Help

Allow/Restrict Application launch folders (Noob!)

rmhughes
New Contributor

Posted on ‎11-29-2015 01:59 PM

Hi guys,

I'm basically trying to achieve running the Unreal4 Engine on our macs here at school.

I initially got the program to work by simply granting permissions to a few folders. These were the folders.

/Users/Shared/UnrealEngine/4.9/Engine/Binaries/Mac/UE4Editor
/Users/Shared/UnrealEngine/4.9/Engine/Binaries/Mac/UE4EditorServices
/Users/Shared/UnrealEngine/4.9/Engine/Binaries/ThirdParty/Mono/Mac/bin
/Users/Shared/UnrealEngine/4.9/Engine/Binaries/Mac/UE4EditorServices/Content/MacOS
/Users/Shared/UnrealEngine/Launcher

Now, when the students access textures and such, it needs access to a whole lot of other folders, the user is given a "You do not have permission to launch X" error

You can see in my screen shot, I'm starting to add way to much stuff, when really, I'm just trying to grant full read access from
/Users/Shared/UnrealEngine/ - (Currently still need to specify specific exact folders, they dont inherit permissions from this level)

Attached is a screen shot of the policy. Nothing else is scoped out to the device.

Thanks alot!
R
9c9e249bdd164e50b444ab6cf39bb393

0 Kudos
7 REPLIES 7

pblake
Contributor III

Posted on ‎11-29-2015 05:56 PM

Can you try a wildcard?

/Users/Shared/UnrealEngine/*

0 Kudos

Chris_Hafner
Valued Contributor II

Posted on ‎11-30-2015 10:16 AM

How does your school system block and unblock games/applications? In addition to the how, what is their primary purpose in doing so? That can have a big effect on the ways you SHOULD blacklist/whitelist apps and app locations.

There are many ways to skin this particular cat!

0 Kudos

rmhughes
New Contributor

Posted on ‎12-02-2015 03:57 PM

Working on it this as we speak guys.

Firstly will try packaging the program with proper read/write access.

Next I'll try the wildcard.

Thanks - Will update you!

EDIT----

I've tried the wildcard, unfortunately this doesn't push down permissions to the subfolders.

I've also tried packaging the program with full read access, but the above profile is still blocking the subfolders.

Any ideas? I know a sudo chmod 777 would work however the students would then have too much access.

0 Kudos

Chris_Hafner
Valued Contributor II

Posted on ‎12-03-2015 10:18 AM

Funny question... how do you KNOW that a 'sudo chmod 777' will work. If the profile is blocking said sub folders then all the things your doing to the permissions aren't going to matter. At least I don't think they would. What are the restrictions that you have set?

P.S> Have you contacted JAMF support?

0 Kudos

SincerelyJoshin
New Contributor II

Posted on ‎12-03-2015 10:34 AM

nothing else is scoped to the device? not even disallowed folders?

0 Kudos

rmhughes
New Contributor

Posted on ‎12-03-2015 03:44 PM

No other profiles scoped to the machine. Do you guys think it may be the 'Restrict which apps are allowed to launch' tickbox?

I actually dont know the chmod777 would work, just an assumption. I'll test.

Thanks for the ongoing support

EDIT
I now ran a config profile with an unticked Restrict which apps are allowed to launch tickbox. It now works, but now the students could potentially run any app, game etc. So I'm not sure this is a complete solution. Does anyone have anything further?

Thanks!

0 Kudos

Chris_Hafner
Valued Contributor II

Posted on ‎12-10-2015 07:18 AM

What are you specifically trying to prevent? Students shouldn't be able to just install anything without an administrative password. OK, so MAS apps are different but those can be sorted out with the check box in your picture above "Restrict App Store to Software Updates Only".

And yes, I'm probably missing much about your situation.

0 Kudos