Permit/prohibit access to applications

Enable this group policy to permit or forbid user access to these applications. There are two ways to control user access to applications. One mode is "User can only open these applications", another is "User can open all applications except these". (NOTE: If "User can also open all applications on local volumes" is enabled then these setting will no longer apply properly).


User can also open all applications on local volumes:
When users have access to local volumes they can access applications on the computer's local hard drive in addition to approved applications on CDs, DVDs, or other external disks. If you don't want to allow this, you can disable this group policy.

When the access mode is "User can only open these applications", only those applications in the list can be accessed.


- Allow approved applications to launch non-approved applications:
Sometimes, applications use other applications for tasks they cannot complete themselves. For example, if a user tries to open a Web link in an email message, the email application might need to open a Web browser to display the Web page.

When you set up a list of approved applications, you can choose whether to allow them to use non-approved applications that aren't in the approved items list. You can enable this group policy to allow approved applications to launch non-approved applications.

- Allow UNIX tools to run:
Some applications, or the operating system, may occasionally require the use of non-application tools, such as the QuickTime Image Converter. These tools cannot be accessed directly, and generally operate in the background without the user's knowledge. You can, however, activate them using a command-line interface such as Terminal. And you could enable this group policy to allow UNIX tools to run.

Once enabled, this group policy takes effect when users log out and log back in.

Supported on:

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess
Value NameEnableAccessList
Value TypeREG_SZ
Enabled Value1
Disabled Value0
Enable policy:
Registry PathValue NameValue TypeValue
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed1REG_SZcom.apple.AppleSpell
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed2REG_SZcom.apple.CharPaletteServer
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed3REG_SZcom.apple.Classic
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed4REG_SZcom.apple.KotoeriUIServer
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed5REG_SZcom.apple.KotoeriWordRegister
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed6REG_SZcom.apple.LAServer
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed7REG_SZcom.apple.PIM.UIServer
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed8REG_SZcom.apple.SCIMTool
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed9REG_SZcom.apple.SCIMUIServer
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed10REG_SZcom.apple.ScreenSaver.Engine
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed11REG_SZcom.apple.SummaryService
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed12REG_SZcom.apple.TCIMTool
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed13REG_SZcom.apple.TCIMUIServer
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed14REG_SZcom.apple.dock
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed15REG_SZcom.apple.finder
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed16REG_SZcom.apple.loginwindow
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed17REG_SZcom.apple.securityagent
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed18REG_SZcom.apple.speech.SpeechService
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed19REG_SZcom.apple.systemuiserver
Software\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess\AlwaysAllowedListAlwaysAllowed20REG_SZcom.apple.universalaccess

Set the proxy URL: (http://:/)

Registry HiveHKEY_CURRENT_USER
Registry PathSoftware\Policies\Centrify\CentrifyDC\Settings\MacMCX\ApplicationAccess
Value NameEnableAccessList
Value TypeREG_DWORD
Default Value

centrify_mac_settings.admx

Administrative Templates (Computers)

Administrative Templates (Users)