Stop Students accessing Terminal

Hobbs155
Contributor

Has any one found a way to stop students from accessing the terminal? If so please let us know how you did so, Configuration profiles can block a whole folder at a time, but blocking the "Utilities" folder may stop other things from working.

2 ACCEPTED SOLUTIONS

Lincoln
Contributor

Under management, Restricted software, you can define restricted software and any exemptions to the restriction by both computer groups and users. So I have Terminal restricted and then exemptions for all IT staff computers and for IT staff users as well as our local admin account on all computers. Simple easy and so far effective. You can configure the response to the process being run too, so I kill the process and send the user a message saying that they are not permitted to use that application.

Lincoln

View solution in original post

daz_wallace
Contributor III

Another option is to put the .app bundle as a 'blocked folder'.

E.g. block "/Applications/Utilities/Terminal.app"

I've had this work with Apple MCX and Profiles as well as Casper MCX and profiles.

Hope that helps

Darren

View solution in original post

7 REPLIES 7

Lincoln
Contributor

Under management, Restricted software, you can define restricted software and any exemptions to the restriction by both computer groups and users. So I have Terminal restricted and then exemptions for all IT staff computers and for IT staff users as well as our local admin account on all computers. Simple easy and so far effective. You can configure the response to the process being run too, so I kill the process and send the user a message saying that they are not permitted to use that application.

Lincoln

daz_wallace
Contributor III

Another option is to put the .app bundle as a 'blocked folder'.

E.g. block "/Applications/Utilities/Terminal.app"

I've had this work with Apple MCX and Profiles as well as Casper MCX and profiles.

Hope that helps

Darren

Hobbs155
Contributor

Thank you for you help, it works a treat now.

GSquared
New Contributor II

I wish ours worked like Lincoln describes. Local admin user account is exempted but still gets it blocked on any machine that hasn't had Terminal specifically unblocked from the entire machine. It's quite annoying really.

But yes, the restricted software is a great feature for blocking students from getting to Terminal. Especially when it does it by process name so when they cleverly rename the .app it won't matter.

cdot
New Contributor

Another option would be the Configuration Profile payload-> System Restrictions ->Applications-> "Restrict which applications are allowed to launch [x]" -- you can 'allow all' then uncheck the box for Terminal which will prevent users from launching the App and wouldn't require moving it into a different folder

iVoidWarrantiez
New Contributor III

Random question. What could be or would be an obvious issue with a student or non admin having terminal access in your opinions? I have my own worries and issues with it but just wondering if mine are valid. Non admins can't really do much in it anyway.

scarey
New Contributor II

@iVoidWarrantiez Our students are administrators of their machines. We are happy for them to do most things with their computers as long as they don't break them. We allow Terminal but block it for repeat offenders.