Script to disable Automatic Run Of Safe Files In Safari

spanaghi
New Contributor

I'm trying to script a way to disable the Automatic Run Of Safe Files In Safari for a CIS Benchmark across our deployment. While we have a few versions of the OS in the wild, I'm mostly focused on Catalina.

I tried the following, but it doesn't seem to change the preference.

defaults write com.apple.Safari AutoOpenSafeDownloads -boolean false
2 ACCEPTED SOLUTIONS

how did you add it in Jamf? Did you just copy/paste teh code as a script and run the Script via a policy?

View solution in original post

Hi
This solution I posted is for use with a configuration profile. It can be added to a configuration profile by:

create new configuration profile

click “application and custom settings”

Click configure 

Select configure settings

choose custom schema from source drop down 

Click edit schema

Copy the JSON and out it into the custom schema editable text box

Click  save 

From there you can set the settings in the form editor. 

 

View solution in original post

14 REPLIES 14

CSCC-JS
Contributor II

Have you consider using a profile and target the group of machines?

spanaghi
New Contributor

Is there an option in a Config Profile that allows me to do this? I looked but didn't see one, which is why I was going to go the script route.

lucas_cantor
New Contributor III

@spanaghi here you go.

As usual, please test this yourself to ensure compatibility in your environment.
I can only confirm this works for me.

Dylan_YYC
Contributor III

Yeah i thought this was a config profile too but there isn't anything about it! Wonder if this should be a feature request.

mm2270
Legendary Contributor III

You can also create the Config Profile by creating a new plist file in some local location, like your Desktop, with just that one setting in it.

defaults write ~/Desktop/com.apple.Safari.plist AutoOpenSafeDownloads -bool false

Converting that to xml format

plutil -convert xml1 ~/Desktop/com.apple.Safari.plist

And then uploading that into a new Configuration Profile under the Application & Custom Settings payload (using the "Upload a File" option) Does basically the same thing as the gist posted above by @lucas.cantor

Dylan_YYC
Contributor III

So this is not working in big Sur... anyone have any idea? I tried the config profile uploaded by @lucas.cantor

Martinus
New Contributor II

Config Profile still works in my testing on Big Sur 11.2.3.

defaults write com.apple.Safari AutoOpenSafeDownloads -boolean false

not so much, it can fail silently...

...because it got sandboxed and e.g. Terminal does not have access by default. See https://lapcatsoftware.com/articles/containers.html

Kyle-Johnston
New Contributor

Has anyone had any luck doing this ??

Regards
K

cesar_pineda
New Contributor III

I've been using a config profile for at least 5 years... hope it helps
6cac4220b07b4735843fea602ca33d1e

sharif_khan
Contributor

Hi @cesar_pineda 

I am also using the same CIS hardening profile but I face an issue when I push update from management tab or try to download/install update from self service, both cases that failed. So I had to remove those profiles restart the machine and then re-push update. After few min/hrs update complete and then all those profile put back to machine. 

AntMac
Contributor

Hi 
I know this is a really old thread but thought I would pass on in case someone else was also looking for a solution.

Just wanted to pass on a short custom JSON schema I have been using that appears to do the trick. Tested it on Monterey with Safari 15.3 and it works great! 

JAMF-Custom-JSON/Safari at main · MinervaFT/JAMF-Custom-JSON (github.com)

how did you add it in Jamf? Did you just copy/paste teh code as a script and run the Script via a policy?

Hi
This solution I posted is for use with a configuration profile. It can be added to a configuration profile by:

create new configuration profile

click “application and custom settings”

Click configure 

Select configure settings

choose custom schema from source drop down 

Click edit schema

Copy the JSON and out it into the custom schema editable text box

Click  save 

From there you can set the settings in the form editor. 

 

sharif_khan
Contributor

For me profiles work for macOS Monterey

Preference Domain: com.apple.Safari
 
Upload
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
       <key>AutoOpenSafeDownloads</key>
       <false/>
 </dict>
</plist>