Forcing your Macs to mount external drives in read-only mode can be a powerful security tool. This article covers creating a Custom Software item that will force devices to mount external drives with read-only permissions.


1. Download the files attached to this article.


2. Go to Policies -> Catalog -> Custom Software -> Add Software.   



3. Give it an appropriate title like "Read-Only" and the Version 1.0.0.



4. In the Upload Files section, select Add Files.


5. Select the Upload button in the top right-hand side of the modal window and drag in the two files attached to this article. Then, select the files and click the Select button.



6. In the Installation Script field copy and paste the following commands:


cp "/Library/Addigy/ansible/packages/Read-Only (1.0.0)/com.addigy.agent-mount.plist" "/Library/LaunchDaemons/" 
cp "/Library/Addigy/ansible/packages/Read-Only (1.0.0)/mount_readonly.py" "/Library/Addigy"
launchctl load "/Library/LaunchDaemons/com.addigy.agent-mount.plist"


7. In the Conditions field copy and paste the following command into the Condition Scripts field:


/bin/ls "/Library/LaunchDaemons/com.addigy.agent-mount.plist"



8. In the Remove Script field copy and paste the following command:


launchctl unload "/Library/LaunchDaemons/com.addigy.agent-mount.plist"
rm -f "/Library/LaunchDaemons/com.addigy.agent-mount.plist" "/Library/Addigy/mount_readonly.py"

  

Then select Save Changes -> Review Changes -> Confirm Changes.


Note: Please take a moment to look over the script instructions.


You can now deploy this new Custom Software by starting a GoLive session and going to Deployments -> Custom Software.