Allowing application to launch
MCX com.apple.applicationaccess.new is used to control witch .app programs can be access by a target group.
pathBlackList-Raw is used to create a block list by folder (applications not allowed to run)
pathWhiteList-Raw is used to create a white list by folder. (applications allow to run)
whiteList-Raw allows a .app program to run regardless of the directory the program is in.
whiteListing every single application in whiteList-Raw would make a huge MCX record.
pathWhiteList-Raw can be used to create a more dynamic list, that will be smaller. to save time unix commands can be used to generate a list of paths that include .app. Here are the unix commands I use:
sudo find / -name *.app | sed 's/\/[^/]*$/\//' > /step1.txt sudo sort /step1.txt > /step2.txt sudo uniq /step2.txt > /step3.txt
This will create a file named step3.txt at / with a list of directories with applications. Note you may want to review the list and remove directories as needed. For instance I tend to remove any application with the path of '/Users/'. Any application in /Users I add to application acceess via whiteList-Raw.
I tend to add the fallowing paths to pathBlackList-Raw: