Restrict non admins from changing their passwords....

Contributor II

I'm looking for a simple way to restrict non-admin accounts from accessing the Users & Groups pref pane (students pulling shenanigins on public workstations). A simple password reset policy doesn't work because students change the name on the account to all kinds of things. I've tried a few techniques outlined here in the nation (chmoding the Accounts.prefPane, manually uploading a plist file) with little success. Configuration Profiles are great, but they disable the prefPane for all users. I can't scope to users, because they are all local. Does anyone have a workaround? I'm sure it's obvious and I'm just missing it...

Any help would be much appreciated!


Contributor III

@tep Will "Parental Control" do what you want

Valued Contributor II

Parental controls or use simple finder can both do that. That's what I tend to use on open public iMacs around here. You could also use some sort of tripwire system that nukes the unit every night... Speaking of which. Does anyone still use radmind or anything else like that now-a-days?

Contributor II

Thanks @dmw3 & @Chris_Hafner I'll give parental controls a go. We have a refresh script, but we want something for in between classes. I had a policy that would delete the user account and re-add it on logout, but that takes too long.