Preventing disk images from being mounted?

azimmer84
New Contributor II

Greetings! We're trying to come to a "happy medium" for our users to prevent them from grabbing software willy-nilly. 

Our environment is:

  • Utilizing PreStage Enrollment
  • Monterey with some Big Sur leftovers, moving soon to Monterey and up
  • Users are admins

I've been able to come up with countermeasures to most of the truly problematic stuff users can do as admin but I'm getting stuck on blocking disk image. The restriction was dropped in Catalina, and I found some posts suggesting blocking the DiskImageMounter app. This seems to work; the app is blocked and the warning pops up.

But the image is mounted anyway.

Is this a speed thing? Mounting the image is happening quicker than the "kill process" feature works?

Has anyone had any success blocking this in Big Sur and up? 

Thanks!

2 ACCEPTED SOLUTIONS

sdagley
Esteemed Contributor II

@azimmer84 You _could_ try blocking the process aimed hdiutil which DiskImageMounter is calling to mount an image. You'll need to disable that block when you want to run the macOS Monterey upgrade as it will require mounting  disk image as part of the upgrade process.

View solution in original post

azimmer84
New Contributor II

This works. It ejects the image moments after throwing the popup, rather than leaving it open. Hacky but robust, not likely to be suddenly dropped in Ventura.

View solution in original post

6 REPLIES 6

sdagley
Esteemed Contributor II

@azimmer84 You _could_ try blocking the process aimed hdiutil which DiskImageMounter is calling to mount an image. You'll need to disable that block when you want to run the macOS Monterey upgrade as it will require mounting  disk image as part of the upgrade process.

azimmer84
New Contributor II

This works. It ejects the image moments after throwing the popup, rather than leaving it open. Hacky but robust, not likely to be suddenly dropped in Ventura.

sdagley
Esteemed Contributor II

@azimmer84 I think you flagged the wrong post as an answer, what exactly works?

azimmer84
New Contributor II

Your suggestion about blocking hdiutil seems best for us. New to these forums. Sorry if I hit the wrong button...

sdagley
Esteemed Contributor II

@azimmer84 Thanks. I was curious because I never tested it myself, and wanted to know if I should file it for potential future use :-)

sgiesbrecht
Contributor III

Even though Config Profile > Restrictions > Media > Hard Disk Media > Disk Images is deprecated we still use it as it still works.  We have to enable it for our environment so some apps require DMGs. 

In your case uncheck it or check the Require Authentication

sgiesbrecht_0-1659619507657.png