Front Row vs. Managed Accounts

I am in the process of setting up 50 iMac 17″ machines for a lab, so I am creating a master image which I will deploy across them all. The account that the students will use is a managed account where they only have access to a web browser…. or so I thought! I had finished the image and set up a couple of machines when I suddenly remembered about Front Row, Apple’s media centre software. As the bottom-end iMacs do not come with remote controls I had forgotten all about disabling it. Anyway, I thought I would try out a few things while it was still on my image, and the results surprised me. I found that I could open iTunes via Front Row, and from there Safari, even though the permissions on this account told me otherwise. If you would like to try it out for yourself, follow these steps:

1) On your Mac, create an account, click on the Parental Controls tab, and give them access to one application only, say TextEdit.

2) Log in to this account.

3) Verify that TextEdit is the only app you can open.

textedit.jpg

4) Hit Command-Esc to launch Front Row.

5) Switch to the Movies section (the Music section will just tell you that you don’t have any songs in your Library).

6) Browse to a sub menu, such as TV Shows. This will start a spinning graphic on the right and will seem to lock up Front Row.

7) Force Quit from Front Row (Command-Option-Esc). You will be back in the Finder now.

8) If iTunes is not showing, click on the iTunes icon in the Dock, and hey-presto, you’re in!

itunes1.jpg

9) Now your managed account with no permission to run iTunes is breaking the rules. For fun, try launching iTunes from your Applications folder while iTunes is still running. You should get a ‘You do not have permission to open the application iTunes’ dialog, as shown in the picture below:

itunes2.jpg

10) Now to get on the web! In the iTunes Help menu, select ‘iTunes Service and Support’ which will launch Safari, again even though this account does not have permission to do so.

safari1.jpg

So to conclude, Front Row ignores any Parental Controls in a user’s account. If you are setting up Macs in a lab, make sure you disable Front Row by either deleting the Keyboard Shortcut in the System Preferences, or by removing it completely from /System/Library/CoreServices/Front Row.app. Otherwise enjoy the show from the front row!

About these ads

11 Responses to “Front Row vs. Managed Accounts”

  1. Apple Cabinet » Disable Front Row to prevent limited account app access Says:

    [...] account did not have permissions to use these applications! You can read about how I did this in this entry in my [...]

  2. flyingcactus Says:

    There is a check box that says “allow supporting applications” – this means that say front row (an allowed application) can launch other applications as it needs. if you uncheck this box, then itunes should not be able to be launched and in itunes when you click on the support button in itunes it will not be allowed to launchg safari

    This is a common issue in that if you allow someone to open applescript then they can actually open any program taht they wish by using applescript commands. for these preferences to be really usefull, that box needs to be unchecked.

    Now I do not have a mac with FrontRow on it to test this issue further

    hope this is helpfull

  3. macguy Says:

    Unfortunately, the “Allow supporting programs” check box was unchecked, as is off by default when setting the parental controls on an account. So we need to find something else to blame!

  4. Diegus83 Says:

    Well, I created a Guest managed account, I unchecked all applications and gave this a try. “Allow suppoting programs” and the FrontRow keyboard shorcut where disabled.

    Once inside the managed account you could open FrontRow using the remote, force quit, launch Safari via iTunes, and if you go to File>Print and click Printers And Fax Settings you could also open System Preferences and modify things in all panes in the User category and also others like Keyboard & Mouse.

    Cool!

  5. free retro pornstars Says:

    free retro pornstars

    ka-ka-sh-ka 2045109 Aggregator of free retro pornstars sites

  6. avril girlfriend lavigne lyric Says:

    avril girlfriend lavigne lyric

    avril girlfriend lavigne lyric source

  7. kathy van zeeland purse Says:

    kathy van zeeland purse

    Description of kathy van zeeland purse.

  8. sarcan Says:

    …hey, it gets even better… not only did they not fix this bug in the last half year, but using the services menu you can start all kinds of applications from safari/iTunes…

  9. Approach and Meet any Girl any Woman ! Says:

    Approach and Meet any Girl any Woman !

    Approach and Meet any Girl any Woman !

  10. ives Says:

    i believe deleting the front-row app causes problems, according to some other links i read.

    it’s better to disable it both from the keyboard shortcuts and from the plist file with the following:

    1) sudo vi /System/Library/LaunchAgents/com.apple.RemoteUI.plist

    2) add the following two lines directly after the initial

    Disabled

    3) you should end up with the following (where “…” is the original file content)

    Disabled

  11. ives Says:

    hmmm…. looks like tags are automatically removed from the text…

    see the following link:

    http://christophe.vandeplas.com/2008/12/09/disable-front-row-leopard

    -i

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: