Skip to main content

Hey Folks,



CEO has a raging paranoia about Skype being used for nefarious purposes, so I have been tasked with using our MDM to block it from our users on company devices.



I already setup a policy about forbidding the Skype.app if installed onto machines, but Microsoft has one upped me and made the chat client available via a web portal.



I thought I'd be able to simply block the web address (using Parental Controls), but unfortunately that same web address is tied to our installations of Microsoft Office and a bunch of warnings drop from the Parental Control policy about how it's blocking a bunch of other apps in the MS Office suite as well. And these warnings are dropped on the users, which freaked them out because it was saying that it was blocking Excel, and our accounting department had a conniption.



So, I'm looking to not only block the App, but the web portal for it too. Is there a good way to tackle this via JAMF? Or would I be better served trying another tactic with another section of infrastructure? I can't simply block it from the gateway on our network, as we have Satellite offices all over the USA that aren't connected to our network, and that we have no control over their internet access due to them being rented tech spaces.



As usual, thanks in advance for your help!

Parental controls is probably blocking the certificate tied to the url. I know I had the same issues with trying to block youtube that way but google would be blocked as well.



Something you could do is modify /etc/hosts and point the url to 127.0.0.1 instead. I have a script that will do this for you using script parameters.



#!/bin/bash

# Please test before using in your environment

##########################################################

# Modified from

# https://www.jamf.com/jamf-nation/discussions/18184/how-to-update-host-file-via-composer

#

# Use Jamf Script Parameter 4 for domain ("youtube.com") and 5 for subdomain ("images".google.com(No period needed)) and 6 for

# file (/etc/hosts)



# Set base variables

domain=""

subdomain=""

filename=""

SUCCESS=0



# Setup Jamf variables

if [ "$4" != "" ] && [ "$domain" = "" ] 

   then 

    domain="$4"

fi



if [ "$4" = "" ] && [ "$domain" = "" ]

    then

        echo "No Domain Variable Configured"

        exit 1

fi      



if [ "$5" != "" ] && [ "$subdomain" = "" ]

    then subdomain="$5"

fi



if [ "$5" = "" ] && [ "$subdomain" = "" ]

    then

        echo "No subdomain Variable Configured, continuing anyway."

fi



if [ "$6" != "" ] && [ "$filename" = "" ]

    then filename="$6"

fi



if [ "$6" = "" ] &&  [ "$filename" = "" ]

    then

        echo "No filename Variable Configured"

        exit 1

fi



#Set Needle Variable

if [ "$subdomain" = "" ]

    then

        needle="$domain"

    else 

        needle="$subdomain.$domain"

fi      

# set hostline variable

hostline="127.0.0.1 $needle"



# Determine if the line already exists in /etc/hosts

grep -q "$needle" "$filename"  



# Grep's return error code can then be checked.

if [ $? -eq $SUCCESS ]

then

  exit 0

else

  # If the line wasn't found, add it using an echo append >>

  echo "$hostline" >> "$filename"

    # Let's recheck to be sure it was added.

    grep -q "$needle" "$filename"



    if [ $? -eq $SUCCESS ]

        then

            sudo dscacheutil -flushcache

            exit 0

        else

            exit 1

    fi

fi

Reply


Terms & ConditionsCookie settings