Help

only allow applications in /Applications to run

catfeetstop
Contributor II

Posted on ‎09-01-2011 11:41 AM

With Casper, how do I only allow applications within /Applications to run? I don't want our users to be able to run applications from the desktop, flash drives, etc... I know how to do this with Workgroup Manager and OD but not Casper.

Jamie Bell
Apple Technology Administrator
The Westminster Schools
404-609-6345

0 Kudos
3 REPLIES 3

tlarkin
Honored Contributor

Posted on ‎09-01-2011 12:01 AM

Email me directly and I can send you my MCX file that does this. You want to specifically look at the com.apple.applicationaccess part. I will paste that part here but if you want the whole file email me and I will send it via attachment

<key>com.apple.applicationaccess.new</key> <dict> <key>familyControlsEnabled</key> <dict> <key>state</key> <string>always</string> <key>value</key> <true/> </dict> <key>pathBlackList-Raw</key> <dict> <key>state</key> <string>always</string> <key>upk</key> <dict> <key>mcx_input_key_names</key> <array> <string>pathBlackList-Raw</string> </array> <key>mcx_output_key_name</key> <string>pathBlackList</string> <key>mcx_remove_duplicates</key> <true/> </dict> <key>value</key> <array> <string>/Applications/Utilities/</string> </array> </dict> <key>pathWhiteList-Raw</key> <dict> <key>state</key> <string>always</string> <key>upk</key> <dict> <key>mcx_input_key_names</key> <array> <string>pathWhiteList-Raw</string> </array> <key>mcx_output_key_name</key> <string>pathWhiteList</string> <key>mcx_remove_duplicates</key> <true/> </dict> <key>value</key> <array> <string>/Applications/</string> <string>/Library/Application Support/</string> </array> </dict> <key>whiteList-Raw</key> <dict> <key>state</key> <string>always</string> <key>upk</key> <dict> <key>mcx_input_key_names</key> <array> <string>whiteList-Raw</string> </array> <key>mcx_output_key_name</key> <string>whiteList</string> <key>mcx_remove_duplicates</key> <true/> </dict> <key>value</key> <array/> </dict> </dict>

0 Kudos

dderusha
Contributor

Posted on ‎09-27-2012 11:22 AM

We started using profiles in 10.7 and 10.8 instead of MCX. There is a Restrictions section that allows you to filter what applications are allowed to run. At the bottom of the applications list there is a section to customize the paths apps can run from. Taking Jared's list we still got some random adobe errors. We added this list to the "Allow folders" /Applications /Library/Application Support/Adobe/CS4ServiceManager/CS4ServiceManager.app/Contents/MacOS/CS4ServiceManager /Library/Application Support/Adobe/CS5ServiceManager/CS5ServiceManager.app/Contents/MacOS/CS5ServiceManager /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility /Library/Application Support/FLEXnet Publisher/Service/11.5.0/FNPLicensingService /Library/Application Support/ /Library/Application Support/Adobe /Library/Application Support/FLEXnet Publisher/ /Library/Application Support/FLEXnet Publisher/Service/11.5.0/ /Library/Application Support/ProApps /Library/Internet Plug-Ins/ /Library/Internet Plug-Ins/AuthorwareWebPlayer-PPC folder/ /System/Library/CoreServices/DMProxy

Hope it helps someone
Dan

0 Kudos

jserapio
New Contributor

Posted on ‎06-25-2013 12:39 PM

Sorry to bring this post back from the dead.

@Dan, some of your paths follow Unix paths, slash followed by a space, while some are just space. Which one worked for you? I am having an issue with setting white/black lists in config profiles and cannot seem to get them consistent.

0 Kudos