Understanding Policies: System Preferences Control / Restrict Control Panel

By Zach DeMeyer Posted December 21, 2019

GPO-Like Policy

JumpCloud® Policies are the Directory-as-a-Service® analogue to the popular Group Policy Objects (GPOs) of Active Directory®, leveraged across all three major operating systems (Windows®, Mac®, Linux®) from the cloud. Using Policies, admins can automate much of their system security management. The System Preferences Control and Restrict Control Panel Policies help admins promote a zero trust security model in their organization.

What the System Preferences Control and Restrict Control Panel Policies Enforce

The System Preferences Control Policy for Mac and Restrict Control Panel Policy for Windows let admins block end users from making changes to their system settings. By using the policies, admins control which specific setting preferences their users can edit.

macOS System Preferences Window
macOS System Preferences Window

WIndows Control Panel
Windows Control Panel

Using the JumpCloud system agent, each policy relies on native system settings to lock down their respective control windows. When the policies are activated, only the workstation’s local admin or the organization’s sysadmin can unlock the control window and make setting changes.

Why Leverage These Policies?

Although most settings are fairly innocuous, some of them critically affect a system’s operation. They also control the behavior of stored data like network attributes, file backups, disk encryption, etc. If a bad actor succeeds in compromising a system, they can do even more damage if they have access to these kinds of settings.

In some cases, a bad actor can arise from within an organization. If granted access to system settings, the insider can reap sensitive organizational data right under an admin’s nose. That’s where zero trust security comes in. 

Under a zero trust security model, IT organizations operate by the concept that any person or system can present a risk to the operations of a business and shouldn’t be trusted inherently. This doesn’t preclude employees within an organization, meaning that all system activity and network access should be monitored with the utmost vigilance and restricted as neccessary.

By limiting a user’s capabilities to adjust the settings on their workstations, admins uphold their preset system policies. Further, in preventing users from affecting configurations, IT organizations maintain tighter control over their fleets.

How to Leverage JumpCloud Policies

Using Policies in JumpCloud Directory-as-a-Service is easy. Admins can simply apply them to either whole system groups or individual systems as needed, all with just a few clicks in the Policies tab.

Not Using JumpCloud?

If you are interested in leveraging GPO-like system policies across Windows, Mac, and Linux, consider JumpCloud as your solution of choice. You can try our cloud directory service absolutely free, with 10 users included forever to get you started.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts