Centrify DirectControl on all versions of Mac OS XQuestion:
It is possible to restrict an AD user's access to specific apps using the various GPs at:
- User Configuration / Centrify Settings / Mac OS X Settings / Application Access Settings / ...
However although these GPs do correctly prevent the users from opening the apps, it is desired that the users not be able to see these apps at all.
Is it possible to hide the applications from the Finder view completely?Answer:
Applications can be hidden from the Finder view using the chflags hidden /Path/To/App...
So to hide the Chess application, the following command can be used:
- chflags hidden /Applications/Chess.app
If the application contains spaces in its name, then make sure to enclose the path in quote marks:
- chflags hidden "/Applications/App Store.app"
This command can in turn be placed in the following GP:
- User Configuration / Centrify Settings / Common UNIX Settings / "Specify commands to run"
Note that since the /Applications/
folder is a shared folder between all users of the Mac, once hidden - the application will be hidden to all
users who log in to that machine.
To unhide the app, use the following command at the Terminal:
- sudo chflags nohidden /Applications/Chess.app
- sudo chflags nohidden "/Applications/App Store.app"
(Note that if the "Specify commands to run" GP is still active, then the app will be hidden again the next time the user logs back in.)
The app can also be opened directly without needing to unhide by using the following Terminal command:
- open /Applications/Chess.app
- open "/Applications/App Store.app"
(Provided that the app is only being hidden from view, and not also restricted via the Application Access GPs)