Skip to main content

I'm trying to do the following:




  • On an Active Directory joined Mac, the first time a user logs in, set the Dock to have a certain set of items in the Dock. The Mac is domain joined with network accounts only, not Mobile accounts.

  • I also delete the locally created user folders (for the network users only) on a regular schedule, and the next time they log in, I want that Dock recreated. I also flush the policy log of the computer when this script runs.



I've tried this a few different ways, all with inconsistent behavior:




  • Created a Policy with a Dock Items payload to load the dock, and set it to execute once per user.

  • Preloaded com.apple.dock.plist into the user template folder

  • Created a Policy with a script using dockutil to preload the dock, and set it to execute once per user.



None of these seems to operate consistently. I sometimes get the right dock created, other times the default Mac dock, and other times it keeps the same settings from the last time that user logged in, even though I've ran rm -rf /Users/username on that folder.



Any ideas on the correct way to do this?



Thanks in advance!

I believe you can change the default user template in MacOS. Maybe this will help: https://sites.sas.upenn.edu/jasonrw/blog/2013/03/create-custom-default-user-profile-os-x-107108

Maybe create a launch agent that triggers your dockutil script?

Configuration profiles work well for me. You can create a "set once" version using mcxToProfile:




  1. Setup the Dock as you want it

  2. Run the mcx to profile script:



mcxToProfile.py --plist /path/to/com.apple.dock.plist --identifier DockSettings --manage Once


There some more examples using mcxtoprofile in this blog about half way down

Thanks all! Digging a little deeper, copying to the User Template/English.lproj in conjunction with not only removing the user folder, but also the cached preferences file may have done the trick.



Here are the relevant lines in my regularly scheduled cleanup script (currently running daily for testing):



sudo killall -u $username cfprefsd

sudo rm -rf $username


It was the killall command that wipes out the previously saved Mavericks preferences, even though I deleted the user folder. I'm going to give this new configuration a whirl and see if it solves it.

adding the dock plist to the system user template is probably the best option for you.
You might be running afowl of cfprefsd regarding the dock sometimes not updating, shouldn't be but I've seen weird things



Also remember that once per user frequency is just that, once per user. It is not once per user per computer.



If user A logs into computer B and then later logs into computer C the policy only runs the first time on computer b. it will not run when the user logs into computer c.



a script using dockutil that runs anytime an AD user logs into a machine might also be a good option

We use Dockutil to set a dock post imaging at the user template.



So AD users new to the Mac get out default dock.



You'll also want to manage/remove the OS relevant com.apple.dockfixup.plist file to stop extra's from being added.

Thanks all. @bentoms - I used dockutil, but because of two things it wasn't working:




  1. I'm deleting the network user folder on a periodic basis.

  2. The scope of "once per user" is, like @calumhunter said, once per user per scope. We're going to have about 10-15 of these machines in this scope, so I couldn't get it to behave the way I wanted.

@jkuo




  1. If you're updating the template & deleting the user account, it will come from the template when they next login.

  2. So once per user even after account deletion?

If this still isn't working I'd still suggest a LaunchAgent to trigger your script on every login.



Something like:



<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

    <key>Label</key>

    <string>com.company.dockscript</string>

    <key>ProgramArguments</key>

    <array>

        <string>sh</string>

        <string>-c</string>

        <string>/Library/Company/Scripts/dockutilscript.sh</string>

    </array>

    <key>RunAtLoad</key>

    <true/>

</dict>

</plist>

@jkuo I use Dockutil as well. I use a LaunchAgent as mentioned above with a script like this.



