Disable USB drive write access via Profile Manager
Is there a way to disable users from plugging in a USB flash drive and copying files to it via the Profile Manager?
We are trying to configure this on a Mac network running 10.10.x with Server 4.0.3.
I understand that this can be done by deleting the IOUSBMassStorageClass.kext as a solution in older versions of OS X and that this was apparently possible in Workgroup Manager (now legacy and not supported). I would like to learn how to do this using the latest methods in 10.10.1 or 10.9.
Any tips would be greatly appreciated.
Cheers,
MC
I post on both to try to raise awareness. All previous topics have been to delete the usb drivers, put hot glue in the ports and to use the now non-supported Workgroup Manager. Thanks for checking though!
Similar Messages
-
Hi
I connect my ipad to my pc (Windows xp SP3) and I can see my ipad and photos in my computer. When I install the itunes 11 , after installation , I can't connect the ipad again or any other apple device. The Apple Mobile Device USB Driver is listed in device manager, but has a yellow "!".
I have try to reinstall the drivers from c:\progamfiles\common files\apple\... but the problem persist. Could you help anyone about this ?You need to completely uninstall iTunes from your computer and then download and install it again.
You do know that Microsoft has a web site, right? -
Hello,
I have a GPO set and linked to my AD domain to disable USB drives when they connect. The policy has the following settings enabled.
Removable Disks: Deny read access
Removable Disks: Deny write access
WPD Devices: Deny read access
WPD Devices: Deny write access
However, when I test users are always able to connect and use the USB drives. Is there anything else that needs to be configured before the policy works correctly?
Thanks in advance,Hi,
You may have a check if the group policy got applied or not just as aperelli just indicated above.
Also you could try to configure your group policy setting like below:
>>navigate to
\Computer Configuration\Policies\Administrative Templates\System\Removable Storage Access.
>>enable the below setting:
All Removable Storage Classes: Deny All Access.
>>In the Command Prompt, type GPupdate /force
This setting is a effective way to diasble the removable storage access.
Best Regards,
Elaine
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Safari Keep-Alive via Profile Manager
Greetings Community!
Does anybody know of a way to issue a keep-alive to Safari via profile manager so it always stays open and that if it somehow closes it will automatically re-open?Worked it out!
I also host a couple of personal websites and these were configured to use the IP of the server; removed this and set it to use the "Any" option and profile manager started working as expected. Not done a full test of the entire thing to see if anything else is broken but this has me moving on from here! -
IPSEC VPN Settings via Profile Manager
It is not possible to set the following lines via GUI in Apples ProfileManager or via Apple Configurator in the IPSec section:
<key>XAuthPassword</key>
<string>myVPNuserPassword</string>
You can set the lines via GUI in the old iPhone Configuration Program on Windows.
If you can't set the "XAuthPassword", you have to type in the password every time you want to establish the VPN.
We use certificates for device authentication.
Anyone a solution ?
greetings
robinklatuu wrote:
It is not possible to set the following lines via GUI in Apples ProfileManager or via Apple Configurator in the IPSec section:
<key>XAuthPassword</key>
<string>myVPNuserPassword</string>
You can set the lines via GUI in the old iPhone Configuration Program on Windows.
If you can't set the "XAuthPassword", you have to type in the password every time you want to establish the VPN.
We use certificates for device authentication.
Anyone a solution ?
greetings
robin
Yes, there are two possible solutions.
1. As per my article here http://jelockwood.blogspot.co.uk/2014/03/how-to-do-vpn-on-demand-for-ios-at-zero .html you would use a StrongSwan VPN server and as per my article use the xauth-noauth plugin to prevent it asking for a username and password, it will then only use the client certificate for device authentication.
2. You can use the two keys listed above but you will have to manually edit the mobileconfig file and add them. Therefore you cannot use Profile Manager or Apple Configurator. For this I used iPhone Configuration Utility to create the initial mobileconfig file, and then I used TextWrangler to add the two keys. With a manually produced mobileconfig file I do not believe there is anyway to send it via Profile Manager but you can either email it to the device or make it available via a web server. Other MDM solutions than Profile Manager do allow pushing uploaded mobileconfig files, I used Meraki Systems Manager and pushed my hand edited mobileconfig files 'over the air' to the devices.
It should be noted that if you are authenticating usernames and password against a directory server e.g. Active-Directory, Open Directory or LDAP, then if you enforce password ageing and changes you are going to have to hand edit and resend an updated mobileconfig file with the new password in it. This is why I chose option 1 above for my own situation. It is in theory less secure as it only uses a single basis for authentication - the certificate but I felt this an acceptable trade-off. -
Where do Apps uploaded via Profile Manager go?
I've just up updated around 30+ apps and I've had to manually add them via profile manager one by one!
