Code for Coffee Logo

Locking down OS X Workstations (and LogMeIn)

Posted on Nov 29, 2013

One of the great things about Mac OS X is Darwin, the Unix back-end of the OS. This article discusses a variety of shell (Terminal) commands and tricks that you can use to lock an account's abilities/actions. Finally, the source code can be viewed/forked on github. Now, go ahead and open Terminal on a test account.

Disable use of Dashboard

defaults write com.apple.dashboard mcx-disabled -bool true

Disable Dock manipulation (adding/removing items)

defaults write com.apple.dock contents-immutable -bool true

Disable Dock manipulation (adding/removing items)

defaults write com.apple.dock contents-immutable -bool true killall dock #kills the dock; changes will take effect upon reload

Hide System Files

defaults write com.apple.finder AppleShowAllFiles FALSE # TRUE will show System files.

Run Simple Finder

defaults write com.apple.finder InterfaceLevel simple
killall Finder

LogMeIn

If you use LogMeIn for remote administration, you will notice that the application will load in your Dock when running. This causes a slight security risk due to how this will show end users some account information. To rid ourselves of this problem, we can remove the following line /Applications/LogMeIn.app/info.plist (right-click the application and select “Show Contents”). You will need to add the these lines to the first child element in the XML file.

You can also remove MenuBar.app from /applicationsupport/launchagents/logmein/ - this will remove the Menu Bar icon.

Comments