[Casper] restricted software

Mon Mar 2 09:49:35 PST 2009

I found a bug with the Restricted Software feature that causes the  
computers to always stay awake since the checking for processes  
apparently resets the sleep timer.  This was an issue for us because  
of our green initiatives on campus.

That being said, I find that feature far superior to search and  
destroy scripts for a couple of reasons:

1. It doesn't matter where the applications is running from, since it  
looks for process information, it will spot the process and delete the  
app.
2. For the most part, a user can't just rename the .app and fool the  
system (i.e., search and destroy can be fooled if a user renames  
"LimeWire.app" to "LW.app", since Casper uses process names, thats a  
little more difficult.

One thing that might be interesting to check out is if you can make a  
launchd item that will monitor the process list and be started up if a  
process with a certain name, similar to how it can be notified on  
folder change.  This would eliminate polling and maybe fix the sleep  
issue, but I haven't looked at the man page enough to see if it can be  
done.

Ryan Harter
UW - Stevens Point
Workstation Developer
715.346.2716
Ryan.Harter at uwsp.edu

On Mar 2, 2009, at 10:35 AM, Thomas Larkin wrote:

> I had to let it search out mounted disk images and thumb drives, and  
> there was one application folder with botched permissions that  
> allowed them write access.  They aren't admins but they have the  
> brute force hacker mentality where they just keep trying every  
> possible thing until they get it right.
>
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry:  913-449-7589
> office:  913-627-0351
>
>
>
>
>
> >>> Miles Leacy <miles.leacy at themacadmin.com> 03/02/09 10:32 AM >>>
> Assuming your users aren't admins, you could limit your search &  
> destroy scripts to locations that a user has access to (i.e., ~ and / 
> Users/Shared/).
>
> If your users are admins, you've got bigger problems. :)
>
> ----------
> Miles A. Leacy IV
>
>  Certified System Administrator
>  Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
>
>
>
> On Mon, Mar 2, 2009 at 11:28 AM, Thomas Larkin
> <tlarki at kckps.org>
> wrote:
> Well I was using search and destroy scripts using the find command  
> and it killed my logs. I deleted those policies and I shaved off,  
> get this, an epic 5 gigs off of my MySQL database on the JSS. It  
> looks like the find command was indexing every single file on the  
> computer, which is like millions, and even with limited scope search  
> paths it was still too much.
>
> The find commands work well for one time execution over ARD admin  
> though.
>
>
>
> ___________________________
> Thomas Larkin
> TIS Department
> KCKPS USD500
> tlarki at kckps.org
> blackberry: 913-449-7589
> office: 913-627-0351
>
>
>
>
>
> >>> Miles Leacy <miles.leacy at themacadmin.com> 03/02/09 10:24 AM >>>
>
>
> 2009/3/2 Thomas Larkin
> <tlarki at kckps.org>
>
>
> So Casper will shut down Skype.app but me just listing it exactly  
> what the process is called right?
>
>
> Right. I'd enter a message to display to the user, unless you want  
> them to think that the app's failure to launch is a system issue,  
> then you can have the help desk scold them when they call in. :)
>
> What I really like is that you can send email notifications and  
> delete the offending app too. This eliminates the need for "search  
> and destroy" scripts for offending apps that you know about and  
> don't want on your systems.
>
> ----------
> Miles A. Leacy IV
>
>  Certified System Administrator
>  Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com
>
> <ATT00001.txt>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090302/6aa092fe/attachment.htm 