Disable Media Sharing

What the Media Sharing Disabler does

This Automox Worklet™ disables Apple Home Sharing on macOS endpoints for all configured user accounts. Home Sharing allows Apple endpoints on the same network to stream and access music, movies, TV shows, and other media content from the endpoint's iTunes/Music library.

The Worklet checks each user's com.apple.amp.mediasharingd preferences for the home-sharing-enabled flag and disables it if enabled. It also clears the associated Apple ID information and restarts the media sharing daemon to apply changes.

Why restrict media sharing on macOS endpoints

Media sharing in macOS allows other endpoints on the local network to access photos, videos, and music stored on the endpoint. Attackers on the same network segment can exploit media sharing services to enumerate shared content, identify sensitive files, and potentially access data that should remain private to the endpoint user.

Organizations that prohibit unauthorized file sharing need to disable media sharing services. Even when users believe they are sharing only personal media files, misconfigurations can expose work documents, project folders, and confidential business information to other network users.

Disabling media sharing reduces your attack surface by eliminating unnecessary network services. Endpoints with media sharing disabled present fewer targets for network-based exploitation and reduce the risk of inadvertent data exposure through misconfigured sharing permissions.

How media sharing management works

1. Evaluation phase: The Worklet enumerates all user accounts in /Users (excluding Shared and system directories). For each user with a mediasharingd preferences file, it checks the home-sharing-enabled value. If any user has media sharing enabled (value of 1), the endpoint is flagged for remediation.

2. Remediation phase: The Worklet iterates through all users and uses defaults write (running as each user) to set home-sharing-enabled to 0 and clear the associated Apple ID credentials. It then terminates the mediasharingd process with killall to apply the changes immediately.

Media sharing management requirements

• macOS endpoint (workstation or server)

• Administrative privileges for accessing user preferences and terminating processes

• Applies to all user accounts on the endpoint

Expected media sharing state

After remediation, macOS endpoints stop advertising media sharing services on the local network. Other endpoints can no longer browse or access photos, videos, and music stored on the endpoint. The sharing service remains disabled even if users attempt to re-enable it manually, maintaining consistent security policy enforcement.

The Worklet verifies successful remediation through its evaluation check. IT operations teams can confirm media sharing is disabled across their fleet by reviewing Worklet execution results in the Automox console.

How to validate disable media sharing changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for disable media sharing.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit, else.

4. Validate remediation effects from script operations such as sudo, killall, else, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for disable media sharing. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit, else and remediation operations such as sudo, killall, else. Use these indicators to verify that endpoint changes match intended policy outcomes.