Help

Blockage on specific commands being run

Asifahmed
New Contributor III

Friday

Hello Team,

I want to block two commands (sysadminctl  and  dscl) on mac devices through JAMF. Please let me know if I can do it through config profile, I can change the permission(000) by a script/command and run it via a JAMF policy but users are admin and very smart so that they will create another users via commands, so I am planning for config profile so that they cant run or change anything to make run on macs. Any idea will be appreciated. Thanks!

0 Kudos
2 REPLIES 2

ajpinton1
New Contributor II

Friday

You can use a Configuration Profile to disable Users and Groups, but Configuration Profile would not do anything like blocking a command from running unless apple made a domain to manage that function like they do with FileVault.

What you are wanting is something Jamf Protect can do or pretty much any other EDR tool like CyberArk, Carbon Black or Sentinel One. However, this is not something a Mobile Device Management platform like Jamf Pro can't do as this is a part of Apples Security Framework not the MDM Framework.

 

TL;DR: Use the right tool for the job or have a bad time, you need an EDR client and want to look at removing Admin access from users.

0 Kudos

talkingmoose
Moderator
Moderator

Friday

I believe you should be able to use Restricted Software for this. Just enter the process name in the Process Name field.

Be careful when restricting access to sysadminctl. This is a system binary that macOS may call for some operations. You might break some core functionality it or Jamf Pro needs.

0 Kudos