Forum Discussion

ahmacaulay's avatar
ahmacaulay
Copper Contributor
Sep 18, 2023

Secure Score - Secure Home Folders in macOS

I've performed the recommended manual remediation action (sudo chmod -R og-rw /Users/) on my Macs but Secure Score doesn't recognize it.  I have noticed this occurring for a few item.  We have also remediated some things through InTune but still seem to have no movement on the SecureScore.  Is this a glitch within or am I missing something altogether.

 

Thanks

  • BrandonJ365's avatar
    BrandonJ365
    Brass Contributor
    Did you ever figure this one out? I've got a script based on CIS benchmark 5.1.1 which is securing the folders yet it's not reflected in Secure Score.
    • Kristian_McFly's avatar
      Kristian_McFly
      Copper Contributor
      Please let me know if someone has got this reflected in Secure Score. 🫡
      • BrandonJ365's avatar
        BrandonJ365
        Brass Contributor
        I finally got it working. The issue is stupidity on Microsoft's part in their testing of the home folders. Apparently, their Department of Infinite Wisdom feels that the "Shared" folder should be locked down as well! The CIS benchmark specifically excludes the "Shared" folder because...you know....it's SUPPOSED to be available to all users! I first tested by manually setting the permissions for shared on my own Mac and waited until the next day to see if it was reflected. Sure enough, it is. In my case, I had to leave "execute" permissions available on "Shared" due to the software for my docking station having its config file stored there. It appears the Secure Score test finds that acceptable.
  • JuliusPIV's avatar
    JuliusPIV
    Brass Contributor
    Hey ahmacaulay
    We have not yet implemented this particular Secure Score recommendation, but it's coming, and this is a little concerning. Are you doing this just to your machine or to a number of machines? Have you opened a case with Microsoft yet?

Resources