OS X: stopping disk images from mounting, certain files from being opened
The students have been loading Quake and Halo on the computers in our labs. We erased all of these files from the server and locked their personal accounts to prevent this, however, the students then began loading the programs onto our public accounts (from flash drives, etc). I locked these accounts as best I could, but the students have countered everything that I have done.
1. Is there a way to stop an account from mounting .dmg files?
2. Can OS X be set to block specific files? Halo, for instance, has .nib files, so blocking these components would prevent the game from running.
PS: invariably someone will post a message stating that the students should be informed that using these games is not allowed..etc, etc. This is not a real solution because I cannot watch all of the computers in the entire school all of the time, so a technological solution would be better than trying to enforce our computer use policy.
Thanks
1. Is there a way to stop an account from mounting .dmg files?
2. Can OS X be set to block specific files? Halo, for instance, has .nib files, so blocking these components would prevent the game from running.
PS: invariably someone will post a message stating that the students should be informed that using these games is not allowed..etc, etc. This is not a real solution because I cannot watch all of the computers in the entire school all of the time, so a technological solution would be better than trying to enforce our computer use policy.
Thanks
Comments
/System/Library/CoreServices/DiskImageMounter.app
and
/Applications/Utilities/Disk Utility.app
Just note that this may have other adverse effects and the students could potentially bring their own copies of those apps.
Also, have you tried not setting the computers to standard accounts, but rather create accounts with Parental Controls, etc.
Maybe the parental controls would help out - only allow them to run certain apps instead of prevent them running certain apps. This should prevent P2P apps too. Just make sure to approve a good list of apps that will be used legitimately.
To stop mounting dmg files, you could try removing:
/System/Library/CoreServices/DiskImageMounter.app
and
/Applications/Utilities/Disk Utility.app[/QUOTE]
I'll rm Diskimagemounter. I'm a little weary of deleting disk utility though, so I'll just block it through parental controls.
Also, have you tried not setting the computers to standard accounts, but rather create accounts with Parental Controls, etc.
The accounts are completely locked. They are dropping the files onto the desktop from flash drives and/or running the game directly from the disk image.
Thanks for the help.
Even if you run a daemon app as admin/root that looks for a process with the name quake and kill it if it is running, they can still rename the binary and the entry in info.plist. It might be a quick fix though and certainly makes things more difficult for them.
These kids wouldn't know unix if it hit them on the head. Also, I can lock the Preferences folders so that they cannot access the plist files. Can you offer a little help on where I can learn how to write a daemon app to block these Halo/Quake processes from running?
Maybe the parental controls would help out - only allow them to run certain apps instead of prevent them running certain apps. This should prevent P2P apps too. Just make sure to approve a good list of apps that will be used legitimately.
They've found a way around parental controls by running the games directly from the disk images or the folders the files are in. I have the computers set so that only permitted programs can run and you need the admin password to install anything.
Thanks.