Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
60616263646566676869
these preferences at all levels is recommended in case one level is accidentally left
unset. Preferences must be applied to each computer list, group account, and user
account, although applying preference settings to multiple computers, groups, or
accounts is possible. Preferences can be set for Applications, Classic, Dock, Energy
Saver, Finder, Internet, Login, Media Access, Mobile Accounts, Printing, System
Preferences, and Universal Access. Security recommendations for Applications,
Finder, Login, and Media Access are described below.
5.2.1 Applications
Applications preference management is designed to restrict users from executing
some programs. In the Applications pane for each computer list, group, and user
account:
If this feature is required, click the “Always” radio button in the “Manage these
settings” list. If it’s not needed, click “Not managed” and skip to the next section.
Build the list of allowed or restricted applications as needed.
Uncheck the box for “User can also open applications on local volumes.”
Uncheck the box for “Allow approved applications to launch nonapproved
applications.”
Uncheck the box for “Allow Unix tools to run.”
5.2.2 Finder
Finder preference management controls behavior of Mac OS X’s graphical file
manager. In the Finder pane for each computer list, group, and user account:
Click the Preferences tab.
Click the “Always” radio button in the “Manage these settings” list.
The Preferences tab in the window pane should be selected.
“Use normal Finder” should be selected. Only click “Use Simplified Finder to limit
access to this computer” if the system is to be used as a kiosk or some other public
terminal.
Check the box for “Always show file extensions.”
Click the Commands tab.
Survey the commands listed and determine if they should be restricted. If so, click
the “Always” radio button in the “Manage these settings” list. Unchecking the boxes
for Restart and Shut Down is recommended to protect availability in any
environment where multiple users may be logged into a Server.
5.2.3 Login
Login preference management controls behavior of the login screen that appears on
client systems. Some of its setting can be applied only to Computer Lists. In the
Login pane for each computer list, group, and user account:
Click the Login Items tab.
Click the “Always” radio button in the “Manage these settings” list.
Add any anti-virus or integrity checking software to be run upon user login.
60
UNCLASSIFIED