"Restrict which apps are allowed to launch" setting not working on first login

New Contributor II

We have a user-level configuration profile set up for students with the "Restrict which apps are allowed to launch" checkbox checked and a whitelist of applications. We are finding that this doesn't take effect on the first login. The configuration profile is applied and other restrictions in the profile take effect (System Preferences panels are grayed out, for example) but the user is able to launch all apps until they log out and log back in again. After that second login, everything works as intended and the user can only launch apps on the whitelist.

Jamf gave me the workaround of using Restricted Software to block certain applications but this doesn't work for us since it can only be scoped to computers and not users.

Any ideas?


New Contributor III

hi @rebelati did you find any solution for this?