I've been struggling to find a way to effectively block the running of
P2P apps on our school network. A few points:
1) the network analysis tool we were using to do this at the network
level no longer works since the P2P detection signatures have changed
and they have no plans to update them. This effectively allows
Gnutella, Soulseek, and bittorrent traffic to pass on our network.
2) Our AUP clearly states that students in our 1:1 program are
allowed to do whatever they want while they are at home on their own
networks. They are only prohibited from running P2P apps while on our
school network
3) The "restricted apps" rules in Casper are great, except that they
are executed locally as a system daemon running a watched process task
to look for the P2P apps. The nature of this is that the restricted
rules task will block/kill a disallowed app regardless of which
network the students are on. There appears to be no way to assign
these restricted apps rules to a policy, which would then allow me to
enforce based on network segments. JAMF support confirms that this is
the case.
So I'm left trying to script a way to add and remove an Exemption
Group that contains all manged clients to the restricted apps rule
based on a time schedule. I can easily envision a way to write a cron
job to run the jamf binaries to effect the rule change, but I don't
know the syntax of the jamf command line tools, or even if it's
possible.
Does anyone know if this is do-able? I don't want t have to resort to
manually adding, then removing this group to the Restricted Apps rule
every morning and evening.
Thanks,
Damien Barrett
System Technician
Montclair Kimberley Academy
