Jamf Nation Community

edain55337 · ‎11-19-2012

Using the restricted app tab (under management) I've tried to block some app's from running. As an example I tried to block the chess.app, and included a message to be displayed. I get the message, but the application keeps running. Any one have any idea's on why the restricted app's are not being restricted?

mm2270 · ‎11-19-2012

If you're getting your custom message, check to make sure you checked the "Kill process" box under the Restricted Software setting. It sounds like that may not be enabled, so all you'll get is the message. The way restricted software works is, it lets the application launch, but quits it as soon as the LaunchDaemon checking the process list sees that its running (if you have the above option checked) That can happen anywhere from instantaneous to about 15 seconds after it opens.

edain55337 · ‎11-19-2012

See, it's always nice when someone points out the obvious. Once upon a time I did know the obvious. Honest...

(thanks for your help! That was it!

edain55337 · ‎12-17-2012

Hmmm... Thought that solved the problem, only to discover that it doesn't. Anybody got any ideas?

jhalvorson · ‎12-17-2012

I think it is case sensitive. Try "Chess.app" or "Chess" instead of "chess.app".

GSquared · ‎12-18-2012

We had the same problem. Turns out if you rename the App it won't restrict it, it's not actually doing it by process name. (Had students test it by renaming Terminal. Worked like a charm.) JAMF has stated that they replicated this and I believe are looking into it. That could be part of it if you are renaming Chess or anything at all. Although blocking the stock Chess.app with no name modifications works. Like above make sure your CaSe is correct. :)

donmontalvo · ‎10-29-2013

Circling back to testing Restricted Software on Casper 9.2 and Mavericks 10.9.0.

A non-admin user can copy a restricted app to ~/Desktop and rename it and launch it.

Is this acknowledged issue on JAMF's bug list?

Don

--
https://donmontalvo.com

Report Inappropriate Content · ‎12-12-2013

Bump - I just added a new restricted software entry (LogMeIn), process name LogMeIn* and set to kill process and delete application; restrict exact process name is unchecked. Scoped to all computers.

On a test machine, running from the Desktop, the LogMeIn Installer app continues running and isn't killed or deleted. Ran jamf log just for good measure.

Restricted software titles that were in place before I upgraded to JSS v9.21 are killed etc as expected; the LogMeIn entry is the first I've added since the JSS upgrade. Thoughts?

lisacherie · ‎12-12-2013

@donmontalvo][/url you could try restricting the paths from which Applications are allowed to run with MCX. Will stop the users without admin from installing extra apps.

Report Inappropriate Content · ‎12-13-2013

Oddly enough, today the restriction is working as expcted - only change to my JSS since yesterday was that the overnight database backup ran (which I believe restarts Tomcat once completed).

bentoms · ‎12-13-2013

@pete_c, did you restart the clients when testing or run:

sudo JAMF manage

This I think is needed for the clients to pick up the new restrictions.

tkimpton · ‎12-14-2013

@lisacherie that's what I do and works great :)

acdesigntech · ‎12-20-2013

you can also restart tomcat on the JSS if you're into the heavy handed approach

Jamf Nation Community

Restricted Applications not getting restricted.