Configure the Accessory & Storage Access Library Item

By Michael Mutch

Learn how to configure the Accessory & Storage Access Library Item

Kandji's Accessory & Storage Access Library Item allows you, as the device or security administrator, to define access privileges and controls for external storage volumes, server volumes, and DMG file types on macOS devices.  

The Endpoint Detection & Response SKU add-on is required to use this Library Item. However, the Avert Library Item is not required to be assigned to the device Blueprint to deploy this Library Item.

Add an Accessory & Storage Access Library Item

  1. In the left-hand navigation bar, navigate to Library.
  2. In the upper right corner, click the "+ Add new" button.
  3. In the Endpoint Security section, select Accessory & Storage Access and click the Add & Configure button.
  4. Set a title for this Library Item.
  5. Click Select Blueprint and assign one or more Blueprints to use this Library Item, or toggle All Blueprints. Yq02N8K7kOc5nuR-_YbNusOoDoIZY6He9w

External volumes

The External volumes section allows you to manage access privileges for external storage devices such as USB, CD, and DVD drives connected to the accessory port and memory cards (SD, SDXC) inserted in the SD card slot. To manage access for external volumes, follow the steps below.

  1. Turn on management for external volumes.
  2. Choose the desired access privileges for external volumes from the Access privileges menu. The available options are: Read & Write, Read only, or No access.
    1. Optionally, select Require encryption to ensure only encrypted volumes are mounted.
    2. Optionally, select Require admin password to access to prompt users for an admin password to access content.
  3. Select All users to apply the access privileges to all users, including admin, or select Standard users to apply the access privileges only to standard users.
  4. Optionally, select Display alert messages to alert users when the mounting of external volumes are blocked. Note, this setting is forced on when Require admin password to access is selected.BylCixaksvL2hNh_uH4ez_nQXslfX0rjgQ
The Require encryption and Require admin password to access settings are only available for Read & Write and Read only access privileges.

Disk images

The Disk images section allows you to manage access privileges for DMG file types. To manage access for disk images, follow the steps below.

  1. Turn on management for disk images.
  2. Choose the desired access privileges for disk images from the Access privileges menu. The available options are: Read & Write, Read only, or No access
    1. Optionally, select Require admin password to access to prompt users for an admin password to access content.
  3. Select All users to apply the access privileges to all users, including admin, or select Standard users to apply the access privileges only to standard users.
  4. Optionally, select Display alert messages to alert users when the mounting of disk images is blocked. Note, this setting is forced on when Require admin password to access is selected.4ZnF8-asPD0L4xHOcp5WrdNUun3semwdGQ

The Require admin password to access setting is only available for Read & Write and Read only access privileges.

Disk image settings specified here will apply to all DMG mounts on the device, including those in scripted automated workflows and in-app DMG mounts such as Google Chrome's Auto Update Agent.

Server volumes

The Server volumes section allows you to manage access privileges for server volume mounts such as SMB shares. To manage access for server volumes, follow the steps below.

  1. Turn on management for server volumes.
  2. Choose the desired access privileges for disk images from the Access privileges menu. The available options are: Read & Write or No access.
  3. Select All users to apply the access privileges to all users, including admin, or select Standard users to apply the access privileges only to standard users.
  4. Optionally, select Display alert messages to display alert messages to users when the mounting of external volumes is blocked.
  5. Click the Save button to save the Accessory & Storage Library Item to your Library.16ZAM8Zt4tsMyYfg8d1xvG8Iwh2zRot0LA
Any external, server and DMG volumes previously mounted on the device prior to the deployment of this Library Item will not be managed by Kandji until these items are unmounted and a re-mount is attempted.
On a Mac with Apple silicon running macOS 13+ and depending on the device's Privacy & Security settings, when new or unknown USB accessories are used, the user may get an alert asking whether or not the USB accessory should be allowed to connect. This is known as Restricted Mode on macOS and is independent of Device alert settings in this Library Item. Restricted Mode can be managed with the Allow USB accessories while device is locked setting in the Restrictions Library item. See this Apple support article for more details.