anyone have a way to only allow admin users to launch certain applications only? IE, Terminal, System preferences? Is that possible via a policy?
Question
Assignment of apps to admins only
+11+10You can change permissions on the application to not allow execute for anyone but the admin group. If you want to do this in a policy run the command via script in a policy.
+11BostonMac,
I appreciate your reply. macOS Sierra does not seem to allow the permissions or ownership changes on Terminal.app due to SIP restrictions. It falls under the last item in the list below. This is a real bummer.
Paths and applications protected by System Integrity Protection include:
/System
/usr
/bin
/sbin
Apps that are pre-installed with OS X
+11I was able to get this going by creating a restriction for the Terminal.app then excluding my admin users. It's not pretty but it does exactly what I need it to do.
Keith
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.