Posted on 11-11-2010 12:43 AM
We have boot camp as the only restricted application in our managed
preferences, how can we increase the frequency that casper checks to see
if it's running? It seems that people are able to click through and set
it up before it triggers the restriction thereby closing the app and
providing the popup warning message that gives the users a hand slap.
John Wojda
Lead System Engineer, CTS
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>
Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Posted on 11-11-2010 02:19 PM
Try using MCX to restrict by file path, then disallow anything that is
not in /Applications (including /Applications/Utilities)
Posted on 11-12-2010 05:51 AM
If I do that, won't it block Keychain Access, Disk Utility, Network
Utility, Spaces, X11, etc?
Is there a simple way to remove the application via policy or during
imaging?
John Wojda
Lead System Engineer, CTS
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>
Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Posted on 11-12-2010 05:56 AM
you can just use mcx and point it straight at the bootcamp app instead of the utilities folder. then anything in the utilities folder can be launched except bootcamp.
jorge a. najera-ordonez
Posted on 11-12-2010 05:58 AM
That's what I'm doing now, but because it's only a couple mouse clicks
before you're through the bootcamp assistant the MCX doesn't recognize
it before the user is already done.
John Wojda
Lead System Engineer, CTS
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
SMS / Text Page: 2245873298
<mailto:12245873298 at messaging.sprintpcs.com>
Team Lead: Chris Sta Ana
<mailto:cstaana at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Posted on 11-12-2010 06:24 AM
This is what I do:
1) put all apps via post image shell script I want to restrict access
to in /Applications/Utilities, move all apps I want users to access into
/Applications. All those Apple apps are self contained.
2) Create a MCX policy that only allows applications to execute from
/Applications and restrict usage from anywhere else including
/Applications/Utilities.
So, users cannot run apps off of USB flash drives, or external volumes.
There are a few caveats, like Adobe license app and stuff in
/Library/Application Support that will also have to be added.
This allows me to restrict users from running terminal.app from their
desktop
Posted on 12-08-2010 08:40 AM
So I tried to do the restrict applications Managed Preference, I wanted
it to block Applications/Microsoft Office 2011, which I did... and I
suddenly got called from a user that they can't launch anything from
their Applications folder.
I thought I would just do restrict applications, but I don't see a way
to restrict the 2011 version compared to the authorized 2008 version.
John Wojda
Lead System Engineer, DEI
3333 Beverly Rd. B2-338B
Hoffman Estates, IL 60179
Phone: (847)286-7855
Page: (224)532.3447
Team Lead: Matt Beiriger
<mailto:mbeirig at searshc.com;jwojda at searshc.com?subject=John%20Wojda%20Fe
edback&body=I%20am%20contacting%20you%20regarding%20John%20Wojda.>
Mac Tip/Tricks/Self Service & Support <http://bit.ly/gMa7TB>