Posted on 02-26-2020 04:28 PM
Does anyone know if there is a command or commands that I could use to remove files left on the desktop after user logs out? This account is a generic account that other students will be using. There are other policies I will like to set as well. What I'm trying to do is keep the computers running smooth by deleting all the histories on the browsers, deleting any downloads and emptying the trash bin.
Thanks in advance!
Posted on 02-26-2020 06:59 PM
Have you considered having a script that deletes the user and then creates it again using
jamf deleteAccount and 'jamf createAccount`? If you set up your user template properly that would work fine.
You could then scope a bunch of policies to set up the account at login.
Posted on 08-07-2021 04:00 PM
Many applications fill the user folder with settings etc that would need to be recreated every time. Some very badly behaved applications fill it up with gBs of data. For example a previous version of Reason copied its instrument library into the user folder: that was 10GB
Posted on 02-27-2020 07:24 AM
Maybe a Guest User account would work for you?
Posted on 02-27-2020 03:19 PM
That's not a bad idea. I will test it tomorrow to see if this option will work for us. Thanks!
I could also test the guest account as a last resort. Thanks!
Posted on 03-05-2020 07:53 AM
@ honestpuck, I forgot that the local account needs to have a blank password. Therefore, deleting the account and re-creating it will force me to add a password onto it using JAMF. Thanks though.
Posted on 03-05-2020 08:03 AM
Beware with using blank passwords, MacOS 10.15 has removed support for blank passwords and acts really funky if you try and use no password
Posted on 03-05-2020 08:08 AM
@rgauthier Uhm, what you're describing is a Guest account - no password, all the user contents are removed on logout. Just use that if that's how you need it to work. In either case, it's a security risk to have accounts with no passwords, but if that's how you need this to work, then I'd at least go with the OSes built in option instead of trying to hack a scripted process together.
Posted on 03-05-2020 09:59 AM
I have one lab left where I use a policy that triggers on logout to remove the entire user account and user profile using jamf deleteAccount. I have seen on occasion where it leaves a couple crumbs but that was awhile back(probably the dangers of doing anything extensive on logout). Those crumbs never have any data tied to the user but usually not much more than the user profile folder but empty. Originally it worked perfect but then after a few updates to macOS and Jamf it started doing this at random times. I haven't seen it do it for awhile but have been considering creating a startup policy that would run the script to remove the profile if it still exists. All of our Macs reboot nightly so even if a student fails to logout(that of course NEVER happens), the nightly reboot will clean everything up.
As for the account itself it's an active directory account. We were told some time back not to have blank passwords anymore so we just use the school name as the password on the account. It's simple enough for students to use and credentials are posted in the room.
The best solution(for us anyways...maybe not you) is to give students their own accounts. When I took Mac support over, they were using one local account that had admin privileges and had Deep Freeze to reset things on restart in all of our labs. I found DF to be getting in my way too often and the previous tech was supposed to have moved them over to AD so I revamped things plus I'm not a fan of giving students admin. In all but one of the Mac labs the students are now using assigned AD accounts with no admin privileges. It's not their own accounts but it's the best I could convince the "powers that be" of doing and it works great. The students get their own environment to work in and customize and we don't have to worry about removing data except at the end of the semester. Like I said I still have one lab that uses only one account and it's working "ok". In the last few days there's been some chatter about letting the students use their own accounts everywhere but we have to solve printing since all printing goes through our servers. This is why the other Mac labs have assigned accounts as those accounts have printer access. The accounts that each student has for their email does not have printer access. At least the chatter is happening now though.
Posted on 03-06-2020 09:33 AM
With a guest account the data is reset at logout. I'm looking for a way to have the ability to run this task at a define trigger or schedule by me.
Some of the apps we have require few hand touches after deployment and don't work correctly as default. Think of it like a spring cleaning.
We have a policy to create the user account with a password, then a policy to change the password to blank
That's on student devices.
I also have a small fleet of loaners for staff and they use a generic local account in that case and I'd like to sanitize it when confirmed they are done. Right now I sign them out of Google browser and delete downloads, etc.
Posted on 03-19-2020 02:13 PM
Thanks for your response. If you can, it will be a tremendous help to us at our school. Feel free to either email me the instructions you taken to accomplish this or re post here. My email address is firstname.lastname@example.org.
Thanks again and stay safe out there.
Posted on 03-19-2020 02:22 PM
@ jhuls Thanks for your response. I'm working with the security and Network team to guide me on the right path to setup Active directory and added to jamf cloud. What you posted, sounds exactly what I was trying to do. As of now, I running HIgh Sierra on most of the Macs in our school. So blanking the password is not a problem at the moment. If you know a way I could set a policy to log that standard user and delete any files left on the desktop, it will be much appreciated if you have a way to do that. I know setting up a guest account will be idea. I guess that will be my last option.
Thanks again for your reply.
Posted on 03-19-2020 02:28 PM
@mm2270, I will research OSes built in option. I'm not sure what that is. The account that I have currently with no password, is a standard managed account with a few policies I set up. If you could, can you let me know what OSes built in option is and how it works? I tried looking it up, but it seems like it's a Windows thing. I could be wrong. Any help will be much appreciated.
Thanks for your reply.
Posted on 03-19-2020 02:31 PM
@atomczynski The policy you have set for the browsers and etc, do you mind sharing it with me? I would love to test it on my laptop. You can either email me or just posted here. My email address is email@example.com.
Thank you! Stay safe.
Posted on 03-19-2020 02:39 PM
Safari - reset settings to default
Posted on 03-20-2020 04:00 AM
We just move the entire Home Directory to a temporary Location and add a Timestamp where it stays for a few days. If the User misses some files you can always go and grab them from there.
The Homefolder ist automatically recreated from the Template on the next Login.
Posted on 03-22-2020 06:50 PM
@ claudiogardini , is there a way to do this remotely and set it for multiple computers? Thanks for your response.
Posted on 03-22-2020 06:51 PM
@ atomczynski, Thanks I will check it out.
Posted on 03-23-2020 01:03 AM
@rgauthier Sure, just have a Logout Trigger configured in jamf and run the Script ongoing on Logout.
Posted on 08-07-2021 04:10 PM
If you are concerned about cruft, the desktop is only the most obvious place that it accumulates, if only the most unattractive, Most problems occur however with cruft that accumulates elsewhere in the User folder. The guest account is the surest way to avoid this however many apps rely on the user folder to store settings etc, Depending on the complexity of the app a new user experience everytime one launches can be tiresome and sometimes confusing for end users.
We have a script that runs on startup the simply deletes everything in all the places that accumulate cruft.
Posted on 01-11-2023 04:31 PM
UP! looking for this too
Posted on 01-12-2023 12:05 AM
This is no longer possible in the newer Operating Systems. You will need to use the Guest Account for this.
03-09-2023 08:25 AM - edited 03-09-2023 08:25 AM
Still works in Ventura, however you need to grant the bash app full disk access under Privacy & Security in System Settings.
Posted on 03-14-2023 02:05 AM
But the Logout Trigger is no longer available. So how do you trigger the cleanup?