Applications folder restrictions

There may be a more graceful way, but the following has worked for me in the past:

#!/bin/bash

currentName=$(diskutil info disk0s2 | grep "Volume Name" | awk -F":" '{ print $2 }' | sed -e 's/^[ ]*//')
if [ "$currentName" != "Macintosh HD" ];then
diskutil rename / "Macintosh HD"
fi

Leslie N. Helou
Senior Systems Engineer
Bell Techlogix
8888 Keystone Crossing, Suite 1700
Indianapolis, IN 46240
317.704.6408
lhelou at belltechlogix.com

On 3/25/11 2:42 PM, "Nicholas, Lauren" <lpnicholas at moravian.edu> wrote: I have a weird question. Most of our users (faculty, staff) are local admins of their machines. I use MCX for most things, but cannot figure this logic out. I have a number of users who, for some reason, like to create sub-folders within /ApplicationsŠ they create things like 'Games', 'Photography', 'Word Processing', etc. Then, they drag each application of matching genre into those said folders. Sometimes, the application won't run from anywhere except /Applications. However, most things they seem to get away with. It makes my reporting a bit of a pain. If they are admins, how can I enforce this?

Probably not much you can do if they are admins. Right or wrong, they've
been handed the keys to the kingdom.

You could write scripts or launchd items to try to undo what they do. Will
you be able to account for all the scenarios? Probably not.

Other than the politics, what is the reason these users are admins on
their computers? If you can meet their needs without them being admins
then that's the best way to approach this.

--

William Smith
Technical Analyst
Merrill Communications LLC
(651) 632-1492

We have a saying round our parts - "Technical solutions can't solve social
problems."

:)

j
-- Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

Funny.... "I can't fix stuipd" is one of our maxims too...

:)

j
-- Jared F. Nichols
Desktop Engineer, Client Services
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

I would suggest not giving them admin rights. Otherwise you are going
to have to set up some ACLs and permissions which have their own sets of
caveats. I use MCX to restrict apps from running with in certain full
file paths, so users cannot run apps from anywhere but the /Applications
folder. However, to restrict write access, to the admin group.....well
that could get hairy.

-Tom

I like that, Jared. It's like "You can't legislate morality." or "You
can't fix stupid."

But we can't help ourselves, so we just keep trying. Or we are forced to
keep trying.

8-)

--
Karl Schoenefeld | IT Department
SGS St Louis | 1035 Hanley Industrial Court | St Louis, MO 63144
Direct: 314-918-3126 | Cell: 314-680-0359