using managed preferences (MCX) to blacklist applications

My organization currently blacklists only Font Book since it allows a non-admin user to install fonts into their own Fonts directory. We do not have an Open Directory here and the Active Directory schema has not been (and is unlikely to be) extended, so we leverage JAMF Casper to apply MCX settings to client Macs. Blacklisting and Whitelisting applications with JAMF can be a bit tricky, but a quick phone call to JAMF and I was on my way I and thought I’d share those details in case anyone else finds themselves in a similar situation. In a nutshell, 3 plists have to be managed to create a successful black and/or whitelist: pathblacklist-raw, pathwhitelist-raw, and familyControlsEnabled. And since a picture is worth a thousand words, I am going to show screen shots of my configurations rather than explaining them in all their gory detail.


















About this entry