I was just wondering if anyone knew the location where the apps are stored on the server as I thought I could perhaps just drag and drop all of the updated ipas at once.There are several tools which allow selecting network profile settings with respect to sites i.e. available network environment data:
ControlPlane - <http://www.controlplaneapp.com/>
Little Snitch - <http://www.obdev.at/products/littlesnitch/>
and maybe some more.
Additionally, you may find this discussion helpful:
ML Server: How do i push my school proxy settings to our ML clients?
i.e. <https://discussions.apple.com/thread/4715399> -
Accessing the USB drive on HH3 via Android
Hi, i know that some people can access a usb drive connected to the HH3 on ipads etc, but can it also be done from an android, on 2.2 or 4.0 android devices - many thanks in advance.
Sorry for the aggravation...I took an easier route, reset the AEBS and did an ignore on the Dual Nat issue. I was then able to use the more tradition means of connecting to the USB drive via finder network connection over the internet.
Seems much easier than going the bridge mode ---> port forwarding route.
Cheers!
David -
How do i fix the "Unable to install Apple Mobile Device USB Driver" problem access denied
My new iphone 5c will not work with my laptop. The apple mobile usb driver will not install. 'Access denied' is the final message in the diaolgue box of the device load error. The device is recognized but there is the yellow triangle with the exclamation point on it indicating an error installing. I've removed itunes and its components as directed step by step ..... twice..... I've disabled antivirus, firewalls, and even created a second admin profile in hopes that it would load the driver. Nothing is working. The apple person was supposed to call me back after we were on the phone 90 minutes. Well.... I guess she did not. Help!!! I would love to sync my phone. Any ideas?
For general advice see Troubleshooting issues with iTunes for Windows updates.
The steps in the second box are a guide to removing everything related to iTunes and then rebuilding it which is often a good starting point unless the symptoms indicate a more specific approach. Review the other boxes and the list of support documents further down page in case one of them applies.
Your library should be unaffected by these steps but there is backup and recovery advice elsewhere in the user tip.
tt2 -
Missing Apple Mobile Device USB Driver Missing From My Device Manager
Hi Everyone, My Apple Mobile Device Usb Driver Does'nt Show up in my Device Manager. But when i go Control panel>> Admin Tools>> Services its there but when i go Start>>Run type in devmgmt.msc an the device manager comes up an under the heading Universal Control Bus Contoller the Apple mobile device usb driver is suppoed to appear but it doesnt all my other usb attached devices do how do i fix this problem?????
For what it's worth. I had the same problem, and here is how I fixed.
I downloaded Roxio Uninstaller and deleted everything Apple. Itunes, Bonjour, Apple Mobile Divce Manager, and Safari, everything get rid of it all. the good thing about roxio is that you can scan for anything that the program uninstaller missed.
Then I down loaded itunes again and Whalaa! It now works. -
Security question, how to disable USB drives?
Hi. We´re implementing security measures on our small office, and in the account settings I´ve disabled cd burning for a given account, but I also want to diable the use of USB drives except for the compnay one. Is there a way to achieve this? Thanks
Just FYI no matter how many securities you put on a USB port, there is always a way around it, but you can buy usb lock plug ins online. They are called USB locks. I don't know where to find them off the top of my head. they plug into the usb connector in the back of your computer.
Message was edited by: mobias -
Deploying Calendars via Profile Manager
I recently needed to start sharing calendars between staff here at school. I have successfully created and shared calendars between two test accounts, setting them up manually via the "Mail, Contacts & Calendars" section of system preferences for each user.
I then shared then opened up the calendar app and shared each test accounts calendar with each other via the right click menu>Sharing Settings.
Everything is working exactly as I want but I want to automate this setup for our staff and so I turned to profile manager thinking that we could at least skip the step that was covered through "Mail, Contacts and Calendar".
I could not.
It seems that Profile Manager settings requires a password which is terrible and that would have all staff subscribe to one calendar account rather than having their own.
Is there a way around this or am I destined to set up each user individually?Thank you both so very much for using these forums. Today I was having the issue of the profile not pushing when there were Calendar settings in the profile. Then I ran across this discussion. I was able to confirm your findings Henry. Indeed when I set it to manual, downloaded the profile and installed, it worked like a charm. (sad this is still an issue in Yosemite) Anyway, it gave me an idea. All I did was add a description to the General section of the profile, changed it back to automatic push, no password installed and using SSL, and it worked. I have no idea, but just placing a comment in the field did the trick. Thought it should be shared. Thanks for your discussion, help, and feedback. Have a great day!
-
Setting parental controls via profile manager
So I've got Lion Server running on an older mac mini. I've setup up accounts on the server for my kids. (they're my guinea pigs!) We have 2 other macs in the house both running Mavericks. I'm able to do a networkin login into the kids' accounts from those client machines with no problem. I'm also storing their home folders on the server and creating "mobile" accounts (I think that's the terminology) on the client machines. I've installed the Trust certificate from the server onto those client machines. I've also installed the group certificate on the client machiens. (most of the profile manager settings I have for the kids are handled in a group called "kids")
Here's the problem: if I try to enforce parental controls on the kids' accounts (such as limiting the time they can be on them, etc) it doesn't work. In fact, after the settings get pushed to the client machines, they (the client machines) often will lock-up or start acting really flaky. A reboot "fixes" that, but the parental controls still won't work.
I've tried this literally dozens of times with the same result. Other changes in profile manager, such as restricting access to certain apps, DOES seem to work. It's mainly just the settings related to parental controls that seem to be the problem.
Am I doing something wrong? Is this stuff supposed to work? Thanks for any help, this is incredibly frustrating!Unfortunatley I never got this resolved. In fact, it turns out that this is really a bug in how the parental controls work with a "managed" account. All of the other settings that can be managed on OSX server seemed to work just fine in my testing, but the parental controls do not. Or more specifically, the curfew (time limit) settings definitely don't work. It's hard to believe, but apparently this is a use-case Apple never considered. (if you do some googling for parental controls and OSX server you'll find we're not alone)
I don't recall exactly, but if you're trying to determine if changes got pushed to the clients there is something in the profile manager (web UI) that shows "completed tasks" or "active tasks" (or something like that) which should show what was pushed and if it was succssfully received by the client.
Anyway, after all that effort I ended up not using the profile management feature in OSX server at all. My kids accounts are now just plain 'old local accounts. I came to the conclusion (as many others have) that OSX server, at least in a home setting, just isn't worth the effort. It's too bad because if it all worked properly it could be really useful. If you still want to mess around with OSX server you might want to check out some nice youtube videos by a guy named Todd Olthof. He has a bunch of videos on OSX server that are actually geared completely towards the home user.
Good luck! -
I can't find a way to upload applications to iOS via Profile Manager
I have Mac OS X Lion Server 10.7.2 and multiple devices. I added them to the Profile Manager and now I can create different profiles for them. But I have not found a way of moderation of installed applications on iOS. Please tell me how to do this?
CFax, I am experiencing the same problem. I see your solution, but I am unsure how to "install the main language English".
My system uses English. Is there a particular setting?
Thanks a bunch. -
How to install Corporate applications via Profile manager
What is the correct procedure to install/push iOS applications created in our corporate apple development environment? I've read in one place that they have to be exported from the dev environment based on a specific path for the server, and then that you can't use the Lion server Profile Manager but need a 3rd party application. Any guidance is appreciated!
You just posted to the Lion (Client) forum. I've asked a moderator move your post. No action is needed on your part until it is moved. I'm not familiar with Lion Server.
-
Not apple to login to VPP via Profile Manager
Hello all,
I have a quick question.
In the past I have been abel to use the links found in the app section of Profile Manager to login to the VPP and purchase more licenses when needed. However, today when I tried to buy a couple apps for some staff members, I got the following error...
"Your request produced an error
[newNullResponse]"
Nothing else in the browser window.
I was able to login on another computer and complete the purchase, but it was weird that I couldn't do it from the server. After making the purchases I was able to receive and distribute the licences.
Anyone having similar issues, or experienced this in the past?
Thanks,
LeonThanks Sunny for looking into it,
You are correct but we want to check this WEBGUI from out side of the location, i.e. not only from premise but also from my public IP address. And also from IPAD or any Android Mobile Browser
Regards,
Prashant
Maybe you are looking for
-
Create ticket using CRM_ORDER_MAINTAIN
I am creating a service ticket using the above mentined RFC. I want to insert the problem area and actual fault as Level1 (parent) and Level2 (child) within the problem area. For that I am making use of the lt_service_os table and building the subjec
-
How can I restore e-mac software
I had previously had a problem in which I could not erase items from my e-mac. I had less than 365mb of space. I kept on getting an IO 36 error. Anyway I could not boot from the OSX disks, and start up managers did not work, nor did cleaning out cach
-
How do i set file associations?
How do I set my ipad to pull up all apps that will open .jpeg files? In other words, how do i set file associations?
-
Student I-pad mini. Message says, "Ipad is disabled" connect to Itunes.
Hi - Very interested in getting I-tunes to restore from backup this I-pad mini. However, it won't recognize that I-pad is connected and directs me to enter numbers into the I-pad while the screen is blank, except for the message "I-Pad is disabled. C
-
Why ohhhhh why can I NOT get into the store? I have uninstalled and re-installed apps but nothing!! I can bring up my current music but cannot get into the store to purchase more!! Someone please HELP me. I'm soooooo ready to give up!!