Skip to main content
Solved

Managing The Wallpaper

  • January 30, 2015
  • 12 replies
  • 78 views
C
Forum|alt.badge.img+8

We have been asked to lock down our users wallpaper. We locked the wallpaper down by placing a PNG in a folder in the /Library/FolderthatstoresPNG. Everyone has permissions to this folder. Then lock the wallpaper down with a config profile. BAM! wallpaper locked down. Well then some one was smart enough to REplace our PNG with their own PNG......So now their background is whatever they replace that PNG with. We have underestimated the sneaky sneak of some people.

So now i have place the PNG in our hidden management account which is in /private/var/Managementaccount/Documents

no one has permissions to this folder, so when the config profile looks for the PNG it does not find it.

Is it a permissions thing? or is it that the PNG is in a hidden account?

How are other people managing wallpapers?

Thank you! and happy FRIDAY!

Best answer by davidacland

Sounds like a few steps will be needed to try and prevent changes:

  • Lock out the Profiles system preference
  • Lock out the Desktop and Screensaver system preference
  • Make sure the file is in a hidden folder, but have the permissions set so the system can still read it
  • Lock the PNG file with ``` chflags uchg /path/to/file 
    - As @daz_dar mentioned, hide it with the ```
chflags hidden
    command

Not sure if this is for a company or a school, but if it was a company, taking the non-technical approach I would communicate to everyone that the desktop background isn't to be changed.

If people do it, take away their admin rights.

    12 replies

    R
    Forum|alt.badge.img+5
    • Rayfield
    • Contributor
    • January 30, 2015

    You can create a package that stores the wallpaper.

    With Composer, select New, go down to User Environment, Select Background, then done :D

    We have ours set to push out on log out, so the next time they log in it will be reset to default.

    C
    Forum|alt.badge.img+8
    • Chriskmpruitt
    • Author
    • Contributor
    • January 30, 2015

    with doing it that way couldn't they just change their wallpaper whenever they want to?

    @rleatherwood

    R
    Forum|alt.badge.img+5
    • Rayfield
    • Contributor
    • January 30, 2015

    Yes. They could still change it. But it would get reset to default as soon as they logged out.

    R
    Forum|alt.badge.img+5
    • Rayfield
    • Contributor
    • January 30, 2015

    I believe there's a parental control setting that disables the option to change the wallpaper. But I'm not entirely sure how to do it that way.

    Maybe through configuration profiles?

    RobertHammen
    Forum|alt.badge.img+29
    • RobertHammen
    • Esteemed Contributor
    • January 30, 2015

    Are the users admins? Can you make the image, and the folder inside of it, read-only?

    If they are admins, you could set a policy that runs at Logout that reinstalls the image, so the next time they log in, it's back ;-)

    L
    Forum|alt.badge.img+6
    • laurendc
    • Contributor
    • January 30, 2015

    I ran into this by accident while trying to figure out how to use configuration profiles to push a wallpaper out on first login, but leave it unmanaged afterwards. I ended up disabling it but I know it works at least in testing. You can definitely use configuration profiles to lock the wallpaper down. We are running 9.62, not sure if that function exists in earlier versions.

    C
    Forum|alt.badge.img+8
    • Chriskmpruitt
    • Author
    • Contributor
    • January 30, 2015

    sadly yes our users are admin. So we just have to be smarter then then lol

    daz_wallace
    Forum|alt.badge.img+13
    • daz_wallace
    • Contributor
    • January 31, 2015

    When you package the replacemen background, why not have the file as hidden in the gui?

    chflags hidden [path to file]

    After this, I'm pretty sure that all users will need read access to the file for the profile to use it?

    davidacland
    Forum|alt.badge.img+18
    • davidacland
    • Valued Contributor
    • Answer
    • January 31, 2015

    Sounds like a few steps will be needed to try and prevent changes:

    • Lock out the Profiles system preference
    • Lock out the Desktop and Screensaver system preference
    • Make sure the file is in a hidden folder, but have the permissions set so the system can still read it
    • Lock the PNG file with ``` chflags uchg /path/to/file 
      - As @daz_dar mentioned, hide it with the ```
chflags hidden
      command

    Not sure if this is for a company or a school, but if it was a company, taking the non-technical approach I would communicate to everyone that the desktop background isn't to be changed.

    If people do it, take away their admin rights.

    acodega
    Forum|alt.badge.img+15
    • acodega
    • Valued Contributor
    • January 31, 2015

    I would imagine that it's a permissions issue. Certainly easy to test.

    At this point, someone else needs to be involved as this is a disciplinary issue.

    G
    Forum|alt.badge.img+10
    • gregneagle
    • New Contributor
    • January 31, 2015

    Use a configuration profile. Here's an example:

    https://github.com/gregneagle/profiles/blob/master/desktop_picture.mobileconfig

    ...and if you don't want the users to modify the desktop picture file itself:

    1) Don't give them write rights to the file or the enclosing directory, and
    2) Don't give them admin rights.

    If they have admin rights, you're just wasting your time trying to lock stuff down. They now have as much power over the machine as you do.

    B
    Forum|alt.badge.img+16
    • bvrooman
    • Valued Contributor
    • February 2, 2015

    You could set a logout policy which installs a package (maybe a DMG would be faster?) containing the correct desktop picture, placed at whatever path the config profile is configured for. Set it for ongoing execution and check the offline box - each client will cache the package and replace it at each logout.

    Terms & ConditionsCookie settingsAccessibility statement