Skip to main content
Question

Restrict App Usage to Only select Apps

  • June 2, 2022
  • 5 replies
  • 127 views
C
Forum|alt.badge.img+8

I need to lock down a mac running Monterey 12.4 so that only a very select few apps can run.  I can use Screentime for most of this by selecting pretty much everything and giving it a 1m usage, however, it also blocks our remote software (Bomgar Remote Support Client) and I can't add an exception because it doesn't show in the list of apps since it's in a hidden folder.

Is there a better way to do this with JAMF and a config profile?  I don't want to have to create a Restricted Software policy for every app on the Mac I need to block.

    5 replies

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • June 2, 2022

    @cgreid You should take a look at Google's Santa tool: https://github.com/google/santa which offers a lockdown mode which only allows specific apps to run.

    Hugonaut
    S
    Forum|alt.badge.img+10
    • sgiesbrecht
    • Valued Contributor
    • June 2, 2022

    Have you tried "Restricted Software"
    restricts by process name

    can delete the app, send  email notification and  kill the process

     

    C
    Forum|alt.badge.img+8
    • cgreid
    • Author
    • Contributor
    • June 2, 2022

    We're trying to block EVERYTHING but Safari, our security tools, and one other program (not my decision).  I don't want to have to create an entry for every default app on the Mac.  Google's Santa looks promising, documenation is abysmal and without a gui for configuration it doesn't solve the problem of having to create an entry for each app.

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • June 2, 2022

    We're trying to block EVERYTHING but Safari, our security tools, and one other program (not my decision).  I don't want to have to create an entry for every default app on the Mac.  Google's Santa looks promising, documenation is abysmal and without a gui for configuration it doesn't solve the problem of having to create an entry for each app.


    @cgreid LOCKDOWN mode with Santa should only run the apps you specifically enable, which by your description is a small list.

    C
    Forum|alt.badge.img+8
    • cgreid
    • Author
    • Contributor
    • June 2, 2022

    Is it possible to only have it block apps for specific accounts though?  We don't want to block them for our admin account, just the user account.

    Terms & ConditionsCookie settingsAccessibility statement