[Casper] restricted software

Thomas Larkin tlarki at kckps.org
Mon Mar 2 08:35:08 PST 2009 

I had to let it search out mounted disk images and thumb drives, and
there was one application folder with botched permissions that allowed
them write access.  They aren't admins but they have the brute force
hacker mentality where they just keep trying every possible thing until
they get it right.  


___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry:  913-449-7589
office:  913-627-0351





>>> Miles Leacy <miles.leacy at themacadmin.com> 03/02/09 10:32 AM >>>
Assuming your users aren't admins, you could limit your search & destroy
scripts to locations that a user has access to (i.e., ~ and
/Users/Shared/). 


If your users are admins, you've got bigger problems. :)

----------
Miles A. Leacy IV

 Certified System Administrator
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com





On Mon, Mar 2, 2009 at 11:28 AM, Thomas Larkin 
<tlarki at kckps.org> 

wrote:


Well I was using search and destroy scripts using the find command and
it killed my logs. I deleted those policies and I shaved off, get this,
an epic 5 gigs off of my MySQL database on the JSS. It looks like the
find command was indexing every single file on the computer, which is
like millions, and even with limited scope search paths it was still too
much. 


The find commands work well for one time execution over ARD admin
though. 



___________________________
Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351






>>> Miles Leacy <miles.leacy at themacadmin.com> 03/02/09 10:24 AM >>>



2009/3/2 Thomas Larkin 
<tlarki at kckps.org> 






So Casper will shut down Skype.app but me just listing it exactly what
the process is called right? 





Right. I'd enter a message to display to the user, unless you want them
to think that the app's failure to launch is a system issue, then you
can have the help desk scold them when they call in. :) 



What I really like is that you can send email notifications and delete
the offending app too. This eliminates the need for "search and destroy"
scripts for offending apps that you know about and don't want on your
systems. 


----------
Miles A. Leacy IV

 Certified System Administrator
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com

www.themacadmin.com 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090302/ab5bed26/attachment.html

More information about the Casper mailing list