Block applications by their bundle identifier from launching in the Finder
Because the blocking is done by the bundle identifier, the location or name of the application bundle doesn't matter
For true blacklisting of binary execution, look at Google's Santa project: https://github.com/google/santa
This script doesn't literally "block" the execution of an application, it gets notified when an application is being launched and sends a SIGKILL signal to the process.
It's a simple method to help administrators stop their users from using applications the organization has decided should not be allowed. If you have a management framework with a similar feature, you should use that instead.
Add the bundle identifier for each application you wish to block to the list blockedBundleIdentifiers
blockedBundleIdentifiers = ['com.apple.InstallAssistant.Sierra']You can use either exact bundle identifiers or a regex pattern.
If you also want to delete the application when it's launched, set deleteBlockedApplication to True
deleteBlockedApplication = TrueTo disable the alert shown to users, set variable alertUser to False
alertUser = FalseTo change the text shown in the alert, modify the alertMessage and alertInformativeText variables respectively.
alertMessage = "The application \"{appname}\" has been blocked by IT"
alertInformativeText = "Contact your administrator for more information"To change the icon shown in the alert, modify the alertIconPath
alertIconPath = "/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/Actions.icns"