Leave a comment

My Apple Mobile Device stopped charging over USB on W10!

secRMM has always been able to offer a feature that blocks mobile devices (well, any removable storage for that matter) from mounting their file system to Windows when Apple_Mobile_Deviceattached over USB but still lets it pull power from the USB port.  This is the best of both worlds for the end-user and the security administrator because the end-user can still charge their mobile device and/or listen to their music while the security administrator can be assured that the end-user cannot copy files to the device.  Regardless of secRMM, Apple has made it pretty difficult to transfer files to the Apple device.  However, secRMM comes with GUI programs that exposes more of the Apple mobile devices file system, allowing the end-user to copy files to and from the device into their app data directory(s).  That is contradictory to secRMMs security features but some organizations require file transfer functionality to Apple devices, especially if they have large amounts of data to transfer.  The secRMM GUI still adheres to the secRMM security policies (of course).  That is not the subject of this blog however.

SCCM

We received a support incident from one of our customers.  He said that when they upgraded to Windows 10, their users were complaining that their Apple devices stopped pulling power when connected to the USB port.  Searching the Internet took us to https://discussions.apple.com/thread/6773753?start=0&tstart=0.  If you do a text search in your browser (once you are on the URL) for “Fix 2:”, you will see how to fix the issue.  There were lots of responses to the suggested fix, from SCCM Administrators.  So, we knew we had to pursue this approach.  

We did end up making a SCCM script application since the fix had to be implemented on all the W10 machines in the environment.  Below is the CMD script that we deployed via SCCM.  You need to make sure that the two Apple MSI files (appleapplicationsupport64.msi and applemobiledevicesupport6464.msi) are in the same directory as the script.  I am sure someone out there will be able to offer improvements to the script…so we are anxious to hear from you!

In summary, secRMM continues to help IT organizations and security professionals manage the events around removable storage, especially mobile technology but sometimes, you have to tweak the environment!  Please let us know what you think.

 

 

@ECHO OFF
REM **************************************************************************
REM
REM Module: AppleDriverFix.cmd version 3
REM
REM Purpose: Fix registry so that apple device drivers can be upgraded
REM
REM Reason: On W10, if the apple drivers are not loaded and the apple
REM mobile device is not mounted to the W10 OS but physically
REM connected with a USB cable, the apple mobile device does not
REM charge (i.e. pull power thru the USB cable). This will happen
REM if you use the “Enforce when device is plugged in” on one of
REM the secRMM policy(s).
REM
REM Copyright (c) 2017 Squadra Technologies
REM
REM **************************************************************************
setlocal EnableExtensions EnableDelayedExpansion
set regkeyroot=HKEY_CLASSES_ROOT\Installer\Products
set regvalue=ProductName
set regvalue2=Version
set regvaluevaluetofind=Apple Application Support (64-bit)
set secRMMVersionFix=3
set AppleInstall1=”%~dp0%appleapplicationsupport64.msi”
set AppleInstall2=”%~dp0%applemobiledevicesupport6464.msi”
REM set logToNetworkShare=
set logToNetworkShare=\\Server1\Apps\SysUtils\SecRMM\AppleDriverFixLogs\
if “%logToNetworkShare%” == “” (
set log=”%~dp0%COMPUTERNAME%_%~n0.log”
) else (
set log=”%logToNetworkShare%%COMPUTERNAME%_%~n0.log”
)
set regfile=”%~dp0%~n0.reg”
if exist %log% del %log%
if exist %regfile% del %regfile%
@echo %COMPUTERNAME% > %log%
call :GetAppleApplicationSupportProduct
if defined regkey (
@echo Found registry key !regkey! as !regvaluevalue! >> %log%
call :GetAppleApplicationSupportVersion
if defined regvalueVersion (
@echo Found registry value %regvalue2% value as !regvalueVersion! >> %log%
IF EXIST %AppleInstall1% (
IF EXIST %AppleInstall2% (
if NOT “!regvalueVersion!” == “0x0” (
CALL :UpdateRegistry 0
if !UpdatedRegistry! EQU 0 (
call :CallMsiexecForAppleDrivers
) else (
@echo Registry fix for %regkey% failed >> %log%
)
) else (
echo regkey Version is already 0 !regvalueVersion! >> %log%
CALL :UpdateRegistry 1
if !UpdatedRegistry! EQU 0 (
call :CallMsiexecForAppleDrivers
) else (
@echo Registry fix for %regkey% failed >> %log%
)
)
) ELSE (
@echo %AppleInstall2% NOT FOUND. >> %log%
)
) ELSE (
@echo %AppleInstall1% NOT FOUND. >> %log%
)
) else (
echo regkey Version is not found >> %log%
)
) else (
echo regkey is not found >> %log%
)
exit /b 0
REM ==========================================================================
:GetAppleApplicationSupportProduct
FOR /F “usebackq tokens=1-2,*” %%A IN (`REG QUERY %regkeyroot% /F %regvalue% /s`) DO (
IF “%%B” == “” (
SET regkey=%%A
) ELSE (
SET regvalue1=%%A
SET regdatatype=%%B
SET regvaluevalue=%%C
IF “!regvaluevalue!” == “!regvaluevaluetofind!” (
goto :FoundRegKey
)
)
)
:FoundRegKey
exit /b 0
REM ==========================================================================
:GetAppleApplicationSupportVersion
FOR /F “usebackq skip=2 tokens=1-2,*” %%A IN (`REG QUERY %regkey% /F %regvalue2%`) DO (
set regvalueVersion=%%C
goto :FoundVersion
)
:FoundVersion
exit /b 0
REM ==========================================================================
:UpdateRegistry
echo Windows Registry Editor Version 5.00 > %regfile%
echo( >> %regfile%
echo ^; ProductName=Apple Application Support ^(64-bit^) fix 5010000 >> %regfile%
echo [%regkey%] >> %regfile%
if “%1″==”0” (echo “Version”=dword:0 >> %regfile%)
echo “secRMMVersionFix”=dword:%secRMMVersionFix% >> %regfile%
@echo Calling reg import. >> %log%
REG.exe IMPORT %regfile% > nul 2>&1
if %ERRORLEVEL% EQU 0 (
@echo Registry fix for %regkey% succeeded >> %log%
set UpdatedRegistry=0
) else (
set UpdatedRegistry=1
)
exit /b !UpdatedRegistry!
REM ==========================================================================
:CallMsiexecForAppleDrivers
IF EXIST %AppleInstall1% (
IF EXIST %AppleInstall2% (
set MsiexecAppleInstall1=msiexec /i %AppleInstall1% /quiet
set MsiexecAppleInstall2=msiexec /i %AppleInstall2% /quiet
@echo %MsiexecAppleInstall1% >> %log%
%MsiexecAppleInstall1%
@echo %MsiexecAppleInstall2% >> %log%
%MsiexecAppleInstall2%
) ELSE (
@echo %AppleInstall2% NOT FOUND. >> %log%
)
) ELSE (
@echo %AppleInstall1% NOT FOUND. >> %log%
)
exit /b 0
REM ==========================================================================
:EOF
endlocal
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: