<font size=2 face="sans-serif">That sounds like a good idea. We'll have
to give that some thought for the next build.</font>
<br>
<br><font size=2 face="sans-serif">But in the mean time, I'm still looking
for a list of applications/processes you all are using today.</font>
<br>
<br><font size=2 face="sans-serif">
Rich Barron<br>
</font>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Thomas Larkin"
<tlarki@kckps.org></b> </font>
<br><font size=1 face="sans-serif">Sent by: casper-bounces@list.jamfsoftware.com</font>
<p><font size=1 face="sans-serif">08/06/2009 10:36 AM</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif"><casper@list.jamfsoftware.com>,
<Rich_Barron@vfc.com></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">Re: [Casper] List of restricted software?</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><tt><font size=2>I restrict software by folder and no longer do individual
apps. Then I make sure that /Applications is owned by root:admin
and do not allow any app to run from any other folder via MCX. With
version 7 you should be able to do this with out having a OD Server in
place, I think. <br>
<br>
This is much easier and then it requires way less management. Then
you must authenticate via local admin to install software. MCX settings
already do this via OD Servers. I then toss all of my apps that I
want my IT staff to use in /Applications/Utilities and set the group policy
for students to not allow them to run apps from that folder. <br>
<br>
They will not be allowed to run any process outside of the Applications
folder and it will require admin rights to install anything in the /Applications
folder. So if they try to run a mobile version of Firefox from say
a thumb drive they will get denied. There are a few caveats to it,
like if you allow applications to open other applications outside that
folder it can get tricky. Otherwise, it is way more simple and easy
to maintain it that way. <br>
<br>
<br>
___________________________<br>
Thomas Larkin<br>
TIS Department<br>
KCKPS USD500<br>
tlarki@kckps.org<br>
blackberry: 913-449-7589<br>
office: 913-627-0351<br>
<br>
<br>
<br>
<br>
<br>
>>> <Rich_Barron@vfc.com> 08/06/09 11:43 AM >>>
<br>
Would the list like to help me start a shared list of restricted software
<br>
names and process names? Maybe we can put one together and pass it off
to <br>
JAMF to manage/update? I'm sure we all have our pet peeve applications.
<br>
And I am sure there are new ones coming out all the time or ones we may
<br>
have overlooked. So I suggest bringing our minds together and making a
<br>
master list with some details so we can pick/skip the ones we need.<br>
<br>
Here is the format I suggest:<br>
<br>
Software Name: Skype<br>
Process Name: skype <--not sure on this one<br>
Type of Application: Voice over IP software with video and file transfer
<br>
features.<br>
Risk: File transfer features bypass company firewalls and could allow <br>
infected files in to network.<br>
Website: </font></tt><a href=http://skype.com/><tt><font size=2>http://skype.com</font></tt></a><tt><font size=2><br>
<br>
<br>
Rich Barron<br>
<br>
_______________________________________________<br>
Casper mailing list<br>
Casper@list.jamfsoftware.com<br>
</font></tt><a href=http://list.jamfsoftware.com/mailman/listinfo/casper><tt><font size=2>http://list.jamfsoftware.com/mailman/listinfo/casper</font></tt></a><tt><font size=2><br>
</font></tt>
<br>