Jamf Nation Community

@duffcalifornia Are they admins?

Also, can those settings that they are changing be enforced via a profile instead?

I am wondering if you could create a script that would look if /library has been open and then exclude them from a profile. We found removing the wireless profile gets our users attention.

If they haven't got admin rights they shouldn't be able to modify much if anything there.
If they are admins, well then they are admins...

@CapU - Not that we're aware of. There aren't many of these users who are the combination of "tech savvy enough to mess with things" and "resistant to the idea that we're managing them". We're just trying to be proactive. IT isn't the most trusted or respected department at my org.

@bentoms , @Look - They are, sadly, due to precedent. I'm looking to just modify the permissions for the root Library to rw- as opposed to rwx

@jared_f That's a possibility I suppose, though we'd have to figure out what to take away as not all of our users are on wifi...

I sincerely don't think its possible, or recommended to change the permissions on the root Library folder. Many applications need to be able to read support files and other items from those directories that are in the root Library folder, so messing with the permissions is very likely to break stuff on you. The general rule of thumb is, never change the permissions on a directory that is managed and owned by the operating system. I would not do it.

Can you detail some of the concerns you have about what they may mess with, or what you've already seen messed with? That may help us help you come up with a more realistic solution.