Re: [Fed-Talk] Disable Airport/Bluetooth/
Re: [Fed-Talk] Disable Airport/Bluetooth/
- Subject: Re: [Fed-Talk] Disable Airport/Bluetooth/
- From: "Timothy J. Miller" <email@hidden>
- Date: Tue, 26 May 2009 15:10:14 -0500
Chuck Bishop wrote:
One my clients has begun to switch over to MACs exclusively and has
tasked me with securing them to conform for open-secret use. He is
buying Mac Mini's with Leopard installed I need to remove not just
disable Airport, remove Bluetooth and IR support he also wants the
option to reinstall Airport at will with a button for when employees go
out into the field.
I'm curious: How exactly is the Mac mini field portable? Doesn't that
external monitor and keyboard just become a PITA? ;)
Now if you'd said Macbook, I'd understand.
I want the script to run at startup and by default perform the above
procedures, prior to login. Like a machine script in Windows. Then the
user logs in and can reinstall Airport if needed. Bluetooth and IR
remain disabled.
This is my first attempt at a script, I put in the rc.local file. Could
anyone please offer suggestions on how better to resolve this? The
scripts works and provides affirmation to the users desktop. However I
cannot figure out how to re-enable the Airport without rebooting (thus
starting the script again)
The problem with this approach is that anyone with privs (obtained
normally or via exploit--local *or* remote) can simply run kextload and
undo everything. Every open-storage classified facility I've ever been
in requires a hardware disablement--remove the card, flip a switch,
etc., or in some cases disable hardware in BIOS. As far as I know, this
isn't possible with the current generation of Apple machines without
making it permanent (i.e., opening up the case and detaching/cutting
ribbon cables). The days of lifting off the iBook keyboard and pulling
the Airport card out are long over, for good or ill.
Oddly enough, the Dell Mini 9 can disable Bluetooth and (I think)
wireless in the BIOS, and is considered an ideal platform for
Hackintoshing. Not that I would *ever* recommend violating Apple's OS X
license like that, no matter how trivially easy it is. :)
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden