Help

Apply a policy to a specific local user account

BerkleySupport
New Contributor

Posted on ‎11-17-2019 01:37 PM

We are trying to disable Chrome Incognito Mode for a specific local user account.
We can do this 'manually' at the iMacs, but we can't see how to scope the policy to a specific local user account.

0 Kudos
4 REPLIES 4

teodle
Contributor II

Posted on ‎11-17-2019 02:03 PM

This could be scripted using a parameter label. Parameter labels are a way to pass variables interactively to scripts. And whoever writes the policy doesn't have to rewrite the script; they would just have to know the username.

In your script do this. Now your variable for user becomes $user. You then define parameter 4 as user in the options tab of your script

user="$4"

Then in your policy, you enter a specific username into the parameter that will show up named "user" and the script only applies to that user no matter how many workstations you scope it to, provided that user exists on those machines.

0 Kudos

teodle
Contributor II

Posted on ‎11-17-2019 02:36 PM

@BerkleySupport When you create policy, you can scope it to specific users. Seems that there are two different ways to do this. Through the main tabs or through limitations. The script you posted though, doesn't that disable Icognito forever at the computer level?
Why don't you just ban that one user from your computer labs? :)

0 Kudos

BerkleySupport
New Contributor

Posted on ‎11-17-2019 03:15 PM

There are numbers of students using Incognito mode, so it's not that simple. When we run the script logged on the the Student account manually it works permanently, after a restart.

Our challenge is to get it to do the job under Jamf. In the good old days we'd do this with Remote Desktop.

0 Kudos

BerkleySupport
New Contributor

Posted on ‎11-17-2019 04:42 PM

Parameter labels haven't solved the issue. We've also tried using the Target Drive option set to: /Users/student/ but with no success.

0 Kudos