Help

Best way to block Skype AND Web Skype?

billups_jamf_ad
New Contributor

Posted on ‎04-19-2018 11:04 AM

Hey Folks,

CEO has a raging paranoia about Skype being used for nefarious purposes, so I have been tasked with using our MDM to block it from our users on company devices.

I already setup a policy about forbidding the Skype.app if installed onto machines, but Microsoft has one upped me and made the chat client available via a web portal.

I thought I'd be able to simply block the web address (using Parental Controls), but unfortunately that same web address is tied to our installations of Microsoft Office and a bunch of warnings drop from the Parental Control policy about how it's blocking a bunch of other apps in the MS Office suite as well. And these warnings are dropped on the users, which freaked them out because it was saying that it was blocking Excel, and our accounting department had a conniption.

So, I'm looking to not only block the App, but the web portal for it too. Is there a good way to tackle this via JAMF? Or would I be better served trying another tactic with another section of infrastructure? I can't simply block it from the gateway on our network, as we have Satellite offices all over the USA that aren't connected to our network, and that we have no control over their internet access due to them being rented tech spaces.

As usual, thanks in advance for your help!

0 Kudos
1 REPLY 1

Asnyder
Contributor III

Posted on ‎04-19-2018 11:44 AM

Parental controls is probably blocking the certificate tied to the url. I know I had the same issues with trying to block youtube that way but google would be blocked as well.

Something you could do is modify /etc/hosts and point the url to 127.0.0.1 instead. I have a script that will do this for you using script parameters.

#!/bin/bash
# Please test before using in your environment
##########################################################
# Modified from
# https://www.jamf.com/jamf-nation/discussions/18184/how-to-update-host-file-via-composer
#
# Use Jamf Script Parameter 4 for domain ("youtube.com") and 5 for subdomain ("images".google.com(No period needed)) and 6 for
# file (/etc/hosts)

# Set base variables
domain=""
subdomain=""
filename=""
SUCCESS=0

# Setup Jamf variables
if [ "$4" != "" ] && [ "$domain" = "" ] 
   then 
    domain="$4"
fi

if [ "$4" = "" ] && [ "$domain" = "" ]
    then
        echo "No Domain Variable Configured"
        exit 1
fi      

if [ "$5" != "" ] && [ "$subdomain" = "" ]
    then subdomain="$5"
fi

if [ "$5" = "" ] && [ "$subdomain" = "" ]
    then
        echo "No subdomain Variable Configured, continuing anyway."
fi

if [ "$6" != "" ] && [ "$filename" = "" ]
    then filename="$6"
fi

if [ "$6" = "" ] &&  [ "$filename" = "" ]
    then
        echo "No filename Variable Configured"
        exit 1
fi

#Set Needle Variable
if [ "$subdomain" = "" ]
    then
        needle="$domain"
    else 
        needle="$subdomain.$domain"
fi      
# set hostline variable
hostline="127.0.0.1 $needle"

# Determine if the line already exists in /etc/hosts
grep -q "$needle" "$filename"  

# Grep's return error code can then be checked.
if [ $? -eq $SUCCESS ]
then
  exit 0
else
  # If the line wasn't found, add it using an echo append >>
  echo "$hostline" >> "$filename"
    # Let's recheck to be sure it was added.
    grep -q "$needle" "$filename"

    if [ $? -eq $SUCCESS ]
        then
            sudo dscacheutil -flushcache
            exit 0
        else
            exit 1
    fi
fi
0 Kudos