Applescript - checking for prohibited programs
I was recently asked to disable internet access on a suite of macs for an exam. Easier said than done: I don’t have any router/firewall control for the network they’re on, and they would still need network printing access.
There were a few things I could have done: blocking port 80 and 443 on the machines’ local firewalls, or changing the proxy settings to point the web browsers to some bogus proxy. Problem is that the machines will need internet again within minutes of the end of the exam, and I’m just not confident enough that changing such settings won’t bugger something up.
So I went down a different route: this is a script for running at the start of an exam. It only runs on a management server with Remote Desktop, so no worries about buggering up the client machines. It monitors the current application of each machine, and if someone runs firefox or safari, it will log their machine name, the application, and the timestamp, then bring up an observation window on their computer.
--script to monitor for 'illegal' programs on write_to_file(this_data, target_file, append_data) try set the target_file to the target_file as text set the open_target_file to open for access file target_file with write permission if append_data is false then set eof of the open_target_file to 0 write this_data to the open_target_file starting at eof close access the open_target_file return true on error try close access file target_file end try return false end try end write_to_file tell application "Remote Desktop" set ComputerList to computer in computer list "Newspaper Macs copy" set LogFile to (((path to desktop folder) as text) & "InternetAccessLog.txt") set NaughtyList to {} repeat repeat with x in ComputerList if (((NaughtyList contains (name of x as text)) = false) and ((current application of x contains "Safari") or (current application of x contains "Firefox"))) then set LogText to ((name of x as text) & " accessed " & (current application of x as text) & " at " & ((current date) as text) & "\r") --set LogText to name of x as text my write_to_file(LogText, LogFile, true) observe x set NaughtyList to NaughtyList & {(name of x as text)} end if end repeat end repeat end tell
Limitations: to stop observation windows from constantly stealing focus, a machine will only be noted once per run (although you can re-run the script which will reset the ‘naughty list’). The observation windows will only do you any good if you’re keeping an eye on them.