Verify macOS full disk access status

Overview

Due to Apple privacy restrictions, administrators must grant full disk access permissions to the Code42 app to enable Incydr security monitoring and file preservation. This article shows you how to confirm full disk access permissions are configured correctly.

Confirm full disk access status

The Code42 API enables you to confirm if full disk access permissions are configured correctly for both a specific device and an entire organization.

The examples below assume basic familiarity with curl commands.

Single device

To check the status of a single device, use this as a template to create a command specific to your Code42 environment:

Copy to clipboardCopied!

curl -X GET \
  '<request_url>/api/v12/agent-state/view-by-device-guid?deviceGuid=<deviceGuid>&propertyName=<property_name>' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'Authorization: Bearer <auth_token>'

1. Replace <request_url> with the address of your Code42 environment (do not include the brackets in your request).
2. Replace <deviceGuid> with the numeric ID of the device you want to review (do not include the brackets in your request). To find this ID, view the device details in Code42 console and copy the numeric string listed under the device name.
3. Replace <property_name> with the value for your product plan (do not include the brackets in your request):
   • For Incydr Professional, Enterprise, Horizon, and Gov F2, use full_disk_access (requires agent version 1.5.0 or later)
   • For Incydr Basic, Advanced, and Gov F1, use fullDiskAccess 
4. Replace <auth_token> with an authentication token.
5. Execute the curl command in your command-line tool of choice. When prompted, enter your password.
6. Review the data object in the response. A value of true indicates full disk access is enabled. A value of false indicates full disk access is not enabled. The sample response below confirms full disk access is enabled for deviceGuid 1123581321345589144:

[{"deviceGuid":"1123581321345589144","name":"fullDiskAccess","value":"true"}]

All devices in an organization

To check the status of all devices in an organization, use this as a template to create a command specific to your Code42 environment:

Copy to clipboardCopied!

curl -X GET \
  '<request_url>/api/v12/agent-state/view-by-organization-id?orgId=<OrgID>&propertyName=<property_name>' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'Authorization: Bearer <auth_token>'

1. Replace <request_url> with the address of your Code42 environment (do not include the brackets in your request).
2. Replace <OrgID> with the numeric ID of the organization you want to review (do not include the brackets in your request). To find this ID, export a CSV file containing the organization's data and locate the orgId value in the exported file.
3. Replace <property_name> with the value for your product plan (do not include the brackets in your request):
   • For Incydr Professional, Enterprise, Horizon, and Gov F2, use full_disk_access (requires agent version 1.5.0 or later)
   • For Incydr Basic, Advanced, and Gov F1, use fullDiskAccess 
4. Replace <auth_token> with an authentication token.
5. Execute the curl command in your command-line tool of choice. When prompted, enter your password.
6. Review the data object for each device included in the response. A value of true indicates full disk access is enabled. A value of false indicates full disk access is not enabled. The sample response below indicates full disk access is enabled for the first device and not enabled for the second device:

{"deviceGuid":"1123581321345589144","name":"fullDiskAccess","value":"true"},{"deviceGuid":"23337761098715972584","name":"fullDiskAccess","value":"false"}

Related topics