Finder Policy
NOTE: See Endpoint Policy Manager MacOS: Mac Finder Policies video for an overview of this section.
Finder Install / Uninstall Overview
If Standard Users attempt to install applications as a user, this is the common experience.
Standard Users also get similar behavior if they attempt to remove an application from the machine.
Additionally, if the Standard User has to perform some special operations in a folder (like a file copy), this is not permitted:
Additionally, when duplicating files, creating folders, etc., in all cases the Finder will stop the standard user from performing the action.
Finder Policy Type
This policy type enables all of the above scenarios. Start out by creating a new Finder policy like this:
This first example policy will allow users to add/remove applications to the /Applications folder.
This policy will enable end-users to Add or Remove files and folders to the example /Users/test
folder (a place they would not normally have access).
Testing your Policies
First synchronize your policies with Endpoint Policy Manager Cloud using the policypak cloud-sync
command.
An example of the results for the first policy which enabled installation are seen below.
And copying a file to /Users/Test also succeeds:
Understanding Action Types
The three action types on a rule are:
- Deny Execution — Blocks the action for Standard Users and Administrators
- Allow Execution — Performs the action as if the MacOS system were in charge. You can think of this as Not configured
- Elevate — Perform the overcome action required to perform the task
See the Endpoint Policy Manager MacOS: Mac Finder Policies video for examples of Action types with Finder policies