We are looking to restrict the use of all USB external storage for our users. I made a Configuration Profile with a Restriction payload that has all types of hard disk media access unchecked. On the Macs that are in the scope, the policy only works for those with standard level access, admins can still use USB drives. Is there a way to have it apply to the machine as a whole, regardless of the user level?
Solved! Go to Solution.
I use this Apple Script which I found a while back for personal use. I created it as an application on my dock so when I have to run from my desk and I have external drives connected to my desktop I can quickly eject them without having to drag each one to the trash. You could some how use this as a policy (sorta like restricted software). Hope this helps.
tell application "Finder" to eject (every disk whose ejectable is true and local volume is true and free space is not equal to 0)
I found another way - Using a launchdaemon and an osascript command.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>EnvironmentVariables</key> <dict> <key>PATH</key> <string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Applications/VMware Fusion.app/Contents/Public:/usr/local/sbin:/Library/Apple/usr/bin:/Applications/Privileges.app/Contents/Resources</string> </dict> <key>KeepAlive</key> <dict> <key>Crashed</key> <true/> <key>SuccessfulExit</key> <true/> </dict> <key>Label</key> <string>Unmount USB</string> <key>ProcessType</key> <string>Background</string> <key>ProgramArguments</key> <array> <string>/usr/bin/osascript</string> <string>-e</string> <string>tell application "Finder" to eject (every disk whose ejectable is true)</string> </array> <key>RunAtLoad</key> <true/> <key>StartInterval</key> <integer>10</integer> <key>StartOnMount</key> <true/> <key>ThrottleInterval</key> <integer>5</integer> </dict> </plist>