Skip to main content
Question

DockFixup and SIP?

  • October 7, 2015
  • 33 replies
  • 170 views
Show first post

33 replies

I
Forum|alt.badge.img+9
  • itupshot
  • Valued Contributor
  • August 31, 2016

@koszyczj So, do you mean that you did the first command as one script, that runs "After," and the second command as another script that runs "At Reboot?"

I have a similar two-line script for Yosemite that works like a charm, but I am having some issues with El Capitan. I have it set to run "At Reboot." Maybe I can use my script, but just have it run "After" the Base Image install as in your example?

#!/bin/sh
    /usr/libexec/PlistBuddy -c "delete:add-app" /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist
    /usr/libexec/PlistBuddy -c "delete:add-doc" /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist
exit 0
M
Forum|alt.badge.img+4
  • malroy
  • Contributor
  • September 1, 2016

HI All,

i use this script set to run "After" the Base Image install which is similar to @itupshot

that works for me.

#!/bin/sh

/usr/bin/defaults delete "$1/System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup" add-app
/usr/bin/defaults delete "$1/System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup" add-doc

exit 0
I
Forum|alt.badge.img+9
  • itupshot
  • Valued Contributor
  • September 1, 2016

@malroy @koszyczj It looks like the main difference from yours and mine (besides when to run it), is that you're using the defaults delete command instead of plistbuddy.

I just also realized that because I have to run it "After" the base image, I have to define which volume to run the script on. As in @koszyczj's example: 

defaults delete /Volumes/Macintosh HD/System/...

I'll edit mine accordingly for El Capitan, and see if that works for me.

M
Forum|alt.badge.img+4
  • malroy
  • Contributor
  • September 2, 2016

@itupshot

you don't need to hard code define which volume , you can use $1 which is inside my code.

you need to run it "After"

M
Forum|alt.badge.img+6
  • McKinnonTech
  • Contributor
  • September 7, 2016

Can I run the above examples from a DeployStudio workflow on an already imaged/configured iMac?

I'm attempting to go the dockutil route, but I'm having no luck with the script I created.

M
Forum|alt.badge.img+4
  • malroy
  • Contributor
  • September 7, 2016

@McKinnonTech

if it is already imaged/configured, SIP is enabled and you can't modify /System/Library/CoreServices/Dock.app

as it is protected

M
Forum|alt.badge.img+6
  • McKinnonTech
  • Contributor
  • September 7, 2016

@malroy

Thanks - that makes sense.

What a pain!

M
Forum|alt.badge.img+6
  • McKinnonTech
  • Contributor
  • September 7, 2016

For anyone else looking into this while creating a fresh image, I found a solution.

I booted into recovery, disabled SIP in the Terminal

csrutil disable

Ran the following in the command:

 /usr/libexec/PlistBuddy -c "delete:add-app" /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist
/usr/libexec/PlistBuddy -c "delete:add-doc" /System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist

Enabled SIP and reboot:

csrutil enable
reboot

Following this I created a custom User Template with the preferred Dock and tested it with an AD login - the Dock populates fine using the template and no Apple apps are added.

Hopefully we see a better solution for this soon.

Terms & ConditionsCookie settingsAccessibility statement