Chat now with support
Chat mit Support

Safeguard Authentication Services 5.0.2 - macOS Administration Guide

Privileged Access Suite for Unix Installation Safeguard Authentication Services macOS components Safeguard Authentication Services client configuration Special macOS features Limitations on macOS Group Policy for macOS Certificate Autoenrollment Glossary

Applications tab

The Application settings control which applications are allowed to execute on macOS.

  1. Select the Manage mode: Never, Once, or Always.
  2. Select Restrict which applications are allowed to launch if you want to disallow applications thus restricting the applications the user can access.
  3. Application restrictions are controlled by means of folder paths. Group Policy does not currently support application management using digital signatures, therefore to allow or prevent users from launching an application, add the application or the path to the application to one of two lists:
    • Disallow applications within these folders.

      Add folders containing applications that you want to prevent users from opening. All applications in sub-folders of disallowed applications are also disallowed.

    • Allow applications within these folders.
      Add folders containing applications that you want users to launch. If an application or path to the application appears in both the Disallow and the Allow lists, then the Disallow list takes precedence and the user is not allowed to launch the application.

    If an application does not appear in either of these lists, the user can not launch the application.

  4. Click Add to open the New Application Item dialog. You can type the absolute Unix path or you can click Remote Browse to log into a remote macOS machine (by means of SSH) and browse for the target folder. It displays recently specified paths. To reuse a recently specified path, double-click the item in the list.

Note: Both disallow and allow paths support the %HOME% macro-expansion to the user's Unix home directory. For example, to restrict a user from running applications in their home directory, specify %HOME%. This macros is only supported by user policies; machine policies do not support this macro type.

Options tab

The Options settings control macOS server settings. For example, you can choose whether to allow a user to use the App Store. If set to false, a user that attempts to use the app store will receive a message like the following: You don't have permissions to use the App Store.

  1. Select the Manage mode: Never, Once, or Always.
  2. Select the check boxes to enable the features you want to enable.
    • Allow use of Game Center
      • Allow multiplayer gaming
      • Allow adding Game Center friends
      • Allow Game Center account modifications
    • Allow App Store app adoption
    • Allow Safari AutoFill
    • Allow software update notifications
    • Require admin password to install or update apps
    • Restrict App Store to MDM installed apps and software updates

Dock Properties

On macOS, the Dock is similar to a tool bar on other operating systems. In addition to showing which applications are running, the dock provides quick shortcuts to applications, folders and documents as well as system controls. Dock settings allow you to adjust the behavior of the user’s Dock and specify which items appear in it.

You can apply Dock Properties settings under both Computer Configuration and User Configuration.

Dock Items tab

Dock Items tab settings control the applications, files and folders that are displayed on the user's Dock and support the following management modes: Never, Once, Always.

You can insert three types of items into the user's Dock: Applications, Documents and Folders. The Applications list controls which applications are inserted. The Documents and Folders list controls documents and folders that are inserted into the user's Dock. Click Add to select the items to insert in the Dock. You can drag the items within the list to change the order in which they appear on the Dock.

In addition to standard Unix paths, you can specify a network share by using the following syntax:

cifs://<server hostname>/<share name>

Folder paths support two types of macro-expansions. First, the %@ macro expands to the user's Unix name. Additionally, you can expand any active directory attribute using the %<attributename>% macro. For example, to add the user’s network home directory to the dock, specify %homeDirectory%. You can get the value for any user attribute using the %<attributename>% macro. These macros are only supported by user policies; machine policies do not support either of these macro types.

The following options are also supported:

  • Merge with the user's Dock

    Select to merge the specified items into the user's Dock. If you do not select this option, the specified items replace the user's Dock.

  • Add other folders:

    Select to add predefined folders to the user's Dock. Safeguard Authentication Services supports My Applications and Documents.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen