Prevent Installs w/o Password

Discussion in 'OS X Yosemite (10.10)' started by reckless2k2, Nov 6, 2014.

  1. reckless2k2 macrumors 6502a

    Joined:
    Jul 10, 2008
    #1
    My family is getting wise to how to bypass security when installing programs our iMac.

    My security settings have Mac App Store and identified developers but the little "allow anyway" pop-up comes up that they can click and simply install. In most cases, I've found the password was not necessary (they don't know the password but apps keep getting installed).

    How can I lock this down completely?

    Thanks for any help.
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    I think if you use parental controls in conjunction of standard accounts should prevent any apps being installed
     
  3. NoBoMac, Nov 6, 2014
    Last edited: Nov 6, 2014

    NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #3
    What Maflynn said.

    Additionally, create a dedicated admin account that only you know the password on. Login to that and reset your "regular" account to be non-admin as well.

    Then in your admin account in a Terminal window: sudo visudo

    You will now be in the file that allows admin access from a shell for users with assigned rights. Enter in the window: :$ (colon dollar). That will drop you to the bottom of the file. You should see something like:

    Make sure none of the accounts you want to block are listed under the "#User privilege specification" section. If there is a user, move the cursor with the arrow keys down/up to the line and enter character d twice. Enter :wq (colon wq) to write the file and exit (BTW: %admin is anyone with an admin account, root is grand poobah of all admin accounts [need to keep], anything else is up for change).

    One last thing, guessing the /Applications folder has a mish mash of privileges. So, still in your admin Terminal window:

    Code:
    cd /
    sudo chown -R root:wheel Applications System Library
    
    That should take away all modification privileges for the others.

    Forgot: can lock the machine down pretty good, but even then, depending on app, could always download and install to their home account Applications (ie. does not need to install to main /Applications and or root System or Library to be able to run [a fully self contained app]).
     

Share This Page