Hi,
We rolled out SentinelOne a couple of months ago, now we noticed users disabling SentinelOne under
LoginItems>Allow in the Background in the system settings.
What is the best way to disable this?
Solved
Prevent Users (admin) to disable SentinelOne in background items
+3Best answer by AJPinto
Use a configuration profile to manage the background item. Honestly, you want a configuration profile for pretty much every application you don't want users to be able to disable.
+12Build a config to add the Background items, and push it out from Jamf.
I used iMazing profile editor to make mine. It is in the Service Management section.
Find the Team identifier or bundle identifier etc, and add them in as a rule value.
Once they are installed, they are marked as managed by MDM and are not changeable.
+12Build a config to add the Background items, and push it out from Jamf.
I used iMazing profile editor to make mine. It is in the Service Management section.
Find the Team identifier or bundle identifier etc, and add them in as a rule value.
Once they are installed, they are marked as managed by MDM and are not changeable.
Original Post for this with instructions...
https://community.jamf.com/t5/jamf-pro/background-login-items-ventura/m-p/276568#M250670
+26Use a configuration profile to manage the background item. Honestly, you want a configuration profile for pretty much every application you don't want users to be able to disable.
+3I created the btmdump.text file, i see a lot of different Sentinel UUID's like Sentinel Labs Incl., SentinelOne Extensions, Sentinel_Helper etc etc.
In the iMazing Profile Editor i created Service Management - Managed Login Items, there i fill in
Rule Type: TeamIdentifier, Rule Value, Comment and Team Identifier.
Which rule value do i need to fill in?
For example the first UUID i has the following information: name, type, disposition, identifier, url, generation, embedded item identifier etc. Not sure which of these field can be used to fill in at the rule value in the iMazing Profile Editor.
+3Use a configuration profile to manage the background item. Honestly, you want a configuration profile for pretty much every application you don't want users to be able to disable.
This seems to be working, is this also working for Monterey or only Ventura/Sonoma?
+26This seems to be working, is this also working for Monterey or only Ventura/Sonoma?
This function was added in Ventura and continued in Sonoma. Background Items preference pane did not exist in Monterey, and they cannot be managed or disabled by the user.
+12Rule type has to match the Rule value
For Google I have a rule type of Team Identifier, and the Rule Value is EQHXZ8M8AV.
Team Identifiers are usually a code like this.
Bundle Identifier for Google is com.google.
Bundle Identifiers normmally follow this pattern.
+18This is what ours looks like - you can add/subtract items on the fly and it works great:
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.