Help

Restrict login (lock down machines)

jkeller13
New Contributor III

Posted on ‎01-11-2016 11:27 AM

We have a training room that has been outfitted with Mac Minis. We have found that users are accessing the machines outside of the training class hours. They are running tests and making changes that we are not aware of. We would like to restrict the access to these machines to only allow access during the training class. Is there a way to restrict based on time, or an entire lock-out that can be lifted manually? We want to block all access to these machines, except when it is approved to be open.

0 Kudos
2 REPLIES 2

Look
Valued Contributor III

Posted on ‎01-11-2016 12:25 PM

I have a rather agricultural solution...
You assign it as a login policy scoped to the user groups and times you require, it kills the current login attempt and displays a full screen warning.

#!/bin/bash
if [ "$3" ]; then
/Library/Application Support/JAMF/bin/jamfHelper.app/Contents/MacOS/jamfHelper -heading "Access Violation" -description "Access to this computer is denied for the current username $3" -windowType fs &
sleep 5
kill $(ps -e -U $3 | awk '/loginwindow/ && !/awk/ { print $1 }')
killAll jamfHelper
fi

roiegat
Contributor III

Posted on ‎01-11-2016 12:52 PM

@Look I like your thinking. Very ingenious. Would totally work too if you scoped it for certain hours in Casper.

0 Kudos