Restricted Software...

ImAMacGuy
Valued Contributor II

We have boot camp as the only restricted application in our managed
preferences, how can we increase the frequency that casper checks to see
if it's running? It seems that people are able to click through and set
it up before it triggers the restriction thereby closing the app and
providing the popup warning message that gives the users a hand slap.

John Wojda

Lead System Engineer, CTS

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>

Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

6 REPLIES 6

tlarkin
Honored Contributor

Try using MCX to restrict by file path, then disallow anything that is
not in /Applications (including /Applications/Utilities)

ImAMacGuy
Valued Contributor II

If I do that, won't it block Keychain Access, Disk Utility, Network
Utility, Spaces, X11, etc?

Is there a simple way to remove the application via policy or during
imaging?

John Wojda

Lead System Engineer, CTS

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>

Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Not applicable

you can just use mcx and point it straight at the bootcamp app instead of the utilities folder. then anything in the utilities folder can be launched except bootcamp.

jorge a. najera-ordonez

ImAMacGuy
Valued Contributor II

That's what I'm doing now, but because it's only a couple mouse clicks
before you're through the bootcamp assistant the MCX doesn't recognize
it before the user is already done.

John Wojda

Lead System Engineer, CTS

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>

Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

tlarkin
Honored Contributor

This is what I do:

1) put all apps via post image shell script I want to restrict access
to in /Applications/Utilities, move all apps I want users to access into
/Applications. All those Apple apps are self contained.

2) Create a MCX policy that only allows applications to execute from
/Applications and restrict usage from anywhere else including
/Applications/Utilities.

So, users cannot run apps off of USB flash drives, or external volumes. There are a few caveats, like Adobe license app and stuff in
/Library/Application Support that will also have to be added.

This allows me to restrict users from running terminal.app from their
desktop

ImAMacGuy
Valued Contributor II

So I tried to do the restrict applications Managed Preference, I wanted
it to block Applications/Microsoft Office 2011, which I did... and I
suddenly got called from a user that they can't launch anything from
their Applications folder.

I thought I would just do restrict applications, but I don't see a way
to restrict the 2011 version compared to the authorized 2008 version.

John Wojda

Lead System Engineer, DEI

3333 Beverly Rd. B2-338B

Hoffman Estates, IL 60179

Phone: (847)286-7855

Page: (224)532.3447

Team Lead: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>

Mac Tip/Tricks/Self Service & Support <http://bit.ly/gMa7TB>