I am looking to disable editing desktop and documents on our network and so far I am not having much look.
Our Macs are linked to AD and people login with there AD accounts.
We have a suite of Macs and want to make sure people save to network drives and not the devices.
So either a script that runs on login and making it so that all accounts are setup as Guest accounts on the Macs would work I guess but not sure how to do this.
I have used scripts like the following and they all work when logged into the device but error via Jamf.
sudo -u $USER chflags uchg ~/desktop
sudo -u $USER chflags uchg ~/documents
The Errors
Script result: sudo: unknown user: chflags
sudo: error initializing audit plugin sudoers_audit sudo: unknown user: chflags sudo: error initializing audit plugin sudoers_audit
I was looking at ideally doing it via a login script as then I can exclude the admin account etc to make sure things can still be done if needed.
