How to disallow a user to remove a Global Agent

App & System Services Core OS
appledeveloper12 OP
Created Mar ’23
Replies 1
Boosts 0
Views 544
Participants 2

We have a UI app for Mac which we want to keep running all the time, for all the non-admin users on the system. It looks like this can be achieved by adding a 'KeepAlive' launch agent in /Library/LaunchAgents.

But since this solution adds an entry into System Preferences -> Login Items -> Allow in Background, any user can toggle the ON/OFF switch to stop the app from 'keeping alive'.

Is there a way to restrict user from toggling the switch (unless the user enters admin credentials)?

Replies  1
Boosts  0
Views  544
Participants  2
DTS Engineer OP
Apple
Mar ’23

> Is there a way to restrict user from toggling the switch … ?

On unmanaged devices, no.

On managed devices, the site admin can restrict this using a configuration profile [1].

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] I think it’s the com.apple.servicemanagement payload but configuration profiles are supported by Apple Support not DTS.

0
How to disallow a user to remove a Global Agent
First post date Last post date
 
 
Q