Forum Discussion
ahmacaulay
Sep 18, 2023Copper Contributor
Secure Score - Secure Home Folders in macOS
I've performed the recommended manual remediation action (sudo chmod -R og-rw /Users/) on my Macs but Secure Score doesn't recognize it. I have noticed this occurring for a few item. We have also remediated some things through InTune but still seem to have no movement on the SecureScore. Is this a glitch within or am I missing something altogether.
Thanks
- BrandonJ365Brass ContributorDid you ever figure this one out? I've got a script based on CIS benchmark 5.1.1 which is securing the folders yet it's not reflected in Secure Score.
- Kristian_McFlyCopper ContributorPlease let me know if someone has got this reflected in Secure Score. 🫡
- BrandonJ365Brass ContributorI finally got it working. The issue is stupidity on Microsoft's part in their testing of the home folders. Apparently, their Department of Infinite Wisdom feels that the "Shared" folder should be locked down as well! The CIS benchmark specifically excludes the "Shared" folder because...you know....it's SUPPOSED to be available to all users! I first tested by manually setting the permissions for shared on my own Mac and waited until the next day to see if it was reflected. Sure enough, it is. In my case, I had to leave "execute" permissions available on "Shared" due to the software for my docking station having its config file stored there. It appears the Secure Score test finds that acceptable.
- JuliusPIVBrass ContributorHey ahmacaulay
We have not yet implemented this particular Secure Score recommendation, but it's coming, and this is a little concerning. Are you doing this just to your machine or to a number of machines? Have you opened a case with Microsoft yet?