Help

Block VPN Preference Pane

TomDay
Release Candidate Programs Tester

Posted on ‎01-23-2024 08:50 AM

We are doing a POC for Linewize and running into some issues with access to the VPN System Preference Pane. Test user is a local administrator, as will the production users, no getting around that. I can restrict access to the network preference pane:

config profile enforced - network.png

 

but then VPN & Filters pane is still available

config profile enforced - vpn_filters.png

 

I don't see anywhere that I can restrict the VPN & Filters pane, am I missing something?

Ideally I would love to be able to leave access to Network open and restrict VPN & Filters in 2 locations:

no config profile - network.png

0 Kudos
3 REPLIES 3

aparten
New Contributor III

Posted on ‎01-23-2024 02:11 PM

It seems like you can disable the "VPN & Filters" submenu with an Application & Custom Settings payload using the below plist and the preference domain of "com.apple.systempreferences" (since Restrictions doesn't have this as an option).

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
   <key>DisabledSystemSettings</key>
    <array>
        <string>com.apple.NetworkExtensionSettingsUI.NESettingsUIExtension</string>
    </array>
</dict>
</plist>

 

In some quick testing, this would prevent a user from creating new VPN configs, but they could still enable a previously created VPN since it does not block the main VPN menu. I can't seem to find a Settings extension for that menu specifically (even the Sidebar.plist found within the System Settings app points to this extension for VPN, which is strange). Not a perfect solution, but at least it's half of what you're looking for and perhaps someone else can figure out the other part or even see if you can remove previously created VPN configs?

0 Kudos

TomDay
Release Candidate Programs Tester

Posted on ‎01-24-2024 05:59 AM

@aparten appreciate that, will test out today!

TomDay
Release Candidate Programs Tester

Posted on ‎01-24-2024 08:02 AM

That plist works great for disabling the VPN & Filters submenu!

 

Found a few things with chatgpt and disabling the VPN preference pane but isn't working yet, this one is proving more difficult. In general it looks like the profile isn't working, as for testing purposes I added disabling network and sound in addition to vpn and none are disabled.

 

 

Continuing to debug...

 

 

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0">

<dict>

     <key>DisabledPreferencePanes</key>

     <array> <string>com.apple.preference.network</string> </array>

     <array> <string>com.apple.preference.bluetooth</string> </array>

     <array> <string>com.apple.preference.sound</string> </array>

</dict>

</plist>

0 Kudos