Following Apple's Configuration Profile Preference, we set "authenticate" for "harddisk-internal" on "mount-controls" on "allowed media payload".
After user login, we open Disk Utility and select a internal disk and then click mount, it will prompt an authentication dialog that shows "macOS wants to make changes. Enter an administrator's name and password to allow this." It is expected.
But as long as we wait for some time on authentication dialog, the disk will be mounted. The authentication is bypassed.
Beside, on this situation, the action "read-only" also be ignored.
This should be a BUG.
After user login, we open Disk Utility and select a internal disk and then click mount, it will prompt an authentication dialog that shows "macOS wants to make changes. Enter an administrator's name and password to allow this." It is expected.
But as long as we wait for some time on authentication dialog, the disk will be mounted. The authentication is bypassed.
Beside, on this situation, the action "read-only" also be ignored.
This should be a BUG.