Jamf Nation Community

kuwaharg · ‎11-14-2012

A little off topic, but Campus Security is tired of getting lost USB drives. They are on a little campaign with the computer labs on campus to remind students to remove their USB drives. One request is to have the computer remind them.

Before I attempt to re-invent the wheel, does anyone have some sort of logout script that would detect if there is a USB drive and to remind the user to remove it?

--Gretchen

mm2270 · ‎11-14-2012

Hi. Try this out. Its a little simplistic and may need some tweaking or fleshing out, but I think it will generally do the trick
I adapted this from something else I was using to look at plugged in USB drives.

#!/bin/sh

for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
    if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }') == "USB" ]]; then
        echo "Device $disk is a USB removable disk"
        diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')
        MSG="There is a USB disk named "$diskName" still connected to this computer.

Please remember to take it with you!"
        sudo /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
        -windowType utility -title "USB device still attached" -description "$MSG" -button1 "OK" 
        -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertCautionIcon.icns -iconSize 96
    fi
done

The general idea is it loops through disk identifiers on the system, minus any related to disk0 since that is the internal HD, and then checks the protocol to find USB devices. This would likely pick up not just USB thumb drives, but any USB hard drives attached as well. If it finds one, it gets the name and throws it into a jamfHelper dialog.
You could use any messaging system you want, such as the jamf binary displayMessage verb, AppleScript, CocoaDialog, etc.

HTH

-Mike

View solution in original post

mm2270 · ‎11-14-2012

Hi. Try this out. Its a little simplistic and may need some tweaking or fleshing out, but I think it will generally do the trick
I adapted this from something else I was using to look at plugged in USB drives.

#!/bin/sh

for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
    if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }') == "USB" ]]; then
        echo "Device $disk is a USB removable disk"
        diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')
        MSG="There is a USB disk named "$diskName" still connected to this computer.

Please remember to take it with you!"
        sudo /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
        -windowType utility -title "USB device still attached" -description "$MSG" -button1 "OK" 
        -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertCautionIcon.icns -iconSize 96
    fi
done

The general idea is it loops through disk identifiers on the system, minus any related to disk0 since that is the internal HD, and then checks the protocol to find USB devices. This would likely pick up not just USB thumb drives, but any USB hard drives attached as well. If it finds one, it gets the name and throws it into a jamfHelper dialog.
You could use any messaging system you want, such as the jamf binary displayMessage verb, AppleScript, CocoaDialog, etc.

HTH

-Mike

kuwaharg · ‎11-15-2012

Awesome Mike! Thank you.

--Gretchen

tkimpton · ‎11-17-2012

Thanks Mike this is great!

tkimpton · ‎02-25-2013

Hi Mike

Do you know if its possible to make the script to also look at FireWire devices?

mm2270 · ‎02-26-2013

Hey Tim, sure, if you want it to look at both USB and FireWire (and perhaps Thunderbolt as well) devices, you could try this-

#!/bin/sh

for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
    if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }' | egrep "USB|FireWire|SATA") != "" ]]; then
        echo "Device $disk is a removable disk"
        diskName=$(diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }')
        MSG="There is a removable disk named "$diskName" still connected to this computer.

Please remember to take it with you!"
        sudo /Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper 
        -windowType utility -title "Removable device still attached" -description "$MSG" -button1 "OK" 
        -icon /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/AlertCautionIcon.icns -iconSize 96
    fi
done

The above in my very quick informal testing seemed to alert to any USB, FireWire or Thunderbolt connected devices. (Thunderbolt drives show up as SATA from what I can see)

There may be a way to provide better feedback on what type of drive it located, but I'd have to play around with that to get it working. The above will just alert in a generic "removable drive" manner.

tkimpton · ‎02-26-2013

Thanks Mike thats great! :)

tobiaslinder · ‎02-28-2013

Dear Mike
Thank you so much for this script. It's already in use and works perfectly.

mm2270 · ‎02-28-2013

@tobias, glad its helping folks out.

One thing I should mention is that in the line in the script where its grabbing all disk identifiers from disk1* through disk9*, on a FileVault 2 encrypted Mac,the boot volume Macintosh HD does not list as disk0s<some number>, its actually disk1, just because of the way Apple's CoreStorage works. But it shouldn't affect the script since its not possible for an external USB or FW type drive to show up as disk0, and it looks for disks with a protocol of one of the specified types, so it will still catch all external disks only

Just thought I'd mention that though.

mani2care · ‎11-28-2020

Do we have an option to monitor the USB access either read-only or full access via extension attribute with keep? history

Jamf Nation Community

Script to detect and remind users of their USB drive