I will preface this, with the truth that I know little about Macs :-)
I am trying to workout a way to block application installations (or executions) on Macs. We have a subset of executive users (meaning they "need" root on the box) who have Macs. However, the are installing applications like Skpe, that break our Corporate Policies. Does anyone know of a software to manage this? Preferably Open Source.
I really doubt this will be possible if the users have root access on their boxes, as they will easily be able to circumvent anything you put in their way.
Anyway, if you use OpenDirectory (i.e. a MacOS Server), you can easily limit (non-root) users to open only programs they are allowed to open. According to this blogpost, it should be possible even with the local directory, without a server.
A little bit of background: This user restrictions are handled by "User preferences", something like GPOs on Windows, and stored in the OpenDirectory and as MCX files on the local machine, which the blogpost tries to emulate without a server.
My limited knowledge of OSX leads me to believe that this is probably not possible, but I would welcome somebody saying otherwise.
Unlike most *nix systems, many apps just sit as a blob and run in user space without files being put anywhere that needs lower level privileges.
Use false DNS entries. Make www.skype.com point to 127.0.0.1. Or make use of OpenDNS which will also do the same thing, but will send it to a generic "This page has been blocked because it is an X site" where X can be any of a number of categories, such as filesharing, proxy, etc.