Being the evil corporate IT overlords we need to block the new OS X App Store. As you may be aware the 10.6.6 update installs the App Store App which allows users to download and install apps without admin privileges.
Some Suggestions:
-
Don't update to 10.6.6+
-
Use parental controls
-
Presumably some OD policy (if you have an OD server which we don't)
-
Block the App store by DNS or Proxy
Not updating to 10.6.6+ isn't really a long term solution as it contains security fixes and new Macs will come with it anyway. Blocking the App store at a network level doesn't solve laptop users.
Ideally a simple system preference or editing of a plist that can be pushed out by ARD would be the best solution.
Please note the question isn't should we block the App store, it's how we can block the App store.
As a quick update it seems that is you are not using an account with admin privileges, you may need supply admin credentials for the first time you download an app to install it, which may solve some of the problem. Very different behavior to the normal OS X elevation of privileges which ask admins and non admins alike.
Best Answer
If you don't have these computer attached to an OpenDirectory server (the preferred way to do this is to restrict the launching of the app through Workgroup Manager) you can set the permissions on the App Store application to not allow users to run it:
This keep anyone from launching the application. It can be pushed out through ARD, can be added to your base image, and can be set in a startup script.
I have no idea what this will do to other applications running on the system so you should test it first.