Blocking the Apple OS X App Store
Solution 1:
If you don't have these computer attached to an OpenDirectory server (the preferred way to do this is to restrict the launching of the app through Workgroup Manager) you can set the permissions on the App Store application to not allow users to run it:
chmod -R 000 /Applications/AppStore.app
This keep anyone from launching the application. It can be pushed out through ARD, can be added to your base image, and can be set in a startup script.
I have no idea what this will do to other applications running on the system so you should test it first.
Solution 2:
The iTunes Store connects on standard HTTP(S) ports, 80 and 443, so I assume that the Mac App Store does the same.
Here is the Apple knowledge base article on blocking the iTunes store by URL: http://support.apple.com/kb/HT3303
It says
To prevent client computers from connecting to the iTunes Store, network administrators can block the Internet host 'itunes.apple.com'.
From a quick tcpdump, it appears that the App Store uses the same URL... for now.
Solution 3:
Run a packet sniffer. Run App Store. Find out what the address(es) are that the Apple App Store uses. Block all incoming/outgoing on that address, on that port, on your perimeter firewall.
Solution 4:
You can also edit your Active Directory schema so that it contains extra information that emulates MCX (similar to Group Policies). You can then log into your AD server from Workgroup Manager on a mac, import AD users/groups as augmented records, and block the application. It's a lot of work to block one thing, however in the long run it means you have a ton more control over your macs.
Here's a link to an Apple webinar that walks you through the steps and explains (better and in greater detail) what I was talking about above:
http://seminars.apple.com/seminarsonline/modifying/apple/index.html?s=301
and here's a PDF (not sure if it's recent)
http://www.sticts.ch/MacWindows/Modifying_the_Active_Directory_Schema.pdf