Skip to main content
Question

Dockutil script changes needed (group based instead of user based)


Forum|alt.badge.img+8

Hello all,

I've been using Dockutil to set the Dock for our elementary students and in it's current form it's based on user (because we had grade level login accounts, which we've since gotten ride of). 

I need to change our script so that it applies Dock settings based on the user's group (for example: class of 2037, class of 2036, class of 2035). I could break my head trying to figure it out but I'm hoping someone on here might know exactly what to do. Here's the current script:

#!/bin/bash #We need to wait for the dock to actually start until [[ $(pgrep Dock) ]]; do wait done #Get the current logged in user that we'll be modifying if [ ! -z "$3" ]; then user=$3 else user=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) fi #Set variables du="/usr/local/bin/dockutil" userHome="/Users/$user" networkHome="smb://server.com/Students$/$user" #Function for applying dock configuration createBaseDock() { #Remove all items for logged in user $du --remove all --no-restart $userHome #Adding base items to the dock $du --add '/Applications/Google Chrome.app' --position 1 --no-restart $userHome $du --add '/Applications/Safari.app' --position 2 --no-restart $userHome $du --add '/Applications/Comic Life 3.app' --position 3 --no-restart $userHome $du --add '/Applications/The Print Shop 4.app' --position 4 --no-restart $userHome $du --add '/Applications/KID PIX.app' --position 5 --no-restart $userHome } #Function for finishing base dock finishBaseDock() { #Add local downloads $du --add '~/Downloads' --section others --position last --no-restart $userHome killall Dock } createBaseDock case $user in p|k) echo "p or k found";; 1) echo "1 found" $du --add '/System/Applications/Photo Booth.app' --position 6 --no-restart $userHome;; 2) echo "2 found" $du --add '/System/Applications/Photo Booth.app' --position 6 --no-restart $userHome;; 3) echo "3 found" $du --add '/System/Applications/Photo Booth.app' --position 6 --no-restart $userHome $du --add '/Applications/Adobe Photoshop 2020/Adobe Photoshop 2020.app' --position 7 --no-restart $userHome;; esac finishBaseDock exit 0

6 replies

mm2270
Forum|alt.badge.img+24
  • Legendary Contributor
  • 7881 replies
  • September 1, 2023

Hi there. By user's group, do you mean Active Directory groups? The accounts are AD based?


AJPinto
Forum|alt.badge.img+26
  • Legendary Contributor
  • 2726 replies
  • September 1, 2023

What/where is the group you are wanting to target? Is is a MacOS User Group, JAMF Group, AD/AAD Group?


Forum|alt.badge.img+8
  • Author
  • Contributor
  • 41 replies
  • September 1, 2023
mm2270 wrote:

Hi there. By user's group, do you mean Active Directory groups? The accounts are AD based?


Hi @mm2270! Sorry, I should have been more clear: yes AD groups. 

 


Forum|alt.badge.img+8
  • Author
  • Contributor
  • 41 replies
  • September 1, 2023
AJPinto wrote:

What/where is the group you are wanting to target? Is is a MacOS User Group, JAMF Group, AD/AAD Group?


Hi @AJPinto! Sorry--AD groups. 


Forum|alt.badge.img+8
  • Author
  • Contributor
  • 41 replies
  • September 2, 2023

A little more information might be helpful. Our iMacs are bound to AD and we have LDAP sync for users and groups (and I've confirmed that user groups like "class of 2037" can be retrieved from our AD via the LDAP sync. 

I just don't know the scripting piece, how do I change the script specifically so that Dock items are applied only to specific Active Directory Groups? I'm hoping the solution is rather easy, just a matter of know the syntax/command.

Thanks in advance! :-)


AJPinto
Forum|alt.badge.img+26
  • Legendary Contributor
  • 2726 replies
  • September 6, 2023
psherotov wrote:

A little more information might be helpful. Our iMacs are bound to AD and we have LDAP sync for users and groups (and I've confirmed that user groups like "class of 2037" can be retrieved from our AD via the LDAP sync. 

I just don't know the scripting piece, how do I change the script specifically so that Dock items are applied only to specific Active Directory Groups? I'm hoping the solution is rather easy, just a matter of know the syntax/command.

Thanks in advance! :-)


You should be able to build a policy with your dock script, target it to all users and devices. Then set a scope limitation to the AD group you want it to hit. You can test this out by targeting a static group of devices, and limiting it to a specific AD group. You should see the policy only runs on devices with the users that meet the limitation requirement. 

 

Beyond that you could get very complex, and add to your script a function to query the users AD object with dscl and grep the AD groups. Then have if functions that run different dock functions based on the AD groups that are found.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings