Jamf Nation Community

If you are running 10.11, you can't due to SIP, it is in the restricted list.

drwxr-xr-x@  3 root        wheel  restricted 102 17 Feb 16:18 Mail.app

Otherwise, since it is owned by root:

chmod -R 700 /Applications/Mail.app

Like @antonio.ong mentioned, use the tools at your disposal. Casper already has Restricted Software, which can shut down the application as soon as its launched, and optionally show a message explaining why, which is far better than changing permissions on it (if even possible to do at all - see @sean's post above about 10.11 and SIP) and the user's not understanding why it won't launch. Unless you like getting support calls about Mail.app being broken.

I would also consider locking down the "Internet Accounts" Preference Pane using a Configuration Profile, so users aren't tempted to try to add a mail account there first, then try launching Mail only to find they can't use it.

Yeah, for anything we did this on, we also set a hidden flag on the file so to users it just didn't exist, but again SIP will deny that.

Tried just deleting the mail.app or blocking connections with a proxy?

Not useful for existing machines, but if you are netbooting to image you can probably modify it from within the netboot during the imaging process.
Apple really does annoy me with their protection of a bunch of apps people don't neccesarily need to use that aren't part of the OS! At the very least let people hide them in some manner.

Thanks guys, thanks for all your advice

I did try the restrict software option but it never worked for me, couldn't figure out why. But the script from Sean worked.

Going forward, it would be very helpful if there is a way to disable Mac mail entirely from the builds, something i need to look into....