Mac gurus - a scenario I need some help with.
10 July 2007, 02:46 PM
#1
Scooby Regular
Thread Starter
Mac gurus - a scenario I need some help with.
Need some help guys.
Currently got a wide range of Macs at work (mini's, G5s and higher Intel stuff) all running the latest OSX.
Here's what I want to do.
Allow users to access packages (that may require "scratch disks" etc) without the user having write access to the desktop/documents/music etc folders.........
Basically, I'm trying to get around the "clean up" operation I have to conduct every week, clearing **** off the computers. And I thought by disallowing write access to most of the computer, this would get around it. At least it could all end up in one folder
Ideally, all users will have their own external HDs, so all files can be written/accessed from there (or another location).
The packages are the usual, Micro$haft stuff, Reason, Logic Pro, ProTools, Cubase..... all of which for DSP, require some temporary file location to "number crunch".....
Is this possible with OSX? Any thoughts?
I also want to lock down Firefox Safari so that on their log in, they don't have access to YouTube or Google video etc......
I'm running ARD2 at the moment (not overly impressed with it, to be honest), but it does allow the "big brother" element - which is a good deterrent.
Thanks in advance,
Dan
Currently got a wide range of Macs at work (mini's, G5s and higher Intel stuff) all running the latest OSX.
Here's what I want to do.
Allow users to access packages (that may require "scratch disks" etc) without the user having write access to the desktop/documents/music etc folders.........
Basically, I'm trying to get around the "clean up" operation I have to conduct every week, clearing **** off the computers. And I thought by disallowing write access to most of the computer, this would get around it. At least it could all end up in one folder
Ideally, all users will have their own external HDs, so all files can be written/accessed from there (or another location).
The packages are the usual, Micro$haft stuff, Reason, Logic Pro, ProTools, Cubase..... all of which for DSP, require some temporary file location to "number crunch".....
Is this possible with OSX? Any thoughts?
I also want to lock down Firefox Safari so that on their log in, they don't have access to YouTube or Google video etc......
I'm running ARD2 at the moment (not overly impressed with it, to be honest), but it does allow the "big brother" element - which is a good deterrent.
Thanks in advance,
Dan
10 July 2007, 03:03 PM
#2
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
First up, make sure the student(s) account(s) are NOT admin accounts, that'll lock out a few things for a start, plus a few folders that are write accessible to admin won't be to standard accounts.
Secondly, have a look at the home folder. Ignore the Library folder for a moment, the rest of the folders you should be able to set to read-only and things should run quite happily. Back to the Library folder. This is a little more tricky as things do need to write to various locations in here, and if they cannot, well, the app could give a polite message, refuse to launch, or crash. Really depends how well written it is.
I'm going to PM you as well.
When it comes to locking down browsing, oh dear, well, Parental controls are very weak indeed. You can only control Safari, and it's a authoritive list, rather than a prohibited list of sites you can setup, in other words, you'd login as the user, go into Safari and add the sites you DO want them to use. Anything not on the list, they cannot use. This is ok if they are only allowed on a few sites, but if you want them to be able to browse everything except a specific set of sites, sorry, no go.
I'll have a peek at WGM (WorkGroup Manager - Managment stuff part of OS X Server) and see if it's any better there, but I don't think so.
The parental controls in 10.5 are, from what I recall (would have to boot up the latest seed to double check) a lot more flexible when it comes to this stuff.
Secondly, have a look at the home folder. Ignore the Library folder for a moment, the rest of the folders you should be able to set to read-only and things should run quite happily. Back to the Library folder. This is a little more tricky as things do need to write to various locations in here, and if they cannot, well, the app could give a polite message, refuse to launch, or crash. Really depends how well written it is.
I'm going to PM you as well.
When it comes to locking down browsing, oh dear, well, Parental controls are very weak indeed. You can only control Safari, and it's a authoritive list, rather than a prohibited list of sites you can setup, in other words, you'd login as the user, go into Safari and add the sites you DO want them to use. Anything not on the list, they cannot use. This is ok if they are only allowed on a few sites, but if you want them to be able to browse everything except a specific set of sites, sorry, no go.
I'll have a peek at WGM (WorkGroup Manager - Managment stuff part of OS X Server) and see if it's any better there, but I don't think so.
The parental controls in 10.5 are, from what I recall (would have to boot up the latest seed to double check) a lot more flexible when it comes to this stuff.
10 July 2007, 04:37 PM
#5
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
A quick search found this. Seems to suggest either using a proxy, or a third party app to control things, or editing your hosts file to disallow sites, and that method would apply to anything trying to access those sites, so it might be worth a look at.
10 July 2007, 04:48 PM
#6
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
On the subject of blocking via Hosts, pop over here and do a search for Host, it should turn up an entry called "The 'Hosts' File", click on the PDF file icon and you'll get a transcript in PDF of the podcast where it talks about the hosts file. Have a read. Basically, you'd edit the hosts file (see this doc for info on how to edit it on various different OS X versions) and put:
127.0.0.1 (tab) nameofsite
What this will essentially do is to redirect any request to nameofsite to 127.0.0.1, which is your machines local address, which won't, obviously, have that site on it, so you won't see the site. So you could do:
127.0.0.1 (tab) youtube.com
The theory then is that should stop them accessing youtube. As you need root access to edit hosts file, users should not be able to get round it.
127.0.0.1 (tab) nameofsite
What this will essentially do is to redirect any request to nameofsite to 127.0.0.1, which is your machines local address, which won't, obviously, have that site on it, so you won't see the site. So you could do:
127.0.0.1 (tab) youtube.com
The theory then is that should stop them accessing youtube. As you need root access to edit hosts file, users should not be able to get round it.
Trending Topics
11 July 2007, 06:42 PM
#8
Scooby Regular
Join Date: Nov 2005
Posts: 414
Likes: 0
Received 0 Likes
on
0 Posts
deep freeze Faronics - Home of Deep Freeze and other Intelligent Utilities for ABSOLUTE Control will stop you having to clear them up if they have an external disc to save to.
Its used in by the fruity company in their stores.
PM me if you want some more details
Its used in by the fruity company in their stores.
PM me if you want some more details
Thread
Thread Starter
Forum
Replies
Last Post
acemodder
ScoobyNet General
50
01 October 2015 07:01 PM