Disable Internet Sharing

What the Internet Sharing Disabler does

This Automox Worklet™ disables the Internet Sharing feature on macOS endpoints. Internet Sharing allows a Mac to share its network connection with other endpoints via Wi-Fi, Bluetooth, Ethernet, or other interfaces, effectively turning the endpoint into a network router or hotspot.

The Worklet modifies the NAT configuration in com.apple.nat preferences to disable network address translation, which is the underlying technology that enables connection sharing.

apple.nat".

Why disable Internet Sharing

Internet Sharing creates a secondary network that may bypass corporate security controls including firewalls, web filters, and monitoring systems. Endpoints connecting through a shared connection appear to originate from the Mac rather than their actual source, complicating security logging and incident response.

An enabled Internet Sharing configuration could allow unauthorized endpoints to connect to your corporate network through an employee's endpoint. This creates both security and compliance risks, particularly in regulated environments.

Users who enable Wi-Fi hotspots using Internet Sharing may inadvertently expose network resources to nearby attackers. Disabling this feature eliminates the possibility of unauthorized hotspot creation on managed endpoints.

How Internet Sharing management works

1. Evaluation phase: The Worklet reads the NAT configuration from /Library/Preferences/SystemConfiguration/com.apple.nat and checks the Enabled flag. If the value contains 1, Internet Sharing is enabled and the endpoint is flagged for remediation.

2. Remediation phase: The Worklet uses defaults write to set the NAT Enabled value to 0 in the system configuration preferences. This disables Internet Sharing and stops any active connection sharing immediately.

Internet Sharing management requirements

• macOS endpoint (workstation or server)

• Validated on macOS Monterey, Big Sur, and Apple Silicon (M1) systems

• Administrative privileges for modifying system configuration

Expected sharing state after remediation

After running, Internet Sharing is disabled and any endpoints currently connected through the shared connection are disconnected. The endpoint can no longer act as a network router or Wi-Fi hotspot.

You can verify the setting in System Preferences > Sharing, where the Internet Sharing checkbox should be unchecked. The endpoint continues to use its own network connection normally but cannot share it with other endpoints.

How to validate disable internet sharing changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for disable internet sharing.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit.

4. Validate remediation effects from script operations such as defaults, exit, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for disable internet sharing. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit and remediation operations such as defaults, exit. Use these indicators to verify that endpoint changes match intended policy outcomes.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for disable internet sharing. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit and remediation operations such as defaults, exit. Use these indicators to verify that endpoint changes match intended policy outcomes.