What is the best way to lock keychain access on mac os devices? I do not want users poking around in there. I basically want the lock in the upper left hand corner to be locked.
Can I ask why? Keychain Access, or at least the user's login keychain, is intended to be used by users, not locked. Locking it is only going to really mess up your user's experience. Even if there was a way to do this, which I have a feeling there isn't, the OS isn't going to play nice with this and will nag your users incessantly about not being able to access items in their keychain. macOS just wasn't designed with the idea in mind of denying users access to their own login.keychain.
If you're concerned about the System keychain being messed with, non admin users aren't able to unlock it. When you try to unlock it, it asks for an admin account name/password to do so. As long as your users are standard accounts, they shouldn't be able to mess with the System keychain.