Posted on 09-18-2013 10:35 PM
Has any one found a way to stop students from accessing the terminal? If so please let us know how you did so, Configuration profiles can block a whole folder at a time, but blocking the "Utilities" folder may stop other things from working.
Solved! Go to Solution.
Posted on 09-18-2013 10:47 PM
Under management, Restricted software, you can define restricted software and any exemptions to the restriction by both computer groups and users. So I have Terminal restricted and then exemptions for all IT staff computers and for IT staff users as well as our local admin account on all computers. Simple easy and so far effective. You can configure the response to the process being run too, so I kill the process and send the user a message saying that they are not permitted to use that application.
Lincoln
Posted on 09-19-2013 12:08 AM
Another option is to put the .app bundle as a 'blocked folder'.
E.g. block "/Applications/Utilities/Terminal.app"
I've had this work with Apple MCX and Profiles as well as Casper MCX and profiles.
Hope that helps
Darren
Posted on 09-18-2013 10:47 PM
Under management, Restricted software, you can define restricted software and any exemptions to the restriction by both computer groups and users. So I have Terminal restricted and then exemptions for all IT staff computers and for IT staff users as well as our local admin account on all computers. Simple easy and so far effective. You can configure the response to the process being run too, so I kill the process and send the user a message saying that they are not permitted to use that application.
Lincoln
Posted on 09-19-2013 12:08 AM
Another option is to put the .app bundle as a 'blocked folder'.
E.g. block "/Applications/Utilities/Terminal.app"
I've had this work with Apple MCX and Profiles as well as Casper MCX and profiles.
Hope that helps
Darren
Posted on 09-19-2013 01:00 AM
Thank you for you help, it works a treat now.
Posted on 09-19-2013 12:53 PM
I wish ours worked like Lincoln describes. Local admin user account is exempted but still gets it blocked on any machine that hasn't had Terminal specifically unblocked from the entire machine. It's quite annoying really.
But yes, the restricted software is a great feature for blocking students from getting to Terminal. Especially when it does it by process name so when they cleverly rename the .app it won't matter.
Posted on 09-24-2013 11:27 AM
Another option would be the Configuration Profile payload-> System Restrictions ->Applications-> "Restrict which applications are allowed to launch [x]" -- you can 'allow all' then uncheck the box for Terminal which will prevent users from launching the App and wouldn't require moving it into a different folder
Posted on 02-13-2019 04:44 PM
Random question. What could be or would be an obvious issue with a student or non admin having terminal access in your opinions? I have my own worries and issues with it but just wondering if mine are valid. Non admins can't really do much in it anyway.
Posted on 06-24-2020 09:41 PM
@iVoidWarrantiez Our students are administrators of their machines. We are happy for them to do most things with their computers as long as they don't break them. We allow Terminal but block it for repeat offenders.