We help IT Professionals succeed at work.

Unmount BootCamp Partition for all users including Standard and Network Users

Aelara asked
Hi, I am looking at ways to  Unmount the BootCamp Partition for all users including Standard and Network Users on OS X Yosemite. It needs to be a solution that works on Yosemite as some scripts designed to do this do not work and are designed for older versions of the OS. I do not want the Bootcamp drive to appear as a Drive on the Desktop or the finder as all Mac users can access the drive on a read only basis. Any data on the users profiles within the Windows bootcamp drive can be accessed and copied from the mac side by any user.

The aim is to secure dual boot Macs so that the Bootcamp partition is unmounted every time the Mac starts or users log into OS X. Hope this make sence as this is a huge security gap for anyone using dual boot Macs.

Regards, Aelara
Watch Question

Turn on Bitlocker in your Windows Bootcamp partition and you won't ever see the encrypted drive in OSX.  The same goes for Filevault, if you don't want people booting into Bootcamp to see your OSX partition.  If you have a corporate laptop, you should have those turned on in case your users lose the laptop or it gets stolen.

File encryption is the only sure way to do it.  If you run a script, any tech savvy individual can still load it up.  If you still want to run a script, create a shell script with this and you can use automator to  launch it.

/usr/sbin/diskutil unmount /Volumes/BOOTCAMP
exit 0

The above script will only work if you leave your default BOOTCAMP disk name unchanged.  Any user can technically remount the disk again, so it's security through obscurity.


I've requested that this question be deleted for the following reason:

No satisfactory solution was presented by the expert community.
There was no feedback from you about my suggestion.  What was wrong with it?  Are you not able to enable Bitlocker?

 If you do want actual security as you've mentioned, then you should enable bitlocker on the windows side.  This is the only secure way to do what you want.  Everything else is security through obscurity.  Any technically savvy individual can scan the system and discover any non-encrypted disk partition to mount it.


Many Thanks.
Were you able to use bitlocker and filevault to solve the problem?