Forcing your Macs to mount external drives in read-only mode can be a powerful security tool. This article covers creating a Custom Software item that will force devices to mount external drives with read-only permissions.
1. Download the files attached to this article.
2. Go to Policies -> Catalog -> Custom Software -> Add Software.
3. Give it an appropriate title like "Read-Only" and the Version 1.0.0.
4. Select the Add File button in the "Upload Files" box.
5. Then select Upload file.
6. Afterward, select first Select files to upload button. Once you have chosen your desired file, select the Upload button. Here you can only upload one file at a time.
7. After uploading the files, your "Files" list should appear as so. Then click on the boxes on the left side of your Filename to choose them and select the Select button to complete the attachment.
8. In the Installation Script field copy and paste the following commands:
cp "/Library/Addigy/ansible/packages/Read-Only (1.0.0)/com.addigy.agent-mount.plist" "/Library/LaunchDaemons/" cp "/Library/Addigy/ansible/packages/Read-Only (1.0.0)/mount_readonly.py" "/Library/Addigy" launchctl load "/Library/LaunchDaemons/com.addigy.agent-mount.plist"
9. In the Condition Script field copy and paste the following commands:
[ ! -f /Library/LaunchDaemons/com.addigy.agent-mount.plist ]
10. In the Remove Script field copy and paste the following command:
launchctl unload "/Library/LaunchDaemons/com.addigy.agent-mount.plist" rm -f "/Library/LaunchDaemons/com.addigy.agent-mount.plist" "/Library/Addigy/mount_readonly.py"
Then select Save Changes -> Review Changes -> Confirm Changes.
Note: Please take a moment to look over the script instructions.
You can now deploy this new Custom Software by starting a GoLive session and going to Deployments -> Custom Software.