Posted on 06-02-2022 10:34 AM
I need to lock down a mac running Monterey 12.4 so that only a very select few apps can run. I can use Screentime for most of this by selecting pretty much everything and giving it a 1m usage, however, it also blocks our remote software (Bomgar Remote Support Client) and I can't add an exception because it doesn't show in the list of apps since it's in a hidden folder.
Is there a better way to do this with JAMF and a config profile? I don't want to have to create a Restricted Software policy for every app on the Mac I need to block.
Posted on 06-02-2022 11:40 AM
@cgreid You should take a look at Google's Santa tool: https://github.com/google/santa which offers a lockdown mode which only allows specific apps to run.
Posted on 06-02-2022 12:08 PM
Have you tried "Restricted Software"
restricts by process name
can delete the app, send email notification and kill the process
Posted on 06-02-2022 12:40 PM
We're trying to block EVERYTHING but Safari, our security tools, and one other program (not my decision). I don't want to have to create an entry for every default app on the Mac. Google's Santa looks promising, documenation is abysmal and without a gui for configuration it doesn't solve the problem of having to create an entry for each app.
Posted on 06-02-2022 01:14 PM
@cgreid LOCKDOWN mode with Santa should only run the apps you specifically enable, which by your description is a small list.
Posted on 06-02-2022 01:30 PM
Is it possible to only have it block apps for specific accounts though? We don't want to block them for our admin account, just the user account.