- Jamf Nation Community
- Products
- Jamf Pro
- Re: Ventura - Allow accessories to connect (USB Ty...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Ventura - Allow accessories to connect (USB Type-C)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2022 12:03 AM - edited 10-28-2022 12:33 AM
Apple added a security feature into Ventura 13.0 for Apple silicon called "Allow accessories to connect" you can find it under System Settings > Privacy & Security
You can find the info in the link below under the "Accessory security" heading
https://support.apple.com/en-au/guide/deployment/dep950aed53e/1/web/1.0
This has caused issues in our environment as we still use AD login and ethernet is required for deployment on the Mac.
Apple has given us a solution to the problem in a well hidden MDM command that came out with Ventura.
Here is the MDM command I am pushing out to our fleet as a Application & Custom Settings payload if anyone is interested.
Bundle ID: com.apple.applicationaccess
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>allowUSBRestrictedMode</key>
<false />
</dict>
</plist>
This Jamf Pro Feature request is related: https://ideas.jamf.com/ideas/JN-I-26484
Reply
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2022 02:10 AM
Do you know how to disable USB restricted mode using shell script? It is because I need this script for Mac OS deployment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2022 04:59 AM
Its better to use a configuration profile. Just add the profile to your prestage, and scope it to all Ventura devices. Scripts are nice to change settings that cant be managed. If there is an option to manage something, use a configuration profile.
Do not target all devices as if a nonVentura device receives the profile it will just ignore it and never look at it again even if it updates to Ventura. You would need to exempt and retarget to reinstall if this happens. If it installs on a nonVentura device from the prestage it should automatically remove if the config profile is scoped correctly.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2022 05:46 AM
Thanks for your reply. As we don't use any MDM solution for Mac management, that's why we need to use script for Mac OS deployment. May I know any command line on Mac can disable this function?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2022 06:37 AM
I have been looking around and I don't think its possible to manage at this time from CLI. Maybe submit a feedback request on that.
You could use imazing profile editor or apple configurator to make a .mobileconfig. Distribute the .mobileconfig to your users and have them install it. If you are not using a MDM solution, you are not managing Macs so it may be best to just leave it to the users.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-08-2022 08:31 AM
Thanks for posting this, it worked for me. I up voted the feature request.
tend·er (tĕn′dər) noun: One who tends something.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-23-2023 09:01 AM
Works great! Thanks a bunch!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-24-2023 04:30 PM
I voted up on this as well. I was able to leverage your info here to come up with a way to block usb storage again. (allowFilesUSBDriveAccess. true/false.) I posted at the link below.
disable USB or USB Mass Storage Devices - Jamf Nation Community - 250451
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-14-2023 01:13 PM
Looks like this has been added to the new version of Jamf!
Configuration Profiles
Computer Configuration Profiles
The following table is an overview of the computer configuration profile enhancements in this release:
Setting Key Included in Payload Requirements Notes
| Restrictions payload | |||
Allow USB restricted mode | allowUSBRestrictedMode | Supervised computers with macOS 13 or later | Prevents connection of USB accessories if a computer has been locked for more than one hour |
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-07-2023 11:25 PM
but not sure really it's working or not
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-21-2024 08:09 AM
Being a newbie, I am not sure what I am looking at.. Do I write a script with the content of what you posted and then push/scope the script out to my Ventura and Sonoma Macs?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2024 08:15 AM - edited 02-21-2024 08:18 AM
configuration profile - application & settings - upload
copy paste plist - scope to test Mac.. check its working and doing what you expect..
EDIT.. now I remember the thread.. this is now in restrictions payload.. in functionality.. with all the joy that payload brings..
