Skip to main content
Question

Allow/Restrict Application launch folders (Noob!)

R
Forum|alt.badge.img+3

Hi guys,

I'm basically trying to achieve running the Unreal4 Engine on our macs here at school.

I initially got the program to work by simply granting permissions to a few folders. These were the folders.

/Users/Shared/UnrealEngine/4.9/Engine/Binaries/Mac/UE4Editor
/Users/Shared/UnrealEngine/4.9/Engine/Binaries/Mac/UE4EditorServices
/Users/Shared/UnrealEngine/4.9/Engine/Binaries/ThirdParty/Mono/Mac/bin
/Users/Shared/UnrealEngine/4.9/Engine/Binaries/Mac/UE4EditorServices/Content/MacOS
/Users/Shared/UnrealEngine/Launcher

Now, when the students access textures and such, it needs access to a whole lot of other folders, the user is given a "You do not have permission to launch X" error

You can see in my screen shot, I'm starting to add way to much stuff, when really, I'm just trying to grant full read access from
/Users/Shared/UnrealEngine/ - (Currently still need to specify specific exact folders, they dont inherit permissions from this level)

Attached is a screen shot of the policy. Nothing else is scoped out to the device.

Thanks alot!
R

    7 replies

    P
    Forum|alt.badge.img+11
    • pblake
    • Contributor
    • 286 replies
    • November 30, 2015

    Can you try a wildcard?

    /Users/Shared/UnrealEngine/*

    Chris_Hafner
    Forum|alt.badge.img+23
    • Chris_Hafner
    • Jamf Heroes
    • 1716 replies
    • November 30, 2015

    How does your school system block and unblock games/applications? In addition to the how, what is their primary purpose in doing so? That can have a big effect on the ways you SHOULD blacklist/whitelist apps and app locations.

    There are many ways to skin this particular cat!

    R
    Forum|alt.badge.img+3
    • rmhughes
    • Author
    • New Contributor
    • 8 replies
    • December 2, 2015

    Working on it this as we speak guys.

    Firstly will try packaging the program with proper read/write access.

    Next I'll try the wildcard.

    Thanks - Will update you!

    EDIT----

    I've tried the wildcard, unfortunately this doesn't push down permissions to the subfolders.

    I've also tried packaging the program with full read access, but the above profile is still blocking the subfolders.

    Any ideas? I know a sudo chmod 777 would work however the students would then have too much access.

    Chris_Hafner
    Forum|alt.badge.img+23
    • Chris_Hafner
    • Jamf Heroes
    • 1716 replies
    • December 3, 2015

    Funny question... how do you KNOW that a 'sudo chmod 777' will work. If the profile is blocking said sub folders then all the things your doing to the permissions aren't going to matter. At least I don't think they would. What are the restrictions that you have set?

    P.S> Have you contacted JAMF support?

    SincerelyJoshin
    Forum|alt.badge.img+4

    nothing else is scoped to the device? not even disallowed folders?

    R
    Forum|alt.badge.img+3
    • rmhughes
    • Author
    • New Contributor
    • 8 replies
    • December 3, 2015

    No other profiles scoped to the machine. Do you guys think it may be the 'Restrict which apps are allowed to launch' tickbox?

    I actually dont know the chmod777 would work, just an assumption. I'll test.

    Thanks for the ongoing support

    EDIT
    I now ran a config profile with an unticked Restrict which apps are allowed to launch tickbox. It now works, but now the students could potentially run any app, game etc. So I'm not sure this is a complete solution. Does anyone have anything further?

    Thanks!

    Chris_Hafner
    Forum|alt.badge.img+23
    • Chris_Hafner
    • Jamf Heroes
    • 1716 replies
    • December 10, 2015

    What are you specifically trying to prevent? Students shouldn't be able to just install anything without an administrative password. OK, so MAS apps are different but those can be sorted out with the check box in your picture above "Restrict App Store to Software Updates Only".

    And yes, I'm probably missing much about your situation.

    Reply


    Most helpful members this week

    Terms & ConditionsCookie settingsAccessibility statement

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

     
    Cookie settings