Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Prevent Installs w/o Password

R

reckless2k2

macrumors 6502a
Original poster
Jul 10, 2008
525
0
My family is getting wise to how to bypass security when installing programs our iMac.

My security settings have Mac App Store and identified developers but the little "allow anyway" pop-up comes up that they can click and simply install. In most cases, I've found the password was not necessary (they don't know the password but apps keep getting installed).

How can I lock this down completely?

Thanks for any help.
 
maflynn

maflynn

macrumors Haswell
May 3, 2009
73,682
43,740
I think if you use parental controls in conjunction of standard accounts should prevent any apps being installed
 
NoBoMac

NoBoMac

Moderator
Staff member
Jul 1, 2014
6,278
4,958
What Maflynn said.

Additionally, create a dedicated admin account that only you know the password on. Login to that and reset your "regular" account to be non-admin as well.

Then in your admin account in a Terminal window: sudo visudo

You will now be in the file that allows admin access from a shell for users with assigned rights. Enter in the window: :$ (colon dollar). That will drop you to the bottom of the file. You should see something like:

# Runas alias specification

# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
username1 ALL=(ALL) ALL
Click to expand...

Make sure none of the accounts you want to block are listed under the "#User privilege specification" section. If there is a user, move the cursor with the arrow keys down/up to the line and enter character d twice. Enter :wq (colon wq) to write the file and exit (BTW: %admin is anyone with an admin account, root is grand poobah of all admin accounts [need to keep], anything else is up for change).

One last thing, guessing the /Applications folder has a mish mash of privileges. So, still in your admin Terminal window:

Code: 
cd /
sudo chown -R root:wheel Applications System Library

That should take away all modification privileges for the others.

Forgot: can lock the machine down pretty good, but even then, depending on app, could always download and install to their home account Applications (ie. does not need to install to main /Applications and or root System or Library to be able to run [a fully self contained app]).
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom