Parameters

What are World Writeable Files? World writable files in macOS are files or directories that any user on the system can modify. While this might seem convenient, it poses significant security risks. Any user, including those with malicious inte...

The Create user accounts  parameter can be used to create both Standard and Administrator user accounts. This parameter is especially useful as the user accounts can be created in this state from device setup without the need to change the acc...

What is the Demote User Accounts Parameter ? The "Demote user accounts to Standard" parameter changes all local accounts to standard users. This is particularly useful when you want to limit access to Administrator-level controls, such as for NIST...

By default, macOS allows a Guest user account that grants access to the general macOS system and apps without login credentials. The Guest user is considered a security vulnerability because it does not have a password. It is recommended ...

Overview The "Monitor encryption status of Time Machine volumes" Parameter triggers an alert if devices are using Time Machine to back up to an unencrypted local disk. As with all parameters, it is ideal to test changes before deploying them to...

About using iCloud to unlock FileVault macOS allows users to store Recovery Keys with their iCloud account. This is not recommended for enterprise-owned Mac devices, as it's possible that an unknown party can retrieve keys. This...

The "Restart after x number of days of continuous uptime" will force a device to restart once the set number of days of uptime has been reached.  Enabling the Parameter Once you are in the Classic Blueprint you wish to edit and have ...

What is umask? The umask (user file-creation mode mask) is a command in Unix that sets default permissions for new files and directories. It essentially dictates which permission bits will not be set when a file or directory is created, thus cont...