Hi, this is for a an M1 iMac computer cluster.
When a new user logs in, a number of applications open on launch, even though there are no login items enabled for them and they don't launch again with future logins once the account is created.
Apps in question (always the same):
Text Edit (blank)
Terminal (showing login time/date -zsh-80x24)
Script editor (blank)
I'm not quite sure where this is coming from, I've not set any login items and can't seem to find a policy that does.
Is there a way of blocking them? Ideally would like to find out why this is happening, it's quite messy. Any ideas / help would be appreciated!
How is the initial account being created? I suspect something from your setup process is putting some stuff into the user account that is causing those apps to appear that they were previously open and need to re-open on next login. For example, if you reboot your Mac from the Apple menu, you sometimes get asked by the OS if you want to reopen apps on login. If you don't uncheck that box in the dialog, the open application list gets written to a plist, which then gets read back on next login and it opens all those applications again. This is Apple's Resume feature, which has been around now for years.
Maybe something like that is being captured in some way and pushed to those accounts, like a package that was deployed that may have been created using Composer's snapshot function. I would take a look at those. Often times when strange behavior like this happens, it comes down to a pkg or dmg that contained some items that it shouldn't have had that were pushed to the machine.
At the moment I've yet to link to the Active Directory, so created a local account via a policy, I've also tested creating a local account manually on a machine to see if had anything to do with the policy but there is no difference, on first log-in I get the apps.
Good idea on the snapshots I'll try and have a look but most applications I've sent out did not use the snapshot feature just default .pkg settings (built using the app in composer). Hopefully that means I only have to check a few applications if this is the reason.
Ok so if you're getting the apps launching on login after creating a brand new account manually and then logging in to that, I suspect there was something pushed to the System's User Template at work here. You may have something adding a plist or whatnot to /System/Library/User\ Template/English.lproj/Library/Preferences/
If you get a root account open in Terminal on an affected machine, you can navigate to that directory and examine the contents to see if anything stands out.
Think you found it!
There are a few plists in the 'By Host' folder with:
Not sure the best way to address this (via a policy?) - open to suggestions & apologies for all the questions I'm rather new to JAMF.
I suspect seeing composer in that plist means you have a policy that's deploying a package that was created in Composer. If that package was created by a state/file change process then there is your culprit.
Assuming you are not populating the "ByHost" folder in the User Template for another reason, you could clean it up by running a script that looks for the folder and removes it if found, such as:
#!/bin/bash # look for ByHost in Catalina and later if [[ -d "/Library/User Template/English.lproj/Library/Preferences/ByHost" ]]; then rm -rf "/Library/User Template/English.lproj/Library/Preferences/ByHost" fi # look for ByHost in Mojave and prior macOS versions if [[ -d "/System/Library/User Template/English.lproj/Library/Preferences/ByHost" ]]; then rm -rf "/System/Library/User Template/English.lproj/Library/Preferences/ByHost" fi
But I think the more important way to fix it is to find the the package you are installing on machines that puts those files there in the first place and rebuild it to exclude those files.