I'm able to do this by refreshing the pref cache. This script does the trick:
#!/bin/sh
################
# Remove pref file that contains last opened data
/bin/rm /Users/*/Library/Preferences/ByHost/com.apple.loginwindow.*
# Clears the pref cache
/usr/bin/killall cfprefsd
Couldn't you just capture the com.apple.loginwindow.plist file with the settings applied and do a FUT/FEU?
I do this by running:
/usr/bin/defaults write com.apple.loginwindow TALLogoutSavesState -bool false
@kswiedikon Do you run that as an ongoing logout script? I like that better than the other solution.
I run it as a login script (once at every login as a LaunchAgent).
The result is, that the "re-open windows when logging back in" option is not automatically checked at logout.
The problem: a user is able to re-check the option again manually in logout dialog
We do that via MCX.
This is applied @ login, so even if a user ticks it. It's unticked at next login.
@bentoms Could you attach a screenshot of your mcx preference? I have tried this but it doesn't seem to work. I'm assuming I don't have something in the preference correct. Thanks!
@krusej23][/url I'm not sure how @bentoms][/url does it. I had to manually create a Managed Preference under "Login Window". See below....
This apparently doesn't work at the computer level? We don't have users in our JSS so how would it work since it only works at the user level?
@krusej23 As far as I know you can still apply user-level MCX to local accounts. The Managed Preferences would get applied to the account during login. If you are using JSSv9 you can limit the Managed Preferences to a specific user(s) or exclude certain local or LDAP users/groups.
If you need to troubleshoot the issue, you can force jamf to compose the managed preferences with:
jamf mcx -username name-here
You can also check dscl to see what mcx-preferences applied:
dscl . -mcxread /Users/name-here
We just want to apply it to all computers in our district. If I set the scope to all computers and have the preference setup like you have it then it should work right?
We manage mcx through AD, but if the mcx needs to be applied at user level, then I believe in Casper you set the mcx to user level and then scope this mcx to all of your computers. The OS will realise this is a user level mcx and apply appropriately.
I'm not currently in a Casper environment, so if someone wants to deny/confirm.
Sorry to bring back the dead here guys perhaps someone can weigh in.
I have a profile applied to a number of devices that does successfully untick the box for each user.
I am however still having a large build up of services on devices which are cleared at system restart. But if the device submits an inventory update, it breaks the device on JAMFcloud.
i.e Recons fail if the device has over 10000 services already listed on the JSS
sudo launchctl list | wc -l
Returns a count of active services so I’m currently trying to catch a device via ARD with escalating service counts.
I’m pretty stuck on what to do about it though.
It was in my understanding that logout hooks are deprecated? So wasn’t using them - should I give it a go?
it’s specifically loginwindow and security.agent services that are listed.
