- Jamf Nation Community
- Products
- Jamf Pro
- Re: Preventing students from turning on announce t...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Preventing students from turning on announce the time, without preventing them from setting the clock.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-06-2016 04:08 PM
Okay, our School Wi-Fi refuses to let the kids access if their clock on their MacBook Air is off by more than 5mins. Kids are not admins on their lease machines.
So we modified editing /var/db/auth.db so that standard users can alter the time.
Even before we did this some of the more irritating children discovered and enabled the "Announce the time" check box within the clock tab of Date & time.
So we could script :
do shell script "defaults write ./com.apple.speech.synthesis.general.prefs TimeAnnouncementPrefs -dict TimeAnnouncementsEnabled -bool NO"
And perhaps have this run say one a week on all student machines.
But is there a way to disable access to this check box on it's own without preventing access to the date and time, or is this too granular?
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-06-2016 05:41 PM
is it possible to point your time and date to an internal NTP server or Domain controller. I am thinking if you point the Airs to the same time server your access points are using, you should be golden. Then you could alter your script to run maybe once a day to "to check" if they are pointed to the correct server. Ran into to something similar a few years ago, and that fixed it
Larry
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2016 05:01 AM
Adding a "check" to see if a computer is pointed to the right server is OK, but that wasn't good enough for us. I've found that some computers just will not sync on their own even if it is pointing to the right server and the box is checked to sync in System Preferences. I added a single command to the Update Inventory policy that runs once per day. It forces the computer to sync the time with our internal time server. You can do it for whatever time server you wish. Because I have it running every day, there is very little chance for a computer's clock to drift by more than a few seconds unless the computer has been turned off for weeks. Ever since I implemented this, I haven't had a single computer drift enough to be denied access to the network or servers.
ntpdate -u 10.0.100.123One neat output of this command is that it will tell you exactly how far off the clock was. You can see it in the Policy log.
Result of command:
7 Apr 07:56:17 ntpdate[42270]: step time server 10.0.100.123 offset -3.764965 secOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2016 06:55 AM
@AVmcclint Close to what I use now..but with Puppet
Larry
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-07-2016 07:06 AM
I like this because it prevents users from changing their clocks for fun. Especially when some Trial versions of programs are time based. Users might change their clock to an earlier time before running a Trial program so they can keep running it. @Nick_Shortal, I presume the "kids" are young enough to be mischievous? Using my method above to keep the clocks in sync might be a better option for you to explore. Ensuring the clocks stay in sync is far easier than trying to grant very specific elevated permission to do things they probably shouldn't need to do in the first place. You can tag it on to your Update Inventory policy or you can just create a new policy that is set to run Once Every Day.
