mikeyultra

Q: Profile Manager and Java

I am a computer administrator at a school and I am working on establishing MDM into our labs. We were considering looking into a solution like Casper, but given our relatively minimal needs for management Apple's Profile Manager seems robust enough for the few setting and restriction payloads we want to deploy. All has gone fairly smoothly up until this point, but I have run into a problem getting some Java based applications to run properly due to the application restrictions I've implemented. Specifically, and this is really the most important one as we have a whole class centered around it, Minecraft will not launch because the java file "jspawnhelper" doesn't have permission to run.

 

I have whitelisted the directory that contains the "jspawnhelper" file (/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib), however, the system still says I don't have permission to run it anytime I try to launch Minecraft. I have also tried launching the file directly, and it returns the same system message.

 

In a last ditch effort to fix the issue, I tried moving the file outside of the bundled Java Applet (/Library/Internet Plug-ins), putting an alias in its place and whitelisting the /Library/Internet Plug-ins to see if it was an issue with the file being contained in the bundle (although I've gotten several other applications working, that had components bundled inside, just fine).

 

I've about exhausted all the possibilities I can think of to make this work and I can't seem to find anyone else running into the same issue. I know Casper would allow me to blacklist the applications I want restricted, but implementing that just to get one file to run seems silly, so if anyone has any suggestions I'm willing to try just about anything.

 

Thanks

Michael

Mac mini, OS X El Capitan (10.11.5)

Posted on Jul 18, 2016 9:14 AM

Close

Q: Profile Manager and Java

  • All replies
  • Helpful answers

  • by John Lockwood,

    John Lockwood John Lockwood Jul 19, 2016 2:53 AM in response to mikeyultra
    Level 6 (9,230 points)
    Servers Enterprise
    Jul 19, 2016 2:53 AM in response to mikeyultra

    Perhaps rather than it being an application execute permission issue i.e. what apps you have allowed the user to run, it might be more what Java security settings allow what Java apps to run. This would not be directly configurable in Profile Manager since Java apps are not true Mac apps.

     

    Depending on how Java stores its security settings it may or may not be feasible to push such settings via Profile Manager, basically Java would need to use a plist somewhere for this. If it does you can then use the custom payload option in Profile Manager.

     

    You might want to look at using Munki along with Profile Manager. I think it would be very suitable for you. See https://www.munki.org/munki/

     

    Note: There are several different types of Java one can install in to OS X, some Java apps need different versions to others. To verify whether this is the issue you should setup a Mac which is not being restricted via Profile Manager or other system but does have the same Java installed you have been testing, then see if the app runs. Sadly there does not seem to be 'One Java to rule them all'.