Has any one found a way to stop students from accessing the terminal? If so please let us know how you did so, Configuration profiles can block a whole folder at a time, but blocking the "Utilities" folder may stop other things from working.
Solved
Stop Students accessing Terminal
+7Best answer by Lincoln
Under management, Restricted software, you can define restricted software and any exemptions to the restriction by both computer groups and users. So I have Terminal restricted and then exemptions for all IT staff computers and for IT staff users as well as our local admin account on all computers. Simple easy and so far effective. You can configure the response to the process being run too, so I kill the process and send the user a message saying that they are not permitted to use that application.
Lincoln
+7Under management, Restricted software, you can define restricted software and any exemptions to the restriction by both computer groups and users. So I have Terminal restricted and then exemptions for all IT staff computers and for IT staff users as well as our local admin account on all computers. Simple easy and so far effective. You can configure the response to the process being run too, so I kill the process and send the user a message saying that they are not permitted to use that application.
Lincoln
+13Another option is to put the .app bundle as a 'blocked folder'.
E.g. block "/Applications/Utilities/Terminal.app"
I've had this work with Apple MCX and Profiles as well as Casper MCX and profiles.
Hope that helps
Darren
+6I wish ours worked like Lincoln describes. Local admin user account is exempted but still gets it blocked on any machine that hasn't had Terminal specifically unblocked from the entire machine. It's quite annoying really.
But yes, the restricted software is a great feature for blocking students from getting to Terminal. Especially when it does it by process name so when they cleverly rename the .app it won't matter.
+5Another option would be the Configuration Profile payload-> System Restrictions ->Applications-> "Restrict which applications are allowed to launch [x]" -- you can 'allow all' then uncheck the box for Terminal which will prevent users from launching the App and wouldn't require moving it into a different folder
+9Random question. What could be or would be an obvious issue with a student or non admin having terminal access in your opinions? I have my own worries and issues with it but just wondering if mine are valid. Non admins can't really do much in it anyway.
+3@iVoidWarrantiez Our students are administrators of their machines. We are happy for them to do most things with their computers as long as they don't break them. We allow Terminal but block it for repeat offenders.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.