Forcing your Macs to unmount external drives in read-only mode is an important security tool. This article covers creating a Custom Software item that will force devices to unmount external drives with read-only permissions.
1. Download the files located on the bottom of this article.
2. Go to Policies -> Catalog -> Custom Software -> Add Software.
3. Give it an appropriate title like "Read-Only" and Version 1.0.0. Then click on the Create button.
4. Select the Add File button in the "Upload Files" box.
5. Then select Upload file button.
6. Afterwards, select first Select files to upload button. Once you have chosen your desired file, select the Upload button. Here you can only upload one file at a time.
7. Then click on the boxes on the left side of your File name to choose them and then select the Select button.
8. In the Installation Script field copy and paste the following commands:
cp "/Library/Addigy/ansible/packages/Read-Only (1.0.0)/com.addigy.agent-unmount.plist" "/Library/LaunchDaemons/" cp "/Library/Addigy/ansible/packages/Read-Only (1.0.0)/unmount_all_external_drives.py" "/Library/Addigy" launchctl load "/Library/LaunchDaemons/com.addigy.agent-unmount.plist"
9. In the Conditions field copy and paste the following command into the Condition Scripts field:
/bin/ls "/Library/LaunchDaemons/com.addigy.agent-unmount.plist"
10. In the Remove Script field copy and paste the following command:
launchctl unload "/Library/LaunchDaemons/com.addigy.agent-unmount.plist" rm -f "/Library/LaunchDaemons/com.addigy.agent-mount.plist" "/Library/Addigy/unmount_all_external_drives.py"
Then select Save Changes -> Review Changes -> Confirm Changes.
Note: Please take a moment to look over the script instructions.
11. You can now deploy the new Custom Software by starting a GoLive session in the Devices page. Then select Deployments -> Custom Software.