Jamf Nation Community

walts_9 · ‎10-18-2017

I've been making my way through configuring CIS benchmark restrictions. I've been able to find ways to implement turning off all other sharing preferences in the System Preferences > Sharing Pane, but Bluetooth sharing has been a bit off.

My goal is to either disable bluetooth sharing by configuration profile or policy and then set a restriction for the sharing pan altogether. I can't seem to find a way to disable bluetooth sharing through the terminal for macOS Sierra using the "defaults" command. I've also tried disabling it through a custom configuration profile, but have not been able to locate what domain this setting is a part of or what value is needed to disable it.

Any tips?

golbiga · ‎10-18-2017

Have you checked out Jamf Professional service's CIS Settings?

Allen

bmodesitt · ‎10-18-2017

This one is trickier than your typical defaults write, since it's a user-level ByHost plist. Here's a quick and dirty script:

#!/bin/bash

hardwareUUID=$(system_profiler SPHardwareDataType | grep 'Hardware UUID:' | cut -d: -f2 | tr -d ' ')
user_homes=($(ls /Users))
for user_name in ${user_homes[@]}; do
        plist_file="/Users/$user_name/Library/Preferences/ByHost/com.apple.bluetooth.$hardwareUUID.plist"
        if [ -f "$plist_file" ]; then
            echo "Writing settings for $user_name.."
            defaults write "$plist_file" PrefKeyServicesEnabled -bool false
            chown $user_name $plist_file
        fi
done
killall blued

walts_9 · ‎10-19-2017

@golbiga Hmmm I have not seen that yet. I'll do some testing. I played around with it a bit and was having some issues re-mediating a few things. Unfortunately, bluetooth was one of the things I had trouble re-mediating. I'll keep testing though.

@bmodesitt hmm this seemed to work. I'll have to take a look at a few of these commands and your workflow. This is a good teachable moment seeing as I'm a beginner at scripting.

Jamf Nation Community

CIS Benchmark 2.4.7 Disable Bluetooth Sharing