Help

10.11 Dock User Template -- Maps, iBooks, Photos automatically added back

wesleypettit
New Contributor

Posted on ‎02-19-2016 09:51 AM

Howdy!

We have a default dock plist we're adding to the User Template for all newly created users in 10.11. The problems we're seeing is that OS X automatically adds Maps, iBooks, and Photos.

Any ideas on how to prevent this? The defaults plist within the Dock.app in /System/Library/CoreServices/ is no longer accessible for modification in 10.11. We've explored dockutil, and have found it to be highly inconsistent.

0 Kudos
Reply
11 REPLIES 11

djwojo
Contributor

Posted on ‎02-19-2016 10:02 AM

+1 for this one - I am going through what the JSS, Config Profile, Dockutil, etc etc etc can and can't do for 10.11(.3).

0 Kudos
Reply

mm2270
Legendary Contributor III

Posted on ‎02-19-2016 10:28 AM

Not entirely certain, but I believe these get added by way of the infamous dockfixup process. Yes, infamous, as in, we wish it would just go away and leave us alone already.

0 Kudos
Reply

hkabik
Valued Contributor

Posted on ‎02-19-2016 10:34 AM

My dock load up still works in 10.11 without adding these... I just arrange a perfect dock and then package the ~/Library/Preferences/com.apple.dock.plist and deploy FUT and FEU.

0 Kudos
Reply

mbezzo
Contributor III

Posted on ‎02-19-2016 12:47 PM

Hi,
It's not sexy, but I simply run a "remove from dock" policy on the dock items I don't want once the user logs in. It works in our workflow, so may not in others... But does the trick for us!

Thanks,
mbezzo

0 Kudos
Reply

wesleypettit
New Contributor

Posted on ‎02-20-2016 12:13 PM

Thanks for the responses! It's definitely the dockfixup process, and SIP in 10.11 prevents us from from making the changes we utilized in 10.10. We're going to keep playing around with dockutil and and a run-once login policy. Hopefully we can figure out a way to make this process more reliable.

0 Kudos
Reply

Josh_Smith
Contributor III

Posted on ‎02-20-2016 07:20 PM

@wesleypettit I've been using the following script to modify dockfixup during 10.11 imaging to prevent the extra dock items. The trick is to run the script with an After priority in Casper Imaging....it will run after your base image is down but before the reboot (before SIP is enabled). There is logic to figure out which drive is the target drive, so it works for Netbook and Target Disk Imaging. The script assumes default HD names.

#!/bin/sh
if [ -e "/Volumes/Macintosh HD 1" ]
    then
            #Target mode imaging will show two drives named Macintosh HD
            DRIVEPATH="/Volumes/Macintosh HD 1"
    else
            #Netboot will show one drive named Macintosh HD
            DRIVEPATH="/Volumes/Macintosh HD"
fi

OSV=$(defaults read "$DRIVEPATH/System/Library/CoreServices/SystemVersion.plist" | grep "ProductVersion" | cut -d '"' -f2 | cut -c1-4)
if [ "$OSV" == "10.1" ]
    then
        OSV=$(defaults read "$DRIVEPATH/System/Library/CoreServices/SystemVersion.plist" | grep "ProductVersion" | cut -d '"' -f2| cut -c1-5)
fi

case "$OSV" in
    "10.7"|"10.8"|"10.9")
#this applies to 10.7-10.9
        /usr/libexec/plistbuddy -c "delete:add-app" "$DRIVEPATH/Library/Preferences/com.apple.dockfixup.plist" ;;
    *)
#This applies to 10.11+ (not imaging anything older)
        /usr/libexec/PlistBuddy -c "delete:add-app" "$DRIVEPATH/System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist"
#        I'm not removing the add-doc because I want it to add the Downloads folder, but if you want to remove it  on 10.11then uncomment the line below
#       /usr/libexec/PlistBuddy -c "delete:add-doc" "$DRIVEPATH/System/Library/CoreServices/Dock.app/Contents/Resources/com.apple.dockfixup.plist" ;;
esac

I'm sure dockfixup will get updated with a minor upgrade (10.11.4) and add icons to an existing machine...but at least we can start clean for a new image.

0 Kudos
Reply

apizz
Valued Contributor

Posted on ‎02-21-2016 12:53 PM

We have this problem with 10.10 Yosemite as well and setup something similar to @mbezzo where we have a policy triggered at login once per user per computer to remove those three apps. Not optimal, but it works.

0 Kudos
Reply

CasperSally
Valued Contributor II

Posted on ‎02-24-2016 12:21 PM

Thanks @Josh.Smith - this script works great for us. Smart to do it as an after script.

0 Kudos
Reply

maurie_b
New Contributor

Posted on ‎03-22-2016 04:41 PM

I created a custom Configuration Profile based on the Dock.plist I had with all the apps I wanted. I used this format for Downloads folder: <key>home directory relative</key><string>~/Downloads</string>.
I converted the plist to xml and then uploaded it to JSS as a Conf Profile and it works pretty well.

0 Kudos
Reply

rcantrell
New Contributor II

Posted on ‎03-23-2016 11:03 AM

@hkabik

Does your default dock include user specific folders. For example their documents, downloads, picture folders?

That's is where I run into trouble when using a template. The template user folders are hard mapped at that point in the template. If I try to deploy that plist to another user, that user gets the template user's folders mapped to their dock, which the user has no access to. I kind of get where this issue stems from since the plist tells you what folders get mapped.

What is weird is that this is no different in previous versions of OS X, at least since 10.6. It's like OS X just kind of understood what you meant but now, 10.11 is like, "nah dawg".

0 Kudos
Reply