Posted on 11-18-2015 04:30 PM
The image attached shows the pop up window that keeps coming up randomly on the screen. I know the reason why is popping up as explained here:http://jamfnation.jamfsoftware.com/discussion.html?id=15527
(We have a computer lab with iMacs and I have disallowed access to disk images via configuration profile to prevent students from running games or installing software they not meant to and on top of that we got a few policies that run DMG's packages which is why the pop is asking permission)
is there's anyway I can suppress or hide this pop up from coming up on the screen?
Cheers,
Henry
Posted on 11-18-2015 04:59 PM
First, I believe the fix would be to find an alternate workflow in keeping the students from installing games. Is there a reason they all need admin rights? Assuming this is how they are able to install anything.
Second, is it possible you could repackage the apps being installed from the JSS to pkgs instead of dmgs? This would stop the popup message from asking permission to mount the dmg.
Posted on 11-18-2015 06:07 PM
^-- what he said
Fix the root cause, not the symptoms.
Appropriate supervision will prevent students playing games when they should not be. No need for a technical solution to a social problem
Installing software requires admin rights, going from that screenshot, they do not have admin rights so thats a moot point.
Posted on 11-18-2015 11:54 PM
Could the admin prompts be an attempt to allow a dmg be mounted?
As said, if DMG's are blocked. Move to PKGs.
Posted on 11-19-2015 05:59 AM
@pty10 Is it possible you could share with us some of the installs you are using DMG's for? Perhaps we could assist you in getting them switched to pkgs and end this message prompt headache you are experiencing.
Posted on 11-19-2015 06:09 AM
Even without admin rights, its still possible to launch applications or games from a mounted disk image if they come as self contained app bundles, which may be what the OP was trying to prevent.
Still, I agree that the solution is to find other ways of preventing these apps from running. For example, a config profile using restrictions on which paths applications can launch from may be something to explore. In the old MCX days this was referred to as whitelisted and blacklisted folders; not sure what nomenclature is used for the same items in Config Profiles, but I believe its just under "Restrictions"
Also, as suggested above, look at moving from DMGs to PKGs where possible instead, which would avoid the issue of the jamf binary trying to mount a disk image. Your setup has two incompatible settings. On one hand, you are instructing the OS to not allow any disk images to mount, and on the other you are instructing Casper to mount disk images to install items. You can't have it both ways. The OS doesn't know the difference between a user trying to mount a DMG vs Casper trying to do the same.
Posted on 11-19-2015 06:42 AM
^ That last line hit it on the head.
Posted on 11-24-2015 09:54 PM
Hi Guys, sorry for the late reply.
@Snickasaurus I have 3 DMG's in some of the policies we use. I have disabled two of them so I can test (google Earth and Adobe Air) and will try to package them later on. I have another DMG that we use for Lego robotics, the only issue there is that I have the deploy a html file to the desktop of the lab iMacs and my understanding is that it needs to be package as a DMG? because it wont work as a .pkg (Intro to Robotics.htm.dmg )
@mm2270 I have used config profiles with in the past to stop students from running any files outside the applications folder and works great. I think with dmg's is a bit more tricky. not sure how will you create a path where they can use their USB's but at the same time not allow them to run dmg's from that USB. I removed the media/disk image restriction that I had and so far every time I run a package from a DMG I get asked for admin rights which is good but no guarantee that always be the case like you said
@calumhunter In theory what you said make sense but in practice doesn't work, especially when the ratio of teachers to students is 1/30 and in most cases the students would know more about computers than the teachers. Yeah one might get caught and trying to prevent this sort issues saves me time.
Posted on 11-24-2015 11:40 PM
@pty10 I can speak of the html file. You might consider saving it to the desktop of your local admin/management account and creating a package of it with Composer then use the FUT / FEU options in Casper Admin so that all users receive the document on their desktop.
As for the Lego dmg I did a quick search and came across a dmg installer named LMS-EV3-OSX-ENUS-01-01-01-full-setup.dmg. Inside was a package that should install with
sudo installer -pkg /Users/Me/Downloads/LEGO MINDSTORMS EV3 Home Edition.pkg -target /
Assuming that you use a licensed installer or "pro" version you might try uploading that package first into Casper Admin along with the package you created for the html file and then add them to a policy and push it out. It's worth taking to the lab and giving it a go.