|
|
Create 'managed' admin users
As per Vondrix's suggestion, the more secure way to solve a problem is only grant the privileges necessary. In this case, you basically want to give certain users the right to install software in the Main /Applications folder on the computer. So, keeping security in mind, you don't look for a way to up the user's privileges across the board and then limit them in some llittle ways, you look for a way to enable them to JUST do that added thing you want to let them.
Create 'managed' admin users
We had this same discussion with our Apple Eng a couple of weeks ago. My users need admin rights, but I didn't want them playing with thier pref panes ( i.e. remote desktop ) So what we determined was removing the actual pane from System:Library:PrefrencePanes ( ARDPref.prefPane ) after making the settings in Remote Desktop. This alows Remote Desktop to work, but the pref pane is gone in System Preferences. Even with Admin Rights, without the actual pane, no changes can be made. I keep a copy of the pane on the server that onlly I have access to. It seems to be working really nice so far.
Create 'managed' admin users
Can't the user use "defaults" to set different settings for the prepane - or even provide their own copy of the prefpane?
Create 'managed' admin users
The problem with this is illustrated by an example: we moved the System Preference for "Software Update"; we didn't want our users installing an update that we haven't had the chance to test first. Problem is, they could just use the terminal to "softwareupdate". Removing sudo permissions in /etc/sudoers only changed sudo on the command line; users could still unclick locks in the GUI (for example, to change permissions on directories, and reaccess the hidden preference pane). |
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.05 seconds |
|