Mac App Store

Ours already have Admin (for the most part). We're in an odd environment
though.

j

We have concerns for the type of applications that users would be
interested in putting on their enterprise provided equipment that we are
not already providing. Therefore, we'll likely put in place some sort of
blocking/removal of the Mac App store until we can find a valid use for it
and can manage it at the enterprise level.
--
James Fuller | Starbucks Coffee Company | Technology Application Services
| application developer II | Coffee Master
E: jafuller at starbucks.com | V: 206.318.7153 | F: 206.318.0155

I'm imagining the screams on all sides right now...

Users with admin rights: What do you mean I have to redownload my apps after you reimage my machine?!? Why aren't you backing my apps up?

Network guys: I'm blocking ports if these people don't watch their bandwidth during peak hours!

Legal: How are we preventing license abuse?

Upper Admins: Make our users happy!

My department head: It's your problem.

The problem is, if a user has admin rights, they've got the ability to reinstall. Granted, a policy can kill; but that's just going to cause more screams. I have a feeling that this is going cause us to reevaluate policies in general -- which means I'm standing behind the concept that we do not need to address this as a technical issue, but as a social issue.

The way I see it, this is the absolute proof that Apple views their products best placed in the hands of end users with full ownership; not as part of a controlled network.

Since I work in academia (K-12) the upper management administrators are somewhat authoritative, and like to have complete control over everything. Then we have federal government regulations with things like CIPA and eRate, and other government programs that grant us funds, but we have to meet their standards. Then we have the legal side of properly paying for licenses, and being accountable to provide reports or receipts of purchased software if audited.

I am all about the end user experience. The one reason we use Macs is because they have a better end user experience than a Windows box. Supporting Windows in a managed environment all you hear from employees how locked down and sucky their work computers are. I know you can argue the whole well you only need to work on a work computer argument but the OS X end user experience is just better in my opinion.

I think it will most likely be blocked in my environment because of the too many loose ends both legally and federal policy wise. Plus users aren't allowed to install their own apps anyway.

I haven't seen how the Mac app store will work other than online
On 1/3/11 2:48 PM, "Ernst, Craig S." <ERNSTCS at uwec.edu> wrote:
references.

We'll have a need to prevent folks from downloading personally purchased
apps onto company-owned machines but I also loathe removing anything that
comes with the Mac OS for fear that an update could put something right
back.

My choice would be to disable the software or block the download somehow,
preferably using MCX.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

So how do your companies manage iPhones? Can your users install an app
purchased under a personal account to a company device? I think this Mac
Store will start to try to blur the edges of what is acceptable in a
corporate environment and we'll have to adapt at a moment's notice.
--
James Fuller | Starbucks Coffee Company | Technology Application Services
| application developer II | Coffee Master
E: jafuller at starbucks.com | V: 206.318.7153 | F: 206.318.0155

Our company neither purchases nor support iPhones beyond basic Exchange
On 1/3/11 4:31 PM, "James Fuller" <JaFuller at starbucks.com> wrote:
account setup. They belong to the users. But I've been asked lately about
iOS management (probably for iPad management), so I see it coming.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

We currently do not have any campus owned iPhones, that I'm aware of. We do support iPads in that we have almost 40 campus owned. We don't use MDM with them currently. I think I've stated this before that each is registered to a sequential email alias that is pointed to the actual person who is in charge of it. When the owner changes, the alias is pointed to the new owner. All purchases are retained with the alias account. That iTunes account is a no credit card account, and all app purchases are handled through my Mac management account upon request where apps are gifted out to the alias to redeem or they get a redemption code from me out of the volume purchasing plan. They are welcome to install anything they want that's free.

We centralize purchasing for a number of reasons. To have a single point of tax redemption in batch. To make users aware of any gotchas with apps before they purchase; we load many on our demo loaner first. And the volume plan options.

I'd love to use MDM for a number of reasons, but we haven't hit a tipping point where it's necessary. The thing that likely will is for security reasons; remote wipe and tracking if stolen. Next would be app deployment.

Now there are a number of iTouches that I need to wrangle into this structure since this came about for iPads.

I usually think my job is to not necessarily restrict users from doing things, so much as protecting them from themselves, everyone else, and our other assets. We very much still give users admin to their office computers when they ask, but I can see that changing as the reality of better security is realized or required.

As far as the Mac App Store it will likely get removed and black listed so we can still attempt to keep licensing info centralized, and it will likely have the same tax issues and purchases not being tied to a personal account. The availability of credit cards for purchasing departments is our biggest enemy to catching bad software and hardware purchases before the mistake is made.

Don't get me wrong, I like the idea of the service, just like I love Steam. You never lose your software and hopefully there us a robust farm and bandwidth behind it so downloads are fast. Things just update. The user doesn't have to think. It's great for consumers.

Craig E

Our clients are enterprise (multimedia/advertising/branding/graphics) and we have very strict SLAs. The App Store will be treated like any other application request. I think it's free, but the stuff you "buy" through it will need to go through the usual procurement process (think 'truck stuck in mud'). It'll be interesting to see how this pans out, particularly on the enterprise management side. I'm going to stock up on popcorn... :)

Don

I see it as a problem to be enforced at a level above the client. Who
cares if the Mac App Store is installed if it's blocked at the
firewall/proxy?

(fairly) simple.

j

Hi James,

We did some testing for a client who wants to replace all their Blackberry devices with iPhone. The iPhone Configuration Utility makes this easy:

iPhone Configuration Utility > Configuration Profiles > select profile > Restrictions > [x] Allow installing apps

No idea if this would cover App Store stuff...but we're hoping it will.

Don

I'm hoping that Apple will also release MCX profiles for the App store to restrict or disable pieces like the iOS configuration utility mentioned.

I guess we'll all find out in a few hours. Please share as you find it!

For our staff, we've always had a policy of "Give it a try, but if you break something, we're re-imaging." For our student machines though, we'll first deny access to the app most likely, and once Apple integrates it which will likely happen in Lion, we'll have to hide or otherwise disable it on those machines. Or, maybe JAMF will integrate to it much like they have with the iOS App Store.

John

I don't think you are. I even tried renaming the app itself and of course the actual process called is still the same inside.

I think that earlier screen of the restriction had .app at the end, and you really just want 'App Store'.

I've had two call thus far.

Craig E

And I'm guessing the calls went something like…

User: Yes I'd really like that App Store
Craig: Pound sand
bzzzzzzz
User: Hello??

:)
--
Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Coming soon to a theater near you....... Craig Ernst starring as........
On Thu, Jan 6, 2011 at 2:24 PM, Nichols, Jared - 1170 - MITLL <jared.nichols at ll.mit.edu> wrote:

B O F H

The Bastard Operator From Hell!

:-)

Steve Wood
Director of IT
swood at integer.com

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475

Funny you should mention BOFH.

In an email to the first user I told them I really didn't want to become that, but Apple forced me to be. =)

That first user then called me back again later and said it was really convenient to find my phone number, all he had to do was launch the App Store and my message gave it to him.

The two calls have been good…also, we're still on Winter break so half of them aren't here yet.

Craig E

I always use the, "I am only just a sys admin.." excuse when people ask
me for stuff. I tell them upper management makes those decisions I just
do what I am told. That should end the conversation right then and
there.

Then I tell them to either contact help desk and put in a ticket for a
request, or email my boss. If I got paid to make decisions things would
be a bit different around here, but ultimately I am glad I do not get
paid to make decisions.

-Tom

Good morning everyone!

This isn't really related to Casper Suite, but it is very related to software distribution on the OS X platform...

The Mac App Store is officially open for business:

http://www.apple.com/mac/app-store/

Expect some questions from your clients/users. :)

Happy 2011!
Kerry

Yup, just configured my first restricted application ever...

Thought I'd never have to do that here. This should be interesting.

Craig E

I only have about 600 OS X 10.6 machines out of around 8,000 I am not too worried about it just yet, and out of those 10.6 machines maybe only 100 of them are with users that have admin rights.

The rest run 10.5.8

Within 10 minutes of Business hours beginning, our support team was hit with
about 20 emails requesting 10.6.6 just for the mac app store. We have about
400 macs here. Its annoying that Apple released an entire service pack just
for this. A DMG with just the app store would of sufficed. ~Joseph

How did you restrict the app? MCX through WGM or through CASPER?

Karl H. Hehr
Technology/Curriculum Director
South Hamilton CSD
www.s-hamilton.k12.ia.us

I would be curious to hear, why its being restricted.

Am I missing something?

Any purchases/Downloads of apps require an iTunes account and there is very little chance of piracy.
It will all stay in the users home folder.

Do you also block the iTunes store?

Nick Caro Senior Desktop Support Administrator

Patrick Bachuwa
Desktop Engineering Applications Sears Holdings Corporation
Michigan Campus
3000 W. 14 Mile Road
Royal Oak, MI 48073-1717
Phone: 248 637-0350
Patrick.Bachuwa at searshc.com


Don't enable 10.6.6 in your SUS

Dan De Rusha
I.T. SPECIALIST

SCHAWK!
T 847.296.6000 M 847.287.1337
F 847.296.9466

1600 Sherwin Avenue
Des Plaines, IL 60018 USA
schawk.com

Schawk invites Industry Thought Leaders to participate in BRANDSQUARE, a one-of-a-kind, exclusive online marketing community. Visit http://brandsquare.com.