Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1883: How do I block/prohibit AD users from using "App Store" on Mac OSX 10.6.6 ?

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:45 AM

Applies to: DirectControl 4.4.x on Mac OSX 10.6.6

Question:

How do I block/prohibit AD users from using "App Store" on Mac OSX 10.6.6 ?

Answer:

With the current Suite 2010.2 / DirectControl 4.4.2 release you can use the "User can use all applications except these" GP to block access to the app store. From Suite 2011 / DirectControl 4.4.3 we will have a specific GP to block access to the app store. Please follow the below instructions to block "App Store" using the existing GP's:

    1.    Open the Group Policy Objects Editor in MMC
    2.    Select the GPO you are currently using for Mac workstations
    3.    Go to User Configuration -> Centrify Settings -> Mac OS X Settings -> Application Access Settings -> Permit/prohibit access to applications
    4.    Select the Enabled box and set the access mode to "User can open all applications except these"
    5.    Click "Apply" to save the setting
    6.    Go to User Configuration -> Centrify Settings -> Mac OS X Settings -> Application Access Settings -> Permit/prohibit access to the user-specific application
    7.    Select the Enabled box and add "com.apple.appstore" to the User-specific application list
    8.    Click Apply to save the setting
    9.    Wait for Group policy to replicate in Active Directory
    10.    This GP will now take effect when AD user logs out and logs back in. AD user will see the below screen upon trying to launch the "App Store"
















Resolution:

Starting Centrify Suite 2011 ( DirectControl 4.4.3 ) there is a new group policy for blocking App Store.

Machine Configuration > Centrify Settings > Mac OS X Settings > App Store Settings > Prohibit Access to App Store.

When enabled, this group policy (GP) prohibits access to the Mac App Store to all users except root and users/groups specified in the GP. If this policy is not configured or is disabled, then all users can access the App Store.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.