So I posted asking for help on this here site with a script to automatically force log off users after 30 minutes and to wipe the desktop. A helpful soul provided me with something which does that and deletes the profile which does clear the desktop. Unfortunately that would not work for the people requesting this and they came back with a new wrinkle: they wanted 2 desktop shortcuts to a couple of websites which need to be preserved when the log out and wipe takes place.
I thought I found the right way to go which works in Terminal as well as when the following lines are in their own script in Jamf.
find /Users/libuser/Desktop -type f -not -name "Click Here to Open a Ticket with ITS.webloc" -and -not -name "Library Homepage.webloc" -exec rm {} \;
killall loginwindowThe problem is, the find command doesn’t run even though the killall loginwindow one does. If I can just get the find command to run then I’ll be all set. I read that maybe glob would work better instead of find here but I can’t find how to replicate what the find command does.
Here is the full script with the above lines embedded that partially works (I know the timeout is only 60 seconds but I was doing that for testing):
#!/bin/bash
cat << EOF > /usr/local/bin/forcelogout.sh
log="/Library/Logs/Auto_Logout/Auto_Logout.log"
writelog() {
local log_file="/Library/Logs/Auto_Logout/Auto_Logoutlog"
echo "\$(date '+%Y-%m-%d %H:%M:%S') - \$1" >> "\$log_file"
}
mkdir -p "/Library/Logs/Auto_Logout"
lidClosed=\$(ioreg -r -k AppleClamshellState -d 4 | grep AppleClamshellState | head -1 | awk '{print \$NF}')
if [[ "\$lidClosed" == "Yes" ]]; then
writelog "Lid has been closed while still logged in; logging out."
osascript -e 'tell application "loginwindow" to «event aevtrlgo»'
rm -r /private/var/libuser
else
writelog "Lid is not closed; exiting."
fi
IdleTimeSecs=\$(expr \$(ioreg -c IOHIDSystem | awk '/HIDIdleTime/{print \$NF; exit}') / 1000000000)
IdleLimit="60"
if [[ "\$IdleTimeSecs" -gt "\$IdleLimit" ]]; then
writelog "Idle limit reached. Logging out user."
find /Users/libuser/Desktop -type f -not -name "Click Here to Open a Ticket with ITS.webloc" -and -not -name "Library Homepage.webloc" -exec rm {} \;
killall loginwindow
fi
exit 0
EOF
cat << EOF > /Library/LaunchAgents/com.apple.forcelogout.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.forcelogout</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/usr/local/bin/forcelogout.sh</string>
</array>
<key>StartInterval</key>
<integer>15</integer>
</dict>
</plist>
EOF
chmod 644 /Library/LaunchAgents/com.apple.forcelogout.plist
chown root:wheel /Library/LaunchAgents/com.apple.forcelogout.plist
/bin/launchctl load /Library/LaunchAgents/com.apple.forcelogout.plist
exit 0
Anyway, I appreciate any help here and if there’s a different way of doing the same thing I’m open to it.