Security Application control

perryd84
Contributor II

Hi All,

We are currently looking to get to a level of security where users can only use self service to install anything.
Currently if a user has admin rights its a free-for-all, but, we want users to be admins but still have application restrictions.

So far I've managed to block the Apple App Store, but blocking dmg and pkg files seems more difficult.

If I use a config profile to block dmg files then dmgs from self service get blocked.
I've tried to block the installer process but obviously that kills any kind of install!

Is anyone else managing applications at this kind of level and if so how are you doing it?

4 REPLIES 4

perryd84
Contributor II

Could really do with some input on this. There must be people out there who have application control?

sdagley
Esteemed Contributor II

@perryd Leaving your users as admins really limits what your options are. If you didn't want to have your users as admins then something like BeyondTrust's Privilege Management for Mac could do what you ask. Google's Santa might be worth a look. It won't prevent something from being installed, but it will control what can be run.

perryd84
Contributor II

Thanks for the reply I'll look into these and see what we could do with them. The problem we have is we have a lot of Devs working on web backends and iOS apps and they need to run things like homebrew and sudo as they do a lot of work in terminal so need admin privileges to do this.

sdagley
Esteemed Contributor II

@perryd84 Giving users admin rights and then trying to restrict what they're doing is sort of an exercise in futility. Not that you wouldn't want to monitor/review what they did while they had those rights.