Help

How to manage: accessory access setting in System Preferences

JevermannNG
Contributor II

Posted on ‎01-19-2024 02:17 AM

I am looking for a way to manage the settings to allow accessory (USB/Thunderbold).

In the System Preferences are these settings available:

  • Ask every time

  • Ask for new accessories

  • Automatically when unlocked

  • Always

But I didnt find any setting options in the following MDM command:

https://support.apple.com/guide/deployment/manage-accessory-access-depf8a4cb051/1/web/1.0

Is there a different way to set this option to "Ask every time" ?

Reply
9 REPLIES 9

jamf-42
Valued Contributor II

Posted on ‎01-19-2024 02:39 AM

if you need to block connecting USB / Thunderbolt devices.. there is nothing in macOS / JAMF that provides this function. You'll need to look at 3rd party solutions.

0 Kudos
Reply

JevermannNG
Contributor II
In response to jamf-42

Posted on ‎01-19-2024 04:24 AM

I dont want to block USB Devices.

I want to manage the setting. My target is that the user gets an requester each time a USB Device connects to the Mac.

0 Kudos
Reply

A_Collins
Contributor

Posted on ‎01-19-2024 02:25 PM

It can be managed by MDM.. 

The domain is com.apple.applicationaccess and the key is allowUSBRestrictedMode

More info : apple

If false, the system allows iOS devices to always connect to USB accessories while locked. On macOS, allows new USB and Thunderbolt accessories and SD cards to connect without authorization. If the system has Lockdown mode enabled, it ignores this value. Available in iOS 11.4.1 and later, and macOS 13 and later. Requires a supervised device in iOS.

Default: true

 

Reply

JevermannNG
Contributor II
In response to A_Collins

Posted on ‎01-22-2024 12:15 AM

Well, that is the same like I referred to by the URL in my first post.

That setting allows only a permanent Yes or No.

I am looking for a way, that "always ask" enables.

0 Kudos
Reply

m_oravec
New Contributor II

Posted on ‎03-14-2024 08:52 AM

I am looking to do something similar but to always allow since it seems there is a bug in 14.4 causing usb issues. Did anyone find a solution ?

 

 

0 Kudos
Reply

emanueldiaz_09
New Contributor III

Posted on ‎06-24-2024 12:20 PM

Just like @A_Collins mentioned, the domain is: com.apple.applicationaccess

Here is the link to the JSON script you can upload to as a Custom Schema in Configuration Policy:

ProfileManifestsMirror 

Just copy the JSON code and paste it in the Custom Schema section of your Configuration Policy. It has tons of settings you can configure, but all you need is the Allow USB Restricted Mode. 

This is the only portion needed:

01.png

Set to FALSE if you want to allow USB accessories.

02.png

0 Kudos
Reply

jcoombes
New Contributor
In response to emanueldiaz_09

Posted on ‎07-23-2024 03:55 PM

So I did this in Jamf and pushed out the profile, but it's not working. I made it look exactly like you second screen shot and still no dice. When I plug in a USB device it still asks for permission, which I want to disable.

0 Kudos
Reply

JevermannNG
Contributor II
In response to jcoombes

‎07-24-2024 12:13 AM - edited ‎07-24-2024 12:14 AM

@jcoombes did you try to create a Configuration Profile and to upload it into Jamf Pro?

I use "ProfileCreator" to create the Profile, then export and sign it before importing it into Jamf Pro:

Bildschirmfoto 2024-07-24 um 09.09.22.png

 

0 Kudos
Reply

jcoombes
New Contributor
In response to JevermannNG

Posted on ‎07-24-2024 09:12 AM

No, I used the Jamf Custom Schema and created it directly inside Jamf.

0 Kudos
Reply