How to manage: accessory access setting in System Preferences

JevermannNG
Contributor II

I am looking for a way to manage the settings to allow accessory (USB/Thunderbold).

In the System Preferences are these settings available:

  • Ask every time

  • Ask for new accessories

  • Automatically when unlocked

  • Always

But I didnt find any setting options in the following MDM command:

https://support.apple.com/guide/deployment/manage-accessory-access-depf8a4cb051/1/web/1.0

Is there a different way to set this option to "Ask every time" ?

9 REPLIES 9

jamf-42
Valued Contributor II

if you need to block connecting USB / Thunderbolt devices.. there is nothing in macOS / JAMF that provides this function. You'll need to look at 3rd party solutions.

I dont want to block USB Devices.

I want to manage the setting. My target is that the user gets an requester each time a USB Device connects to the Mac.

A_Collins
Contributor

It can be managed by MDM.. 

The domain is com.apple.applicationaccess and the key is allowUSBRestrictedMode

More info : apple

If false, the system allows iOS devices to always connect to USB accessories while locked. On macOS, allows new USB and Thunderbolt accessories and SD cards to connect without authorization. If the system has Lockdown mode enabled, it ignores this value. Available in iOS 11.4.1 and later, and macOS 13 and later. Requires a supervised device in iOS.

Default: true

 

Well, that is the same like I referred to by the URL in my first post.

That setting allows only a permanent Yes or No.

I am looking for a way, that "always ask" enables.

m_oravec
New Contributor II

I am looking to do something similar but to always allow since it seems there is a bug in 14.4 causing usb issues. Did anyone find a solution ?

 

 

emanueldiaz_09
New Contributor III

Just like @A_Collins mentioned, the domain is: com.apple.applicationaccess

Here is the link to the JSON script you can upload to as a Custom Schema in Configuration Policy:

ProfileManifestsMirror 

Just copy the JSON code and paste it in the Custom Schema section of your Configuration Policy. It has tons of settings you can configure, but all you need is the Allow USB Restricted Mode. 

This is the only portion needed:

01.png

Set to FALSE if you want to allow USB accessories.

02.png

So I did this in Jamf and pushed out the profile, but it's not working. I made it look exactly like you second screen shot and still no dice. When I plug in a USB device it still asks for permission, which I want to disable.

@jcoombes did you try to create a Configuration Profile and to upload it into Jamf Pro?

I use "ProfileCreator" to create the Profile, then export and sign it before importing it into Jamf Pro:

Bildschirmfoto 2024-07-24 um 09.09.22.png

 

No, I used the Jamf Custom Schema and created it directly inside Jamf.