OS X 10.11.6: Managing Bonjour advertisement via a management profile
Originator: | howard.griffith | ||
Number: | rdar://27953033 | Date Originated: | 22-Aug-2016 12:53 PM |
Status: | Open | Resolved: | |
Product: | OS X | Product Version: | OS X 10.11.6 (15G31) |
Classification: | Security | Reproducible: | Always |
This is a duplicate of rdar://27952362 Summary: On OS X 10.11.x and later, the method of disabling Bonjour advertisement changed due to SIP no longer allowing the following plist to be edited: /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist After doing some research, it looks like the Bonjour advertisement function can be disabled by running the following command with root privileges: defaults write /Library/Preferences/com.apple.mDNSResponder.plist NoMulticastAdvertisements -bool YES However, it does not appear that I can manage this with a profile. Steps to Reproduce: 1. Install profile 2. Check NoMulticastAdvertisements value in /Library/Managed Preferences/com.apple.mDNSResponder.plist Expected Results: /Library/Managed Preferences/com.apple.mDNSResponder NoMulticastAdvertisements is set to True Bonjour advertisement function is disabled Actual Results: /Library/Managed Preferences/com.apple.mDNSResponder NoMulticastAdvertisements is set to True Bonjour advertisement function is not disabled Regression: Running the defaults command listed above sets the following value: /Library/Preferences/com.apple.mDNSResponder.plist NoMulticastAdvertisements is set to True Bonjour advertisement function is disabled Notes: I have more information on this issue available here: https://derflounder.wordpress.com/2016/08/22/disabling-bonjour-advertisement-on-os-x-el-capitan-and-later/ I have a sample management profile available here: https://github.com/rtrouton/profiles/tree/master/DisableBonjourAdvertisement
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!