here there are some good suggestions regarding blocking panes inside the system settings.
My question is- can you block the System Settings app altogether from launching? Like PathBlackList magic?
So that it'd require admin password to launch?
this doesn't seem to work.
@mgdmdz I believe the Configuration Profile restrictions require a restart before they become active.
If you decide the PathBlackList isn't sufficient for your needs, and want to investigate EPM tools which provide more fine grained access control like @AJPinto suggests I'll mention BeyondTrust's Privilege Management for Mac product as an option. I'm not mentioning it as an endorsement, but as a product that has very good vendor engagement on the MacAdmins Slack (specifically in the #beyondtrust-priv-man channel).
You cannot require something to have admin access to open, its block or do not block. I would not recommend blocking system preferences, that is a very bad idea.
Sounds like you guys probably want a 3rd party tool to control what opens and who has access to open it. Look in to something like cyberark epm. It can restrict individual binaries and either allow anyone to open it, block it for everyone, or require specific credentials to open. It can also run a process as admin even if the user is a standard user.