Profile Manager OS X restrictions settings
Use this payload to permit or restrict access to specific preferences, apps, Dashboard widgets, media, and sharing services on Mac computers.
Note: Use the OS X restrictions payload for OS X device, user, and user group configuration profiles. For more information, see About profiles and payloads and Payload best practices.
Preferences
To prevent users from accessing specific panes of System Preferences, select only the panes you want users to access. If a pane isn’t listed, make sure it’s installed on the server with Profile Manager.
Apps
Manage access to Game Center and app usage. You can allow access to any app that is in the folders you designate or you can disallow apps based on their location.
To add an app or folder to the list, it must be installed on the server with Profile Manager enabled.
Setting | Description |
|---|---|
Allow use of Game Center | When this option is off, Game Center is disabled. |
Allow multiplayer gaming | When this option is off, multiplayer gaming is disabled. |
Allow adding Game Center friends | When this option is off, users of Game Center can’t invite friends. |
Allow Game Center account modification | When this option is off, users of Game Center can’t modify their user name or password. |
Allow App Store app adoption | When this option is off, iLife and iWork apps that shipped with OS X can’t be adopted by the App Store. |
Require admin password to install or update apps | When this option is on, an administrator password is required in order to update any apps. The default is Off. |
Restrict App Store to MDM installed apps and software updates only | When this option is on, the App Store can only be used to update apps installed by MDM and Apple software updates. The default is Off. |
Restrict which apps are allowed to launch | When this option is on, you can restrict which apps can be used. The default is Off. |
Widgets
Use Add 
to specify which Dashboard widgets the user can open. To specify the widgets, they must be installed on the server with Profile Manager enabled.
Media
The Media Access payload lets you specify whether to allow AirDrop and what types of storage media to allow. You can prevent access entirely, allow read-only access, or permit full access if the user authenticates with a local administrator password. You can also specify that all removable media be ejected when the user logs out.
Sharing services
Restrict the services that are available in the Share menu for apps.
Setting | Description |
|---|---|
AirDrop | When this option is off, AirDrop can’t be used to share items. |
When this option is off, items can’t be posted to Facebook. | |
When this option is off, items can’t be posted to Twitter. | |
When this option is off, items can’t be attached to a mail message. | |
Messages | When this option is off, items can’t be sent using iMessage or SMS. |
Video services | When this option is off, items can’t be posted to Flickr, Vimeo, Tudou, and Youku. |
Add to Photos | When this option is off, items can’t be sent to Photos. |
Add to Aperture | When this option is off, items can’t be sent to Aperture. |
Add to Reading List | When this option is off, items can’t be sent to the Reading List in Safari. |
Sina Weibo | When this option is off, items can’t be posted to Sina Weibo. |
New sharing services | When this option is off, no new sharing services are enabled. |
Functionality
You can choose the location of the image file for the Desktop background and decide whether that image selection can be changed.
You can also restrict the following:
Setting | Description |
|---|---|
Allow use of camera | When this option is off, cameras are disabled and the Camera icon is removed from the Home screen. Users can’t take photographs or videos, or use FaceTime. |
Allow iCloud documents and data | When this option is off, documents and data aren’t added to iCloud. |
Allow use of iCloud password for local accounts | When this option is off, users can’t use their iCloud password for their local account password. |
Allow Spotlight Suggestions | When this option is off, Spotlight won’t return any results from an Internet search. |