removing shared from sidebar view in finder on 10.5
Since we moved to 10.5 we have noticed that when a user clicks on finder they also get the side bar, one element of the sidebar called shared we want to remove as this shows the user all the network clients (mac, linux and windows clients) around the school and it poses a bit of a security risk.
I was hoping I could just import a plist, so logged in as a regular student user, went to finder preferences, unselected the areas which I didnt want the user to see. Then went to that users library, preferences and found the com.apple.sidebar.plist. So I copied this then went to the server and selected the student group where I want to enable this plist but when I log in as a student on a client to test it still shows up with the old settings, it likes it not registering the plist that I have popped in to use as a managed preference.
Has anyone managed to successfully get this working so it is removed from certain groups of users or computers? On our OD network in workgroup manager we have 3 groups (admin, staff and students) and users are at least a member of one of the groups depending on their status in schoo and we have 2 suites of Mac clients, we also have a computer group for these. I tried to add the plist for the computers but didnt like me adding a plist for computers. I think it uses a different extension for managing computers.
I did find this article but not sure if this would work. It seems like it interegates every user in workgroup manager and sets the com.apple.sidebar.plist for every user. Sounds messy and would prefer not to do it this way if I can avoid it. I am not 100% sure if this fix actually works...
if you use a mac server this is very easy. Just go to finder on the toolbar and select preferences. Then there is a side bar tab. In there you can remove the shared links. When done you then need to use workgroup manager to add the sidebar preference in which can be found in your /users/username/library/preferences. I believe the plist file is called com.apple.sidebar.plist. This file neededs to be added in the details tab of the preference for the group.
Hope that makes sense. It was hard to type this on the iPhone by memory!
I tried this and found that i couldn't manage them "always". I had to set it to often i think This resulted in users being able to go to the finder preferences and add them but the changes reverted on log out. So, what am i doing wrong?
Also users can still browse to these shares using keyboard shortcuts, and sider bar through applications IIRC.
You're almost there guys but not quite. Hope you're both well?
You can't make com.apple.sidebars.plist a persistent setting (Always) it only 'works' if it's an Often setting. This is fine in most cases because network users generally won't have much of an idea they can restore the setting by going to the Finder Preferences Menu and changing the values from there. As we know this does not apply to everyone. The trick is how do we deny network users access to the Preferences selection from the Finder Menu yet still allow them access to the Menu?
A simple solution could be to apply the Simple Finder MCX to the group. This might be too restrictive for most environments?
First switch off the option to show the Shared View. This will amend the com.apple.sidebars.plist. Launch WorkGroup Manager and add the modified plist to the Group you're interested in. Make it an 'Often' setting. Next launch Terminal and issue this command:
You have to restart the Finder for the setting to take full effect:
You can copy and paste the above into the Shell if you wish. This will add the ProhibitFinderPreferences value to the com.apple.finder.plist. Add this modified plist as an Always setting. If you're already managing aspects of the Finder there should be a com.apple.finder.plist already in the Manifests tab. Simply amend this by adding a New Key. In the Name Field key in: ProhibitFinderPreferences; in the Type Field select boolean; for the Value Field select True. Click Appy Now and Done. That should be it?
To reinstate the setting on the local client you're working from issue:
Restart the Finder again by issuing the same command as given above. There are other ways of doing this. You could use ARD for example and issue the above commands just once to all mac clients. This may not be advisable as you might want to leave the option available to local administrators? Some methods don't involve the mac at all. Modifying the DHCP Service (if Windows based) can/will achieve a similar result.
Hope this helps?
Antonio Rocco (ACSA)
Last edited by AntonioRocco; 1st November 2009 at 03:35 PM.
There are other ways of doing this but for what you want you can create a run-once script on login that will either send a HUP signal to kill the Finder or to reboot the workstation - which achieves the same thing. There are numerous ways of creating this script. Either as a bash executable or as shell script that an Automator Script initiates for you. For general guidance or even specific instructions have a browse of Apple's Technologies Forums:
Is there a way to also remove or grey out the go menu on the menu bar as this also gives the user access to network. I know simple finder will achieve it but this is to basic for what the users need to do.