I have this on and off issue with manage preferences.I work in a school and I set up this policy within manage preferences to restrict the access to a few of the utilities (e.g.terminal, console) I also setup a separate policy to allow access to certain parts of the OS X ( e.g. /applications, /Library/application support,) so that way students aren't allowed run any apps outside those parameters.
We have a mixture of Macs. To test a setup an Unibody (A1342) running OSX 10.7.5 and a MacAir running 10.9.2. When I first deployed the policy to these two computers everything was working fine. there was a message (access restricted) when I tried to use the console which is what I want. if I tried to run an app from the desktop, same restricted access message which was great.
three hours later, the policies stopped working even though both of the computer are in the scope of the policies. What I have done so far to attempt to fix the problem is:
- ran sudo jamf mcx, sudo jamf recon and sudo jamf enroll -prompt locally on both computers
2, used the recon app within capser suite to remotely enroll the computers
- restarted both computers after the re-enrollment
- made sure both computers are in the scope of the policies which they are, both computers re-enrolled immediately in the JSS,
On the test computers, I logged in as a student (we targeting students) but no luck. student shouldn't have access to the console and/or the terminal, shouldn't be able to run apps from the desktop but I can. whether I setup the policy at computer level or user level (with an exemption for us the admins) it doesn' work. when you look at the JSS both computers are enrolled, checked in and with inventory updated. I can see that the polices are applied in manage preferences when you look at the computers details in the JSS
I guess I could re-image the computers and that might solved the problem but I'm wondering why the policies aren't working when they where working before and everything seems to be setup properly. Any ideas? Am I missing something? Running JAMF 9.6
Cheers,
Henry
