Different Dock for each user (one computer)

New Contributor II

Does anyone know how to get jamf to do a different dock for each user on a computer at login? Example: I have an admin account on the computer that I want to have a specific dock load out for IT use. There is also a regular user on the computer which needs its own dock load out. I have tried scoping the policy to all computer and excluding the admin user but this does not work. The policy launches at login and changes the dock to the regular user load out despite the fact that I am logging in with the admin account.


New Contributor II

Are you creating the config as system level or user level? If the policy is set as a system level dock policy it wouldn't matter who was logging in as soon as a user other than your admin account logged in once it would be applied to your machine. I would suggest creating a smart user group for your staff scoping a user level dock to it and then creating a seperate policy for tech staff and scoping a policy to just that user both should be set to all computers.

New Contributor II

Just a recap: Tried it with policies first. Logging in with any user including the admin user would trigger the policy even if the admin was excluded in the scope. Support told me that excluding or scoping to a specific user would only work if the computer was assigned to that user. I can't assign the admin to the computer. I need the user who will get the machine assigned to it.

Currently: I'm trying it with config profile. I have it set to user level and scoped to only my user. The profile doesn't load unless I switch it to computer level and scope it to the computer instead of the my user. Next I assigned the computer to my user and tested to see if it worked like the policies and needed to be assigned to a user. Still did not load the profile. Is there a step I'm missing?

Contributor III

I haven't had a chance to try the built-in Dock functionality with the most recent Jamf Pro releases, but I've been using dockutil for quite awhile.


## This allows you to specify lists of items to remove and add in arrays, and then they'll be done in bulk using a for loop
## Items to remove should be the label (usually the name of the application)
## Items to add are the full path to the item to add (usually /Applications/NAMEOFAPP.app)
## A few examples are prepopulated in the arrays, but feel free to tweak as suits the needs of your organization

# original https://raw.githubusercontent.com/aysiu/Mac-Scripts-and-Profiles/master/DockutilAddRemoveArrays.sh
# bash string manipulations here https://www.tldp.org/LDP/LG/issue18/bash.html

# check for dockutil, call a policy  with custom trigger "dockutil" to install if not already present

if [ ! -f "/usr/local/bin/dockutil" ]; then
    echo "Installing dockutil..";
    /usr/local/bin/jamf policy -trigger dockutil;
    sleep 5;
    echo "dockutil found at /usr/local/bin/, proceeding.."

# define parameter 4 as the short admin account name

if [ $4 = "" ]; then
    echo "No admin username specified, exiting.."
    exit 1

   "Address Book"
   "App Store"
   "Font Book"
   "Image Capture"
   "Mission Control"
   "Photo Booth"
   "QuickTime Player"
   "Time Machine"
   "Voice Memos"

# keeping to-add items verbose makes it ultimately easier to modify compared to passing $path

# to-do: check $majorOS and add Directory Utility from correct location

   "/Applications/Google Chrome.app"
   "/Applications/Utilities/Disk Utility.app"
   "/Applications/Utilities/Activity Monitor.app"
   "/Applications/Self Service.app"
   "/Applications/System Preferences.app"

for removalItem in "${itemsToRemove[@]}"
      # Check that the item is actually in the Dock
      inDock=$(/usr/local/bin/dockutil --list | /usr/bin/grep "$removalItem")
      if [ -n "$inDock" ]; then
         /usr/local/bin/dockutil --remove "$removalItem" --no-restart

for additionItem in "${itemsToAdd[@]}"
      # Check that the item actually exists to be added to the Dock and that it isn't already in the Dock
      # Stripping path and extension code based on code from http://stackoverflow.com/a/2664746
      inDock=$(/usr/local/bin/dockutil --list | /usr/bin/grep "additionItemBasename")
      if [ -e "$additionItem" ] && [ -z "$inDock" ]; then
            /usr/local/bin/dockutil --add "$additionItem" --no-restart

/usr/bin/killall Dock

I haven't used this in production, but it worked as expected on a local 10.14 test box just now.

New Contributor III

Have you used this script pushed out to machines through Jamf. I've tested it locally as well and everything seems to be good, but trying to target a logged in user is a little finicky. I can grab the logged in user in various ways but dockutil seems to only target Jamf's root user.