#!/bin/bash



# Running checkSetupDone function to determine if the rest of this script needs to run.

# Yes, if $HOME/Library/Preferences/com.company.docksetup.plist file does not exist.

# Otherwise, assume this setup script has already run for this user and does not

# need to run again.







checkSetupDone()    {



    if [ -f $HOME/Library/Preferences/com.company.docksetup.plist ] ; then

        exit 0

    fi



}



configureDefaultDock()  {



    DOCKUTIL=/usr/local/bin/dockutil





    $DOCKUTIL --remove all --no-restart



    $DOCKUTIL --add '/Applications/Launchpad.app' --no-restart



    $DOCKUTIL --add '/Applications/Safari.app' --no-restart



    $DOCKUTIL --add '/Applications/Self Service.app' --no-restart



    $DOCKUTIL --add '/Applications/Mission Control.app' --no-restart



    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart



    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Outlook.app' --no-restart



    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' --no-restart



    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart



    $DOCKUTIL --add '/Applications/Microsoft Lync.app' --no-restart



    $DOCKUTIL --add '/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app' --no-restart



    $DOCKUTIL --add '/Applications' --no-restart



    $DOCKUTIL --add '~/Downloads'



    touch $HOME/Library/Preferences/com.company.docksetup.plist



}



checkSetupDone

configureDefaultDock



exit 0

@jhbush1973 - thanks for posting that! I think the missing element I had was the customized com.company.docksetup.plist, as that gets around my issue of deleting the network user folder periodically. So then, my workflow could be:




  1. Create a policy that runs on every login per computer, instead of per user (essentially the same as a LaunchAgent)

  2. Insert that script.



When the network user folder gets deleted, so does the plist file, so when the user logs in again, it'll get recreated. That'll be more modular as well, as when I decide to make a change to the default dock, I don't have to rebuilt a new dock plist and put it in the user template, but I can just change the dockutil script.



I'll give it a go and let you know how it went!

I think it worked. I had to modify it a little since I was applying it through a JSS policy on Login instead of a directly installed LaunchAgent to directly specify to dockutil to modify the home folder of the actual logged in user using $3, but other than that it worked great! Thanks again everyone.



Here's the final resulting script:



#!/bin/sh



LoggedInUser=$3

LoggedInUserHome="/Users/$3"



checkSetupDone() {



    if [ -f $LoggedInUserHome/Library/Preferences/com.company.docksetup.plist ] ; then

        echo "Dock has been created already for this user, skipping..."

        exit 0

    fi



}



configureDefaultDock() {



    plist=$LoggedInUserHome/Library/Preferences/com.apple.dock.plist



    echo "Logged in user is $LoggedInUser"

    echo "Logged in user's home $LoggedInUserHome"



    if [ -e /usr/local/bin/dockutil ] ; then

        dockutilVersion=`/usr/local/bin/dockutil --version`

        echo "dockutil version: $dockutilVersion"

        echo "Clearing Dock..."



        DOCKUTIL=/usr/local/bin/dockutil



        sudo $DOCKUTIL --remove all --no-restart $LoggedInUserHome 



        echo "Adding Launchpad..."

        $DOCKUTIL --add '/Applications/Launchpad.app' --no-restart $LoggedInUserHome 

        echo "Adding Self Service..."

        $DOCKUTIL --add '/Applications/Self Service.app' --no-restart $LoggedInUserHome

        echo "Adding Google Chrome..."

        $DOCKUTIL --add '/Applications/Google Chrome.app' --no-restart $LoggedInUserHome 

        echo "Adding Firefox..."

        $DOCKUTIL --add '/Applications/Firefox.app' --no-restart $LoggedInUserHome 

        echo "Adding Excel..."

        $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart $LoggedInUserHome 

        echo "Adding PowerPoint..."

        $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' --no-restart $LoggedInUserHome 

        echo "Adding Word..."

        $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart $LoggedInUserHome 

        echo "Adding System Preferences..."

        $DOCKUTIL --add '/Applications/System Preferences.app' --no-restart $LoggedInUserHome  



        touch $LoggedInUserHome/Library/Preferences/com.company.docksetup.plist



    else

        echo "dockutil not installed, skipping initial dock setup..."

    fi



}



checkSetupDone

configureDefaultDock



exit 0

Experts, I have one dock item that is made out of package, and that had been added to the beginning of the dock. When I start above script, I have an empty spot in my dock. Besides that all works perfectly.



Thank You

also it says:



Dock has been created already for this user, skipping...

Reply


Terms & ConditionsCookie settings