Mac App Store: move along, nothing to see here

Mac App Store iconThe Mac App Store launched yesterday along with the Mac OS X 10.6.6 update.

Some of the questions raised here are now answered.

Namely:

  1. Users need to have administrative credentials to use the App Store.
  2. Because of #1, apps are installed in /Applications, like most other apps.
  3. #1 and #2 mean that apps from the App Store are usable by all users of the machine, and can be updated or removed by any other user of the machine, provided the user has admin credentials.
  4. The App Store keeps track of purchases made under a given AppleID, so you as an IT administrator need not worry about preserving a user’s purchased App Store apps when migrating a user to another machine.

In reality, the advent of the Mac App Store does not change things much for enterprise administrators.

If your users are admins, they’ve always been able to purchase, download and install software to company computers. If you have policy is place against this practice, that policy will be just as effective (or not) now as it was last week. So there is no change with the addition of a Mac App Store.

Non-admins can’t purchase or install software from the App Store.

Bottom line: the App Store doesn’t give users any new capabilities that they didn’t already have.

All that said: if you really want to block access to the Mac App Store, there’s a really simple solution: delete the App Store application.

There are other less draconian options, such as:

  • Using MCX to limit access to the App Store application.
  • Moving the App Store application to a location accessible only by a certain user or group — for example, moving it to the Applications folder of a local admin account.
  • Changing the group and mode so only members of a certain group can run it.

If you decide to limit access, MCX is a good approach because it should continue to work even across Apple updates. Many of the other solutions may need to be reimplemented after an Apple update, which may put a new, updated copy of the App Store application back in the /Applications folder with the default owner, group and mode, potentially undoing your modifications.

Mac App Store: move along, nothing to see here

15 thoughts on “Mac App Store: move along, nothing to see here

  1. Rather than deleting Apple software which may lead to a mess when updates come out I have chosen to hide certain apps. Used to be you needed the dev tools to hide files and folders but since Leopard you can do it with chflags:

    chflags hidden “/Applications/Front Row.app”

    To unhide use chflags nohidden …

    You’d still have to use MCX or something if you actually wanted to prevent launching the app, but hiding the file will prevent people from attempting to launch and getting the impression they’re being “restricted,” while avoiding trouble with future OS updates.

    1. I agree that deleting the app is likely to cause pain down the road, but in this specific instance, I suspect that hiding the app won’t be terribly effective, since users could always choose “App Store…” from the Apple menu, which would launch the app even if hidden.

      Additionally, the App Store is also added to Dock for each user, and I bet that would successfully launch a hidden app as well, so you’d need to remove that as well.

      (Hmmm, I wonder what mechanism is adding the App Store to the Dock…)
      (…goes away…)
      (…after a while, comes back…)

      You’d want to delete or modify /Library/Preferences/com.apple.dockfixup.plist to prevent the addition of the App Store to the Dock.

      1. Don Montalvo says:

        Gary,

        I read if you remove App Store.app you lose the Apple Menu “App Store…” option.

        In any case, I guess I was crying wolf, since I (wrongly) assumed a non-admin user could purchase and install into their home directory. I was wrong, from what you (and everyone else) is saying, in fact App Store purchased applications go into /Applications which requires admin rights.

        Thanks,
        Don

  2. […] This post was mentioned on Twitter by Christopher Grande, Seokchan Lee. Seokchan Lee said: @seokchanlee ์ž๋ฌธ์ž๋‹ต์ด์ง€๋งŒ Mac App Store์—์„œ ์„ค์น˜๋˜๋Š” ์–ดํ”Œ์€ /Applications์œผ๋กœ๋งŒ ๊ฐ€๊ฒŒ ํ•˜๋Š”๊ตฌ๋‚˜.. ํ™ํ™ http://bit.ly/fo076Z […]

  3. I had a thought; could the app store be _corrupted_ to be used as an enterprise self service app store for within organizations… Probably not in this iteration but would be great if you could use it that way.

  4. Mike M says:

    Greg, you mention using MCX to disable usage of the Mac App Store, which of course makes the most sense. But you don’t mention what setting, if any, could be used to do this. Do you happen to know what MCX key names exist for it, or is ti too early to tell at this point?
    Looking in the com.apple.appstore.plist file doesn’t reveal anything especially interesting.

  5. PhS says:

    It would have been really sweet that Apple enables the possibility for non admin users to install app in ~/Applications … a bit like some System Preference files that ask you for a “this user only” or “all users”

    Do you guys believe this could happen in the future ?

    Rque: Strangely enough App Store detected my Transmit install (which is in my ~/Applications)… I hope they release an update soon , curious to see how it will go

    1. Wouter says:

      Yeah I am also very interested to know how they will handle updates for Applications installed in ~Applications

  6. Hi Greg:

    We are developing a solution that would enable admins to create an enterprise app store and therefore non-admin would be able install vetted/curated apps. It would be great if we could have a conversation to get your feedback … No, no sales pitch…. If anyone else is interested, please contact me at the email below. Thanks.

    1. This sounds a lot like Casper’s Self-Service portal and Munki’s Optional Software — in both cases the admin makes certain software items available, and end-users (even without admin rights) can install the software themselves.

  7. Ahmed Elkiki says:

    Hi,

    I have a Mac osx snow leopard, 10.6.8, whenever I try to access the App Store it remains blank for a while and then gives the below message

    One Moment Please.
    Connecting to the iTunes Store.
    Loading

    If iTunes doesn’t open, click the iTunes application icon in your Dock or Windows Task Bar. To download iTunes, please click here.

    This message just remains forever and the beach ball keeps spinning. Moreover, when I go to store>sign in and i enter my apple ID and password the beach ball keeps spinning forever and nothing happens.

    I desperate and devastated, can anyone help with that?

Comments are closed.