Applies to: DirectControl 4.4.x on Mac OSX 10.6.6
How do I block/prohibit AD users from using "App Store" on Mac OSX 10.6.6 ?
With the current Suite 2010.2 / DirectControl 4.4.2 release you can use the "User can use all applications except these" GP to block access to the app store. From Suite 2011 / DirectControl 4.4.3 we will have a specific GP to block access to the app store. Please follow the below instructions to block "App Store" using the existing GP's:
1. Open the Group Policy Objects Editor in MMC
2. Select the GPO you are currently using for Mac workstations
3. Go to User Configuration -> Centrify Settings -> Mac OS X Settings -> Application Access Settings -> Permit/prohibit access to applications
4. Select the Enabled box and set the access mode to "User can open all applications except these"
5. Click "Apply" to save the setting
6. Go to User Configuration -> Centrify Settings -> Mac OS X Settings -> Application Access Settings -> Permit/prohibit access to the user-specific application
7. Select the Enabled box and add "com.apple.appstore" to the User-specific application list
8. Click Apply to save the setting
9. Wait for Group policy to replicate in Active Directory
10. This GP will now take effect when AD user logs out and logs back in. AD user will see the below screen upon trying to launch the "App Store"
Starting Centrify Suite 2011 ( DirectControl 4.4.3 ) there is a new group policy for blocking App Store.
Machine Configuration > Centrify Settings > Mac OS X Settings > App Store Settings > Prohibit Access to App Store.
When enabled, this group policy (GP) prohibits access to the Mac App Store to all users except root and users/groups specified in the GP. If this policy is not configured or is disabled, then all users can access the App Store.