USERNAMES[$i]} $USERSFOLDER/Library/Preferences/ com.apple.sidebarlists.plist chmod 600 $USERSFOLDER/Library/Preferences/ com.apple.sidebarlists.plist echo "updated sidebar setting for ${USERNAMES[$i]}'s existing pref" `defaults read $USERSFOLDER/Library/Preferences/ com.apple.sidebarlists networkbrowser | grep com.apple.NetworkBrowser.bonjourEnabled | awk {'print$1,$3'}` else touch $USERSFOLDER/Library/Preferences/com.apple.sidebarlists.plist /usr/libexec/PlistBuddy -c "set :networkbrowser:CustomListProperties:com .apple.NetworkBrowser.bonjourEnabled false" $USERSFOLDER/Library/ Preferences/com.apple.sidebarlists.plist chown ${USERNAMES[$i]} $USERSFOLDER/Library/Preferences/ com.apple.sidebarlists.plist chmod 600 $USERSFOLDER/Library/Preferences/ com.apple.sidebarlists.plist echo "created sidebar pref for ${USERNAMES[$i]} and set it to disallow Bonjour shares" `defaults read $USERSFOLDER/Library/ Preferences/com.apple.sidebarlists networkbrowser | grep com.apple.NetworkBrowser.bonjourEnabled | awk {'print$1,$3'}` fi done exit 0

I realize there are no comments. Sorry. But basically, this querries the local system to find the home directory of every user, then iterates through the accounts attempting to update their com.apple.sidebarlists.plist. If a plist is found then it updates it. Otherwise if not found, it creates it and writes the preferences. It uses PListBuddy (which I found easier to use for this situation). PListBuddy may or may not be in /usr/libexec by default, but is hard coded in this script. Also there's also some chmod and chown code as this runs as root in a postflight script. I have only tested this with local users, so I don't know what the experience would be like for network home users.

NOTE: I have just joined the list for device management ideas. I do not use Casper Suite... but believe this could be pushed out using the scripting interface or pushed as a package, where the above is a postflight script.

Kevin Bernstein
Desktop Engineering & Support