Script to disable Automatic Run Of Safe Files In Safari

spanaghi
New Contributor

I'm trying to script a way to disable the Automatic Run Of Safe Files In Safari for a CIS Benchmark across our deployment. While we have a few versions of the OS in the wild, I'm mostly focused on Catalina.

I tried the following, but it doesn't seem to change the preference.

defaults write com.apple.Safari AutoOpenSafeDownloads -boolean false
10 REPLIES 10

CSCC-JS
Contributor II

Have you consider using a profile and target the group of machines?

spanaghi
New Contributor

Is there an option in a Config Profile that allows me to do this? I looked but didn't see one, which is why I was going to go the script route.

lucas_cantor
New Contributor III

@spanaghi here you go.

As usual, please test this yourself to ensure compatibility in your environment.
I can only confirm this works for me.

Dylan_YYC
Contributor III

Yeah i thought this was a config profile too but there isn't anything about it! Wonder if this should be a feature request.

mm2270
Legendary Contributor II

You can also create the Config Profile by creating a new plist file in some local location, like your Desktop, with just that one setting in it.

defaults write ~/Desktop/com.apple.Safari.plist AutoOpenSafeDownloads -bool false

Converting that to xml format

plutil -convert xml1 ~/Desktop/com.apple.Safari.plist

And then uploading that into a new Configuration Profile under the Application & Custom Settings payload (using the "Upload a File" option) Does basically the same thing as the gist posted above by @lucas.cantor

Dylan_YYC
Contributor III

So this is not working in big Sur... anyone have any idea? I tried the config profile uploaded by @lucas.cantor

Martinus
New Contributor II

Config Profile still works in my testing on Big Sur 11.2.3.

defaults write com.apple.Safari AutoOpenSafeDownloads -boolean false

not so much, it can fail silently...

...because it got sandboxed and e.g. Terminal does not have access by default. See https://lapcatsoftware.com/articles/containers.html

Kyle-Johnston
New Contributor

Has anyone had any luck doing this ??

Regards
K

cesar_pineda
New Contributor III

I've been using a config profile for at least 5 years... hope it helps
6cac4220b07b4735843fea602ca33d1e

sharif_khan
New Contributor

Hi @cesar_pineda 

I am also using the same CIS hardening profile but I face an issue when I push update from management tab or try to download/install update from self service, both cases that failed. So I had to remove those profiles restart the machine and then re-push update. After few min/hrs update complete and then all those profile put back to machine.