Jamf Nation Community

psherotov · ‎09-01-2023

Hello all,

I've been using Dockutil to set the Dock for our elementary students and in it's current form it's based on user (because we had grade level login accounts, which we've since gotten ride of).

I need to change our script so that it applies Dock settings based on the user's group (for example: class of 2037, class of 2036, class of 2035). I could break my head trying to figure it out but I'm hoping someone on here might know exactly what to do. Here's the current script:

#!/bin/bash

#We need to wait for the dock to actually start
until [[ $(pgrep Dock) ]]; do
    wait
done

#Get the current logged in user that we'll be modifying
if [ ! -z "$3" ]; then
	user=$3
else
	user=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
fi

#Set variables
du="/usr/local/bin/dockutil"
userHome="/Users/$user"
networkHome="smb://server.com/Students$/$user"

#Function for applying dock configuration
createBaseDock()
{
    #Remove all items for logged in user
    $du --remove all --no-restart $userHome
    
    #Adding base items to the dock    
    $du --add '/Applications/Google Chrome.app' --position 1 --no-restart $userHome
    $du --add '/Applications/Safari.app'  --position 2 --no-restart $userHome
    $du --add '/Applications/Comic Life 3.app' --position 3 --no-restart $userHome
    $du --add '/Applications/The Print Shop 4.app' --position 4 --no-restart $userHome
    $du --add '/Applications/KID PIX.app' --position 5 --no-restart $userHome
}

#Function for finishing base dock
finishBaseDock()
{
    #Add local downloads
    $du --add '~/Downloads' --section others --position last --no-restart $userHome

    killall Dock
}

createBaseDock

    case $user in
        p|k) echo "p or k found";; 
        1)  echo "1 found"
            $du --add '/System/Applications/Photo Booth.app' --position 6 --no-restart $userHome;;
        2)  echo "2 found"
            $du --add '/System/Applications/Photo Booth.app' --position 6 --no-restart $userHome;;
        3)  echo "3 found"
            $du --add '/System/Applications/Photo Booth.app' --position 6 --no-restart $userHome
            $du --add '/Applications/Adobe Photoshop 2020/Adobe Photoshop 2020.app' --position 7 --no-restart $userHome;;
    esac

finishBaseDock

exit 0

mm2270 · ‎09-01-2023

Hi there. By user's group, do you mean Active Directory groups? The accounts are AD based?

psherotov · ‎09-01-2023

Hi @mm2270! Sorry, I should have been more clear: yes AD groups.

AJPinto · ‎09-01-2023

What/where is the group you are wanting to target? Is is a MacOS User Group, JAMF Group, AD/AAD Group?

psherotov · ‎09-01-2023

Hi @AJPinto! Sorry--AD groups.

psherotov · ‎09-02-2023

A little more information might be helpful. Our iMacs are bound to AD and we have LDAP sync for users and groups (and I've confirmed that user groups like "class of 2037" can be retrieved from our AD via the LDAP sync.

I just don't know the scripting piece, how do I change the script specifically so that Dock items are applied only to specific Active Directory Groups? I'm hoping the solution is rather easy, just a matter of know the syntax/command.

Thanks in advance! :-)

AJPinto · ‎09-06-2023

You should be able to build a policy with your dock script, target it to all users and devices. Then set a scope limitation to the AD group you want it to hit. You can test this out by targeting a static group of devices, and limiting it to a specific AD group. You should see the policy only runs on devices with the users that meet the limitation requirement.

Beyond that you could get very complex, and add to your script a function to query the users AD object with dscl and grep the AD groups. Then have if functions that run different dock functions based on the AD groups that are found.

Jamf Nation Community

Dockutil script changes needed (group based instead of user based)