Does anyone restrict USB connectivity in their environment? If so how? I've looked into pulling out the usb kernel extensions, but that seems a bit…extreme.
Regards,
Matt Bentley
Question
USB controls?
+6
+36You don't want to disable USB or you'd disable keyboards and mice.
On 7/7/11 3:23 PM, "Bentley, Matthew" <matthew.bentley at fmr.com> wrote:
I'm assuming you're wanting to deny access to external drives. Correct? I
use Casper's Managed Preferences to disable these in one of our offices
where we need tighter security.
The following specifically blocks external hard disks to Standard users
but allows administrators to authenticate and use them. This is effective
for both USB and firewire drives.
Domain: com.apple.systemuiserver
Key name: mount-controls
Key type: Enter Manually
Value:
<dict>
<key>blankcd</key>
<array/>
<key>blankdvd</key>
<array/>
<key>cd</key>
<array/>
<key>disk-image</key>
<array/>
<key>dvd</key>
<array/>
<key>harddisk-external</key>
<array>
<string>authenticate</string>
<string>eject</string>
</array>
<key>harddisk-internal</key>
<array/>
</dict>
--
William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492
+12If you haven't then I really would suggest reading:
http://images.apple.com/server/macosx/docs/User_Management_v10.6.pdf
It explains the creation and management of users and it will give you a good insight into what you can achieve. Going by some of the questions on the forum, several people may find this useful, particularly the 'mcxdelete' command.
Sean
+36Haven't tested but you should be able to do this using the same data above with configuration profiles today. You can apply configuration profiles to any machine regardless of whether users are administrators or standard users, however, admins can always undo what you do.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.