Posted on 05-28-2015 09:46 PM
I'm looking for a simple way to restrict non-admin accounts from accessing the Users & Groups pref pane (students pulling shenanigins on public workstations). A simple password reset policy doesn't work because students change the name on the account to all kinds of things. I've tried a few techniques outlined here in the nation (chmoding the Accounts.prefPane, manually uploading a plist file) with little success. Configuration Profiles are great, but they disable the prefPane for all users. I can't scope to users, because they are all local. Does anyone have a workaround? I'm sure it's obvious and I'm just missing it...
Any help would be much appreciated!
Posted on 05-28-2015 11:00 PM
Posted on 05-29-2015 09:57 AM
Parental controls or use simple finder can both do that. That's what I tend to use on open public iMacs around here. You could also use some sort of tripwire system that nukes the unit every night... Speaking of which. Does anyone still use radmind or anything else like that now-a-days?
Posted on 05-29-2015 08:22 PM
Thanks @dmw3 & @Chris_Hafner I'll give parental controls a go. We have a refresh script, but we want something for in between classes. I had a policy that would delete the user account and re-add it on logout, but that takes too long.