Whats the best way to go about restricting access to the mail client, we have over 2000 users, all managed by casper, because of the nature of the business mail is off limits and needs to be locked down, I was looking at a script, i am bit of a novice at this any help appreciated
do shell script "chmod 000 Applications/Mail.app"
Like @antonio.ong mentioned, use the tools at your disposal. Casper already has Restricted Software, which can shut down the application as soon as its launched, and optionally show a message explaining why, which is far better than changing permissions on it (if even possible to do at all - see @sean's post above about 10.11 and SIP) and the user's not understanding why it won't launch. Unless you like getting support calls about Mail.app being broken.
I would also consider locking down the "Internet Accounts" Preference Pane using a Configuration Profile, so users aren't tempted to try to add a mail account there first, then try launching Mail only to find they can't use it.
Not useful for existing machines, but if you are netbooting to image you can probably modify it from within the netboot during the imaging process.
Apple really does annoy me with their protection of a bunch of apps people don't neccesarily need to use that aren't part of the OS! At the very least let people hide them in some manner.
Thanks guys, thanks for all your advice
I did try the restrict software option but it never worked for me, couldn't figure out why. But the script from Sean worked.
Going forward, it would be very helpful if there is a way to disable Mac mail entirely from the builds, something i need to look into....