Posted on 01-09-2017 03:57 PM
Hi All,
Very confused by Configuration Profile restrictions. I've got whitelists and blacklists set, but they seemingly don't actually work reliably.
I have the following:
Whitelist:
/Applications/
/Library/
/System/Library/
/bin/
/private/
/usr/
/sbin/
~/Library/
~/Library/Printers/
Blacklist:
/Applications/Utilities/Terminal.app
~/Downloads/
~/Desktop/
~/Documents/
~/Applications/
/Applications/Mail.app
/Applications/Microsoft Outlook.app
Problem is, things like Chrome don't launch because ksadmin can't load (in ~/Library/Google), or Printer Proxy won't load (in ~/Library/Printers). But I've got all of ~/Library/ allowed!
Is it because I'm ending the path's with slashes? Are restrictions just broken in Casper and/or 10.11.6?
At this point, I've turned them off. My hope was to prevent people from running Mail, or Terminal, etc. I really want to have these restrictions, but if they break stuff that should work, then I really can't. =/
Thanks!