|
Our IT department has a policy that all non-work-related software (especially games) be deleted or locked down in some manner so that employees aren't tempted to be doing non-work activities during the work day. In my early OS X testing, I tried just deleting the games that ship as part of OS X. This had the unintended side effect of "breaking" the software update process. When OS X tried to update wireless networking components or iPod software and couldn't find it, it complained. Since OS X is a UNIX system, I realized that I could achieve the company's policy goals by simply setting up a cron script that changed the UNIX permissions on the relevant files so that end users could not access them. You might ask why this can't be a "one time" deal. Good question. The reason is that the first time you repair permissions on a system locked down in this way, OS X dutifully restores the original permissions for you and would allow the users to run the prohibited software. While I could trust that I'll remember to lock the applications down every time I run a disk or permission repair, I'm not the only one in the office doing this kind of administration work. And my memory's not that great anyway. So I set this script up as a cron task and have it lock down those applications my users aren't permitted to use. That way, even if I forget to run this script after doing a permission repair, cron will see that the files are locked down for me after work tonight. Since your organization's (or household's) policies may differ, you'll need to modify the script below to suit your specific needs. I will not provide assistance doing this, but I think if you look at the code below and have any scripting experience, you'll easily see what to do to adjust the script to your needs. As always, I provide this script "as is" without warranty or support. If it works for you, or you can make it work for you, great. If not, or if it causes any loss of data or work, all you can expect is an "I'm sorry" from me. BY using the script, you assume all liability for the consequences (good or bad) that arise.
#!/bin/csh # # Locks down built-in OS X applications that violate company policies. # # # Updated: October 5, 2004 # By: Mike Salsbury # # echo " " echo "This script locks down several applications that are restricted in" echo "their use at work, including the Chess, iChat, iSync, Airport, and" echo "Bluetooth wireless utilities." echo " " echo "Enter the root/admin password when/if prompted." echo " " # # Lock down Chess game. # sudo chmod o-x /Applications/Chess.app sudo chmod o-r /Applications/Chess.app # # Lock down iChat # sudo chmod o-x /Applications/iChat.app sudo chmod o-r /Applications/iChat.app # # Lock down iSync # sudo chmod o-x /Applications/iSync.app sudo chmod o-r /Applications/iSync.app # # Lock down AirPort (Wireless) Utilities # sudo chmod o-x "/Applications/Utilities/AirPort Admin Utility.app" sudo chmod o-x "/Applications/Utilities/AirPort Setup Assistant.app" sudo chmod o-r "/Applications/Utilities/AirPort Admin Utility.app" sudo chmod o-r "/Applications/Utilities/AirPort Setup Assistant.app" # # Lock down Bluetooth (Wireless) Utilities # sudo chmod o-x "/Applications/Utilities/Bluetooth File Exchange.app" sudo chmod o-x "/Applications/Utilities/Bluetooth Serial Utility.app" sudo chmod o-x "/Applications/Utilities/Bluetooth Setup Assistant.app" sudo chmod o-r "/Applications/Utilities/Bluetooth File Exchange.app" sudo chmod o-r "/Applications/Utilities/Bluetooth Serial Utility.app" sudo chmod o-r "/Applications/Utilities/Bluetooth Setup Assistant.app" # # Lock down iPod Updater Utilties # sudo chmod o-x "/Applications/Utilities/iPod Software Updater.localized" sudo chmod o-r "/Applications/Utilities/iPod Software Updater.localized" # echo "Finished."
Related Blogs:
Related Links:
|
