dockutil does not change all homes

DFree
New Contributor III

So as part of our enrollment process, we change the dock using dockutil. With our DEP machines, we also "Create an additional local administrator account" (UID 501)

However, if I log out of the account that a typical employee would create/use (UID 502...and dockutil works just fine on this user)...and log back in as our admin user (UID 501) that is created as part of DEP...the dock is not changed.

Any ideas as to why or how to get the admin account the same dock? Is it because the user is not logged into before running the dockutil command?

The script I run as part of one my policies:

#!/bin/bash

DOCKUTIL=/usr/local/bin/dockutil
loggedInUser=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')

# remove default apps
$DOCKUTIL --remove all --no-restart --allhomes

# add items to dock
$DOCKUTIL --add /Applications/Safari.app --position 1 --no-restart --allhomes
$DOCKUTIL --add /Applications/Preview.app --after Safari --no-restart --allhomes
$DOCKUTIL --add /Applications/Calendar.app --after Preview --no-restart --allhomes
$DOCKUTIL --add /Applications/Microsoft Outlook.app --after Calendar --no-restart --allhomes
$DOCKUTIL --add /Applications/Microsoft Word.app --after "Microsoft Outlook" --no-restart --allhomes
$DOCKUTIL --add /Applications/Microsoft Excel.app --after "Microsoft Word" --no-restart --allhomes
$DOCKUTIL --add /Applications/Microsoft PowerPoint.app --after "Microsoft Excel" --no-restart --allhomes
$DOCKUTIL --add '/Applications/System Preferences.app' --after "Self Service" --no-restart --allhomes


$DOCKUTIL --add '/Applications' --view auto --display stack --sort name  --section others --position 1 --no-restart --allhomes
$DOCKUTIL --add '~/Documents' --view auto --display stack --section others  --position 2 --no-restart --allhomes
$DOCKUTIL --add '~/Downloads' --view auto --display stack --sort dateadded --section others --position end --allhomes

exit 0
9 REPLIES 9

donmontalvo
Esteemed Contributor III

Might want to post this URL over at Kyle Crawford's GitHub page.

--
https://donmontalvo.com

ryan_ball
Valued Contributor

I assume that the user account created has not had the home directory populated yet. So, Dockutil might be populating all homes, but that account does not have a home yet or does not have a com.apple.dock.plist built yet for Dockutil to modify.

Can you try this at the top of your dockutil script, or before you run that script:

userName="local_admin_or_whatever"
/usr/sbin/createhomedir -c -u "$userName"

DFree
New Contributor III

Didn't know that was an option. Posted it here

ryan_ball
Valued Contributor

@DFree The command I mentioned will populate the home directory for the user specified. I don't know it if will create the com.apple.dock.plist though, without that there would be nothing for Dockutil to modify.

DFree
New Contributor III

@ryan.ball I added the 2 lines at the top of my script and it did not help dock util. The admin account still had a default apple dock. I'm guessing the plist problem is correct. Is there a way to login as that user in the command line quickly (maybe build the plist) and then logback out? Maybe a switch user or sudo or what not.

isThisThing0n
Contributor

How is your dockutil policy being triggered?

ryan_ball
Valued Contributor

@DFree What I've found is that timing of the dockutil events is key. It helps to adjust the dock for a user after the dock is built and loaded. See my script posted from here, I run something similar at every login using a LaunchAgent.

DFree
New Contributor III

The dockutil policy is the third of many policies that are run on enrollment only. Basically we do a base config and let the user change various things like the dock, desktop background, etc. if they want.

@ryan.ball We let our users change their dock, so running a dockutil script on every login is kinda worthless for us. I suppose I could run another dockutil policy to change only the admin user after all of the other policies are done to give the mac some time to build the admin profile, but I'm starting to think its not worth my time trying to beat this race condition as its only for a rarely used local admin account. I was just checking to see if I was doing something wrong in my script.

ryan_ball
Valued Contributor

@DFree FYI My script runs once, then leaves a breadcrumb in the user's ~/Library/Preferences folder. Then, at subsequent logins it checks for the breadcrumb, if it exists the script takes no action, if it does not exist it builds the Dock and creates the breadcrumb so that it will never run again for that user.