Running applications in users Applications folder without ever requiring admin permissions

Hi,

Is there any way to prevent a user from downloading software from the internet as a dmg and then instead of dragging it to the computer application folder (which then prompted for admin level permission) they drag it to a folder in their home folder named applications instead. They are then able to run the software as though it had been installed on the computer, however, they are never prompted to use admin authentication.

I can confirm we have been able to install of sorts of software without admin authentication this way. Since all of our teachers are using MacBooks and we are required by our insurance company to not allow this behaviour I am wondering if there is a way to shut this capability off? I am worried that someone will install software that could represent a security risk. We do have a way for staff to request access to software they would like, however, the software always needs to be approved first for privacy, security and licensing reasons.

We are using JAMF School as our MDM. We are not using Apple Managed Id's, although we have them set up and ready to go.

Hopefully, there is a simple solution I have overlooked!

Thank you!

Clint Elliott, Director of Technology, Lakeland Catholic School Division, Alberta Canada.

2 replies

June 24, 2024

We are going to restrict gatekeeper to App Store only, and control apps from there. Once apps are installed they can still update even if they are not from the App Store - ie., zoom, Smart Notebook, etc.

So problem sovled.

July 10, 2024

Clint - Are you using an MDM for managing your devices? If so, you should have the ability to set a restriction which can disallow running apps from certain paths, including a user's home directory. The one downside to this is a fair amount of apps do require running from the user home directory, so you will want to do some testing to verify it doesn't impact any needed services.

Maximum file size: 400MB

Insert a video

Insert an image

Insert an image

125: 125
220: 220

This action can’t be undone.

Error Message

Are you sure you want to continue? Your changes will not be saved.

This post contains content from YouTube.

If you choose to view this content, YouTube may collect and process certain personal data. You can view YouTube’s <a href="https://www.youtube.com/t/privacy" target="_blank">privacy policy here<span class="a11y">(opens in new window)</span>.</a>

This post contains content from YouTube.

You have rejected content from YouTube. If you want to change your consent, press the button below.