Disable Creating .DS_Store Files on Network Volumes

What the DS_Store Prevention Worklet does

This Automox Worklet™ prevents macOS Finder from creating .DS_Store files on network-mounted volumes by setting the DSDontWriteNetworkStores preference to true. DS_Store files contain Finder metadata including view settings, icon positions, and folder attributes.

While these files are invisible by default on Mac systems, they appear as regular files on Windows and Linux systems, cluttering network shares and potentially exposing information about directory contents and user browsing patterns.

apple.desktopservices".

Why prevent DS_Store files on network volumes

Metadata files can reveal information about folder contents and structure even when the actual files have been deleted, creating information disclosure risks. .DS_Store files can reveal information about folder contents and structure even when the actual files have been deleted. In security-sensitive environments, these metadata files could leak information about confidential directories or project names.

On shared network drives used by Windows and Linux systems, .DS_Store files appear as visible clutter. This creates confusion for non-Mac users and can interfere with scripts or applications that process directory contents.

Web servers that inadvertently serve .DS_Store files have exposed directory structures to attackers. Preventing their creation on network volumes reduces the risk of accidental publication of sensitive metadata.

How DS_Store prevention works

1. Evaluation phase: The Worklet reads the DSDontWriteNetworkStores value from /Library/Preferences/com.apple.desktopservices. If the value is not set to true (or 0 in boolean representation), the endpoint is flagged for remediation. Missing or false values indicate that .DS_Store creation is still enabled on network volumes.

2. Remediation phase: The Worklet uses defaults write to set DSDontWriteNetworkStores to true in the desktopservices preferences. The change takes effect for new Finder sessions and network volume mounts. Existing .DS_Store files on network volumes are not removed.

DS_Store prevention requirements

• macOS endpoint (workstation or server)

• Administrative privileges for modifying system preferences

• Setting applies to SMB, AFP, and NFS network volumes

Expected Finder behavior after remediation

After running, Finder stops creating new .DS_Store files on network-mounted volumes. Local drives continue to have .DS_Store files created normally, preserving Finder view preferences on the local system. This selective prevention reduces information disclosure on shared network drives while maintaining local functionality.

Existing .DS_Store files on network volumes remain until manually deleted. Users may notice that custom Finder view settings on network folders are not persisted between sessions, as this metadata is no longer stored. This trade-off eliminates the security risk of metadata leakage on network shares.

How to validate disable creating .ds_store files on network volumes changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for disable creating .ds_store files on network volumes.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit.

4. Validate remediation effects from script operations such as defaults, else, exit, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for disable creating .ds_store files on network volumes. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit and remediation operations such as defaults, else, exit. Use these indicators to verify that endpoint changes match intended policy outcomes.