Help

Assignment of apps to admins only

kmitnick
New Contributor III

Posted on ‎11-01-2016 06:43 PM

anyone have a way to only allow admin users to launch certain applications only? IE, Terminal, System preferences? Is that possible via a policy?

0 Kudos
Reply
3 REPLIES 3

MacSysAdmin
Contributor

Posted on ‎11-02-2016 04:30 AM

You can change permissions on the application to not allow execute for anyone but the admin group. If you want to do this in a policy run the command via script in a policy.

0 Kudos
Reply

kmitnick
New Contributor III

Posted on ‎11-02-2016 06:10 AM

BostonMac,

I appreciate your reply. macOS Sierra does not seem to allow the permissions or ownership changes on Terminal.app due to SIP restrictions. It falls under the last item in the list below. This is a real bummer.

Paths and applications protected by System Integrity Protection include:
/System
/usr
/bin
/sbin
Apps that are pre-installed with OS X

0 Kudos
Reply

kmitnick
New Contributor III

Posted on ‎11-02-2016 06:55 AM

I was able to get this going by creating a restriction for the Terminal.app then excluding my admin users. It's not pretty but it does exactly what I need it to do.

Keith

0 Kudos
Reply