Also, I just received an evaluation version of the site “Security Policy Manager” and the built-in fixlets that disable USB storage devices appear to be for Windows boxes only. Is there a Mac solution available?
If that is the case, does BigFix at least allow us to rename Mac-specific system files ending with the .kext extension? So for example, rename “sample.kext” to “sample.kext.old” or something like that.
You could use the following ActionScript to move the files
run mkdir /System/Library/Extensions/Hidden
run mv /System/Library/Extensions/IOUSBMassStorageClass.kext /System/Library/Extensions/Hidden/IOUSBMassStorageClass.kext
(That 2nd line wrapped… it is supposed to be one line)
You should definitely test this out before deploying it widely. Also test the reverse procedure… I saw at least one post out there that said a permissions fix and reboot was required to undo this. Lastly, this is not an Apple-approved procedure so it is entirely possible that a Mac OS X software upgrade could either undo this or throw an error when the files are found missing.
Noah, is there a significant difference if I use the “mv” command without the “run” preceding it? I was testing this syntax when you placed this post but did not use “run” and was successful. Please advise.
Run is BigFix ActionScript and would only appear in the Action you write in the BES Cosnole. Everything after “run” is “the unix command the root user would type in the Mac OS X shell”.