Applies to: All versions of DirectControl on Mac OS X
How can the CFBundleIdentifier of applications on Mac systems be found?
This string is needed in places like the "Permit / prohibit access to user-specific applications" group policy.
There are two main ways for finding out the CFBundleIdentifier:
- In Finder, open the folder where the target app is located. (e.g. /Applications )
- Right-click the app (hold Control and click on the app) and choose "Show Package Contents"
- Browse into the "Contents" folder
- Double click on the Info.plist (open with TextEditor) then search for <key>CFBundleIdentifier</Key>
- The indentifier is the value below this key.
- Open Terminal and navigate straight to the app Contents folder, for example:
cd /Applications/Microsoft Office 2011/Office/Microsoft Office Reminders.app/Contents/
Run the command:
defaults read "/Applications/Microsoft Office 2011/Office/Microsoft Office Reminders.app/Contents/Info" | grep CFBundleIdentifier
Some apps may have their info.plist files in a different location, or may have multiple sub-applications buried inside them which will also need to be placed in the permit / prohibit GPs (such as Chrome or Adobe apps). To find the CFBundleIdentifiers for these applications, the following method could be used:
- Open the target app and let it run or get blocked at a certain function.
- Open /var/log/system.log and do a text search for the target app.
For example, for Address Book, searching for the path of the application will return a line that looks like this:
Jul 19 11:19:57 MBA11 com.apple.launchd.peruser.1002440014 ([0x0-0x14f14f].com.apple.AddressBook): posix_spawn("/Applications/Address Book.app/Contents/MacOS/Address Book", ...): Permission denied
- The segment before posix_spawn is the CFBundleIdentifier: com.apple.AddressBook
For apps that have multiple dependent sub-apps inside, each identifier would need to be added separately into the group policy:
To find the CFBundleIdentifier for System Preference panes, look in the following directories and then apply the same logic as above to extract the identifier key: