Now that the DockFixup plist is guarded by SIP (/System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist), how are admins keeping those "extra" Apple apps out of a managed dock?
Page 2 / 2
@koszyczj So, do you mean that you did the first command as one script, that runs "After," and the second command as another script that runs "At Reboot?"
I have a similar two-line script for Yosemite that works like a charm, but I am having some issues with El Capitan. I have it set to run "At Reboot." Maybe I can use my script, but just have it run "After" the Base Image install as in your example?
#!/bin/sh
/usr/libexec/PlistBuddy -c "delete:add-app" /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist
/usr/libexec/PlistBuddy -c "delete:add-doc" /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist
exit 0HI All,
i use this script set to run "After" the Base Image install which is similar to @itupshot
that works for me.
#!/bin/sh
/usr/bin/defaults delete "$1/System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup" add-app
/usr/bin/defaults delete "$1/System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup" add-doc
exit 0@malroy @koszyczj It looks like the main difference from yours and mine (besides when to run it), is that you're using the defaults delete command instead of plistbuddy.
I just also realized that because I have to run it "After" the base image, I have to define which volume to run the script on. As in @koszyczj's example:
defaults delete /Volumes/Macintosh HD/System/...I'll edit mine accordingly for El Capitan, and see if that works for me.
you don't need to hard code define which volume , you can use $1 which is inside my code.
you need to run it "After"
Can I run the above examples from a DeployStudio workflow on an already imaged/configured iMac?
I'm attempting to go the dockutil route, but I'm having no luck with the script I created.
@McKinnonTech
if it is already imaged/configured, SIP is enabled and you can't modify /System/Library/CoreServices/Dock.app
as it is protected
@malroy
Thanks - that makes sense.
What a pain!
For anyone else looking into this while creating a fresh image, I found a solution.
I booted into recovery, disabled SIP in the Terminal
csrutil disableRan the following in the command:
/usr/libexec/PlistBuddy -c "delete:add-app" /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist
/usr/libexec/PlistBuddy -c "delete:add-doc" /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plistEnabled SIP and reboot:
csrutil enable
rebootFollowing this I created a custom User Template with the preferred Dock and tested it with an AD login - the Dock populates fine using the template and no Apple apps are added.
Hopefully we see a better solution for this soon.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.