Jamf Nation Community

mediacollege · ‎10-10-2019

After struggeling to get automatic homedir removal to work on OSX Mojave see:
https://www.jamf.com/jamf-nation/discussions/32055/removing-user-home-folder-on-logout-mojave

I'm dissapointed to see i cant make it to work in Catalina.

How can i make OSX Catalina to remove a specific homefolder on logout.
I work with classrooms with multiple Imacs and i want them to remove the homefolder on logout.

I really hope someone can point me in the right direction.

thanks in regards

theguvnor · ‎10-10-2019

Throughout all the 10.15 Betas we were having the same issue of local, 'Mobile' and 'Network' user accounts being able to have all the contents of their home folder in /Users deleted apart from the ~/Library/Application Support/Knowledge folder, which stubbornly remained and couldn't be accessed, thereby forced the user folder to remain as well. Nothing else worked, including the sysadminctl -deleteUser command as you mention.

Have just tested this again in the actual 10.15.0 release of Catalina (19A583) and it seems resolved for all account types. An rm -fR /Users/user now works as expected with no folder contents left behind, and the sysadminctl one does as well, which we use in the below script that we run nightly upon a scheduled restart of the lab machines. We had found that running the non-local-account removal at logout of the lab Macs tended to be inconsistent, so moved to the on-restart method instead.

#!/bin/sh

# Specify the account to be used to remove the non-local ones.

ADMIN_USER_ENCRYPTED="$4"
ADMIN_PASS_ENCRYPTED="$5"
SALT="$6"
PASSPHRASE="$7"


# Function to decrypt admin username and password

function DecryptString() {
    # Usage: ~$ DecryptString "Encrypted String" "Salt" "Passphrase"
    echo "${1}" | /usr/bin/openssl enc -aes256 -d -a -A -S "$SALT" -k "$PASSPHRASE"
}


# Set decryption variables

ADMIN_USER=$(DecryptString ${ADMIN_USER_ENCRYPTED})
ADMIN_PASS=$(DecryptString ${ADMIN_PASS_ENCRYPTED})


# Check and delete any non-local users

Users_Array=( `ls /Users | grep -v Shared` )
for user in "${Users_Array[@]}"
do
    User_Local=`dscl . -list /Users | grep "^${user}"`
    if [ "${user}" == "${User_Local}" ]; then
        echo "skip user ${user} as they are local."
    else
        dscl . -create /Users/${user}
        dscl . -create /Users/${user} home /Users/${user}
        sleep 2
        sysadminctl -deleteUser ${user} -adminUser $ADMIN_USER -adminPassword $ADMIN_PASS
    fi
done

exit 0;

Which version of Catalina were you last testing this with and have you done so in the final release?

thebrucecarter · ‎10-10-2019

That is going to be a very large problem for our public facing labs if we can't do ad hoc cleanups of the home directories. For good or bad, we are on Mojave until next summer in the labs, so hopefully there is time to ameliorate this.

mediacollege · ‎10-14-2019

Do you use the script with loginhook? or is it run trough a launchdaemon?

mediacollege · ‎10-28-2019

Still hoping someone comes up with a solution.

theguvnor · ‎10-29-2019

@mediacollege Sorry, I hadn't seen your query a couple of weeks ago. It's just a policy to run the script with the trigger being 'Startup'. We have a separate policy that makes the machines perform a restart in the middle of the night and the startup trigger then does the above-mentioned script.

Jamf Nation Community

Homedir removal OSX Catalina