Help

Mobileconfig creation file for VPN extension blocking

shoch
New Contributor III

Posted on ‎01-14-2020 06:36 AM

Hello all,

I need some help for a newbie. I've been tasked with deploying this:
<key>ExtensionSettings</key>
<dict>
<key>*</key>
<dict>
<key>blocked_permissions</key>
<array>
<string>"proxy", "vpnProvider"</string>
</array>
</dict>
</dict>

I was told that I need to save it as a .mobileconfig file and then deploy it.

My problem is that I have never had formal training and everything has been a trial and error process.

How would I create this and with what tool? The end goal is trying to block VPNs that the students use in the Chrome browser to circumvent our firewall.

This script is from iBoss and we've been told that it will block VPNs.

I'm also assuming that where it says "vpnProvider" I'd put the extensions lengthy ID number.

Any ideas? Thanks in advance for all the assistance.

0 Kudos
4 REPLIES 4

sirsir
Contributor

Posted on ‎01-14-2020 07:06 AM

You're better off creating a whitelist of extensions and using the "*" wildcard to block everything else. Here is an example:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>ExtensionInstallForcelist</key>
            <array>
                <string>honjcnefekfnompampcpmcdadibmjhlk;https://clients2.google.com/service/update2/crx</string>
            </array>
        <key>ExtensionInstallWhitelist</key>
            <array>
                <string>aohghmighlieiainnegkcijnfilokake</string>
                <string>ghbmnnjooekpmoecnnnilnnbdlolhkhi</string>
                <string>felcaaldnbdncclmgdcncolpebgiejap</string>
                <string>aapocclcgogkmnckokdopfmhonfmgoek</string>
                <string>honjcnefekfnompampcpmcdadibmjhlk</string>
                <string>inoeonmfapjbbkmdafoankkfajkcphgd</string>
                <string>kbfnbcaeplbcioakkpcpgfkobkghlhen</string>
            </array>
        <key>ExtensionInstallBlacklist</key>
            <array>
                <string>*</string>
            </array>
    </dict>
</plist>

You'll want to use this utility to create a profile that you can upload to JAMF.

shoch
New Contributor III

Posted on ‎01-14-2020 07:30 AM

Thank you. I'll be honest though, I'm having no luck with that utility. Is it an actual app?

0 Kudos

sirsir
Contributor

Posted on ‎01-14-2020 07:37 AM

No, you have to use the terminal.

0 Kudos

shoch
New Contributor III

Posted on ‎01-15-2020 09:46 AM

Ok. Bear with me on this.

I am not able to figure out what I do to create this and then push out. I've got Xcode but can't make heads or tails of it.

Would you be willing to create a step-by-step? I've been tasked with pushing this out and I am struggling greatly.

Thank you for your continued assistance.

0 Kudos