Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

prevent users from opening .dmg files?

J

jakeopolis

macrumors member
Original poster
Oct 27, 2007
97
0
hi all,

i'm the admin of a mac lab at my university. users use one specific user account - is there a way to prevent this user from opening .dmg files? people can run apps right from a mounted dmg and i've caught a couple of people trying to download torrents here. though they don't have permission to move an app into the applications folder, they can simply run it off the desktop.

thanks!
 
jmann4489 said:
You can password protect them.
Click to expand...

they're downloading them off the internet though, i can't password them before they exist... for example, someone will come in, download transmission, and then just mount the dmg and run the app from there. i need to stop them from being able to mount dmg files at all.
 
I don't know of any way to do that, but you could deny access to Disk Utility and DiskImageMounter (System -> Library -> CoreServices) so that they can't open them at all. That's done via Parental Controls, btw.

jW
 
jakeopolis said:
people can run apps right from a mounted dmg and i've caught a couple of people trying to download torrents here. though they don't have permission to move an app into the applications folder, they can simply run it off the desktop.

thanks!
Click to expand...

Where do DMG files get mounted to? Some directory I assume. I'm not at a Mac now, so I can't look. But if that directory did not have write access the user could not mount disks.

But even then you have not stopped users from runnig any program they want. They could simply bring in the .app bundle, not on a DMG and run the app.

What you are going to have to do is block the torrent sites. Likely with rules you program into your routers.

No matter what youdo to the Mac, I could get around it by bringing in a bootable CD and running Linux or BSD on the Mac. Your only workable option is to ban the "bad" IP address with some firewall rules in the router
 
i think disk utility and disk image mounter are what you would be after i do have one other possible suggestion.

why not install the app in the applications folder - but deny its use via Parental Controls. this prevents them from bringing it in via other sources and prevents any instance of the app from running if i am correct. just a thought that might make things simpler.
 
PlaceofDis said:
i think disk utility and disk image mounter are what you would be after i do have one other possible suggestion.

why not install the app in the applications folder - but deny its use via Parental Controls. this prevents them from bringing it in via other sources and prevents any instance of the app from running if i am correct. just a thought that might make things simpler.
Click to expand...

that's a really good suggestion.

denying access to disk util and image mounter is probably the way to go, i'll give that a shot.

thanks for the suggestions guys!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back