No Matches Found!
Try with a different search term
I have implemented this KSP setting so users will not be able to access settings for any biometric setup for our 3rd party app. However now when into admin mode the Settings app is now blocked there too. How can I enable the settings app while in admin mode but leave this setting in place for lockdown kiosk so users cannot get to settings:
The KSP setting applied:
what it does, and we need to keep:
what it also does in admin mode when i click on the settings icon that i need to get rid of:
I think you can use an application run control profile to block settings which will be "revoked" when in admin mode instead.
Also try to identify the needed bundleID for the kiosk mode by using identify_activity script in admin mode then. Does not work always (often you get just settings or subsettings) but sometimes.
Thanks so much for the quick reply: I have tried adding the bundle ID to app run control along wit plenty of others and it still gives them access to settings via kiosk mode:
So I was able to get this to work with activity suppression lockdown however we will lose our access to recents button and our users use this button often. Would rather not have to give that up for this to work.
How are you entering Admin mode exactly? If you are using the dropdown option in Remote Control to turn kiosk mode off then that may not be putting the device into Admin mode. I usually use a combo script disabling Kiosk and enabling Admin mode simultaneously rather than using those drop down options in RC as they can leave the device in a confusing state.
I am on the device and manually going to MC and pressing and holding user mode until it prompts for admin password.
Hi Katie,
When you enable the settings, as far as I know, it restricts the access both for user and admin. So even if you change the agent mode from user to admin from your lockdown/kiosk screen or such, it should be expected. You may quickly test it by using a device without lockdown.
When you need to change the settings, what you can do, you may either revoke the profile from specific devices for a while, or you may move the device to another group that has same profiles (but without the settings restriction for this configuration).
Zafer
