Allowing application to launch

From AFP548 Wiki
Jump to navigation Jump to search

MCX is used to control witch .app programs can be access by a target group.

pathBlackList-Raw is used to create a block list by folder (applications not allowed to run)
pathWhiteList-Raw is used to create a white list by folder. (applications allow to run)
whiteList-Raw allows a .app program to run regardless of the directory the program is in.

whiteListing every single application in whiteList-Raw would make a huge MCX record.

pathWhiteList-Raw can be used to create a more dynamic list, that will be smaller. to save time unix commands can be used to generate a list of paths that include .app. Here are the unix commands I use:

sudo find / -name *.app | sed 's/\/[^/]*$/\//' > /step1.txt
sudo sort /step1.txt > /step2.txt
sudo uniq /step2.txt > /step3.txt

This will create a file named step3.txt at / with a list of directories with applications. Note you may want to review the list and remove directories as needed. For instance I tend to remove any application with the path of '/Users/'. Any application in /Users I add to application acceess via whiteList-Raw.

I tend to add the fallowing paths to pathBlackList-Raw: