Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Configure the Accessory & Storage Access Library Item

            By Emalee Firestein

            Learn how to configure the Accessory & Storage Access Library Item

            Kandji's Accessory & Storage Access Library Item allows you, as the device or security administrator, to define access privileges and controls for external storage volumes, server volumes, and DMG file types on macOS devices.  

            The Endpoint Detection & Response add-on is required to use this Library Item. However, the Avert Library Item is not required to be assigned to the device Blueprint to deploy this Library Item.

            Add an Accessory & Storage Access Library Item

            1. In the left-hand navigation bar, navigate to Library.
            2. In the upper right corner, click the "+ Add new" button.
            3. In the Endpoint Security section, select Accessory & Storage Access and click the Add & Configure button.
            4. Set a title for this Library Item.
            5. Click Select Blueprint and assign one or more Blueprints to use this Library Item, or toggle All Blueprints. Yq02N8K7kOc5nuR-_YbNusOoDoIZY6He9w

            External volumes

            The External volumes section allows you to manage access privileges for external storage devices such as USB, CD, and DVD drives connected to the accessory port and memory cards (SD, SDXC) inserted in the SD card slot. To manage access for external volumes, follow the steps below.

            The Require encryption and Require admin password to access settings are only available for Read & Write and Read only access privileges.
            1. Turn on management for external volumes.
            2. Choose the desired access privileges for external volumes from the Access privileges menu. The available options are: Read & Write, Read only, or No access.
              1. Optionally, select Require encryption to ensure only encrypted volumes are mounted.
              2. Optionally, select Require admin password to access to prompt users for an admin password to access content.
            3. Select All users to apply the access privileges to all users, including admin, or select Standard users to apply the access privileges only to standard users.
            4. Optionally, select Display alert messages to alert users when the mounting of external volumes are blocked. Note, this setting is forced on when Require admin password to access is selected.BylCixaksvL2hNh_uH4ez_nQXslfX0rjgQ

            Disk images

            The Disk images section allows you to manage access privileges for DMG file types. To manage access for disk images, follow the steps below. Disk image settings specified here will apply to all DMG mounts on the device, including those in scripted automated workflows and in-app DMG mounts such as Google Chrome's Auto Update Agent.

            The Require admin password to access setting is only available for Read & Write and Read only access privileges.
            1. Turn on management for disk images.
            2. Choose the desired access privileges for disk images from the Access privileges menu. The available options are: Read & Write, Read only, or No access
              1. Optionally, select Require admin password to access to prompt users for an admin password to access content.
            3. Select All users to apply the access privileges to all users, including admin, or select Standard users to apply the access privileges only to standard users.
            4. Optionally, select Display alert messages to alert users when the mounting of disk images is blocked. Note, this setting is forced on when Require admin password to access is selected.4ZnF8-asPD0L4xHOcp5WrdNUun3semwdGQ

            Server Volumes

            The Server volumes section allows you to manage access privileges for server volume mounts such as SMB shares. To manage access for server volumes, follow the steps below.

            Any external, server and DMG volumes previously mounted on the device prior to the deployment of this Library Item will not be managed by Kandji until these items are unmounted and a re-mount is attempted.
            1. Turn on management for server volumes.
            2. Choose the desired access privileges for disk images from the Access privileges menu. The available options are: Read & Write or No access.
            3. Select All users to apply the access privileges to all users, including admin, or select Standard users to apply the access privileges only to standard users.
            4. Optionally, select Display alert messages to display alert messages to users when the mounting of external volumes is blocked.16ZAM8Zt4tsMyYfg8d1xvG8Iwh2zRot0LA
            5. Click the Save button to save the Accessory & Storage Library Item to your Library.

            Restricted Mode on Apple Silicon

            On a Mac with Apple silicon running macOS 13+ and depending on the device's Privacy & Security settings, when new or unknown USB accessories are used, the user may get an alert asking whether or not the USB accessory should be allowed to connect. This is known as Restricted Mode on macOS and is independent of Device alert settings in this Library Item. Restricted Mode can be managed with the Allow USB accessories while device is locked setting in the Restrictions Library item. See this Apple support article for more details.

            Preview
            0 of 0