Better workflow to block terminal for student, but allow for admins?

rgaudet
New Contributor II

We have the Terminal app, as well as others, blocked via 'Restricted Software' for our students. This works fine; however, this is causing some headache for my technical staff to perform troubleshooting steps. The scoping of these restrictions only allows to focus on computers instead of also allowing users, so right now, we have setup a static group that is excluded. If we need to access terminal on a Mac, then we have to put that Mac in the static group, wait for that to propagate, then we have access (assuming we have 100% working communication between the Mac and the JSS, which is not always the case for whatever reason).

Does anyone have a better workflow for this scenario?

Thanks.

1 ACCEPTED SOLUTION

jjones
Contributor II

How our restrictions currently function is we first scope to our smart groups (or all if it's global). We then have our local users (tech admin accounts) and our ldap tech accounts (by group name) exempt from the restriction.

It works fairly well and I cannot think of a time I've had to remove it.

View solution in original post

2 REPLIES 2

jjones
Contributor II

How our restrictions currently function is we first scope to our smart groups (or all if it's global). We then have our local users (tech admin accounts) and our ldap tech accounts (by group name) exempt from the restriction.

It works fairly well and I cannot think of a time I've had to remove it.

rgaudet
New Contributor II

I don't know how I kept missing that as an option from exclusions. Even had my TAM look at this with me for a bit and we both missed it. Thanks.