Restrict App Usage to Only select Apps

cgreid
New Contributor III

I need to lock down a mac running Monterey 12.4 so that only a very select few apps can run.  I can use Screentime for most of this by selecting pretty much everything and giving it a 1m usage, however, it also blocks our remote software (Bomgar Remote Support Client) and I can't add an exception because it doesn't show in the list of apps since it's in a hidden folder.

Is there a better way to do this with JAMF and a config profile?  I don't want to have to create a Restricted Software policy for every app on the Mac I need to block.

5 REPLIES 5

sdagley
Esteemed Contributor II

@cgreid You should take a look at Google's Santa tool: https://github.com/google/santa which offers a lockdown mode which only allows specific apps to run.

sgiesbrecht
Contributor III

Have you tried "Restricted Software"
restricts by process name

can delete the app, send  email notification and  kill the process

 

cgreid
New Contributor III

We're trying to block EVERYTHING but Safari, our security tools, and one other program (not my decision).  I don't want to have to create an entry for every default app on the Mac.  Google's Santa looks promising, documenation is abysmal and without a gui for configuration it doesn't solve the problem of having to create an entry for each app.

sdagley
Esteemed Contributor II

@cgreid LOCKDOWN mode with Santa should only run the apps you specifically enable, which by your description is a small list.

cgreid
New Contributor III

Is it possible to only have it block apps for specific accounts though?  We don't want to block them for our admin account, just the user account.