
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-10-2015 02:40 PM
I'm trying to do the following:
- On an Active Directory joined Mac, the first time a user logs in, set the Dock to have a certain set of items in the Dock. The Mac is domain joined with network accounts only, not Mobile accounts.
- I also delete the locally created user folders (for the network users only) on a regular schedule, and the next time they log in, I want that Dock recreated. I also flush the policy log of the computer when this script runs.
I've tried this a few different ways, all with inconsistent behavior:
- Created a Policy with a Dock Items payload to load the dock, and set it to execute once per user.
- Preloaded com.apple.dock.plist into the user template folder
- Created a Policy with a script using dockutil to preload the dock, and set it to execute once per user.
None of these seems to operate consistently. I sometimes get the right dock created, other times the default Mac dock, and other times it keeps the same settings from the last time that user logged in, even though I've ran rm -rf /Users/username on that folder.
Any ideas on the correct way to do this?
Thanks in advance!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-13-2015 04:32 PM
@jkuo I use Dockutil as well. I use a LaunchAgent as mentioned above with a script like this.
#!/bin/bash
# Running checkSetupDone function to determine if the rest of this script needs to run.
# Yes, if $HOME/Library/Preferences/com.company.docksetup.plist file does not exist.
# Otherwise, assume this setup script has already run for this user and does not
# need to run again.
checkSetupDone() {
if [ -f $HOME/Library/Preferences/com.company.docksetup.plist ] ; then
exit 0
fi
}
configureDefaultDock() {
DOCKUTIL=/usr/local/bin/dockutil
$DOCKUTIL --remove all --no-restart
$DOCKUTIL --add '/Applications/Launchpad.app' --no-restart
$DOCKUTIL --add '/Applications/Safari.app' --no-restart
$DOCKUTIL --add '/Applications/Self Service.app' --no-restart
$DOCKUTIL --add '/Applications/Mission Control.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Outlook.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Lync.app' --no-restart
$DOCKUTIL --add '/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app' --no-restart
$DOCKUTIL --add '/Applications' --no-restart
$DOCKUTIL --add '~/Downloads'
touch $HOME/Library/Preferences/com.company.docksetup.plist
}
checkSetupDone
configureDefaultDock
exit 0

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-10-2015 02:43 PM
I believe you can change the default user template in MacOS. Maybe this will help: https://sites.sas.upenn.edu/jasonrw/blog/2013/03/create-custom-default-user-profile-os-x-107108

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-10-2015 03:19 PM
Maybe create a launch agent that triggers your dockutil script?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-10-2015 03:32 PM
Configuration profiles work well for me. You can create a "set once" version using mcxToProfile:
- Setup the Dock as you want it
- Run the mcx to profile script:
mcxToProfile.py --plist /path/to/com.apple.dock.plist --identifier DockSettings --manage Once
There some more examples using mcxtoprofile in this blog about half way down

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-10-2015 03:35 PM
Thanks all! Digging a little deeper, copying to the User Template/English.lproj in conjunction with not only removing the user folder, but also the cached preferences file may have done the trick.
Here are the relevant lines in my regularly scheduled cleanup script (currently running daily for testing):
sudo killall -u $username cfprefsd
sudo rm -rf $username
It was the killall command that wipes out the previously saved Mavericks preferences, even though I deleted the user folder. I'm going to give this new configuration a whirl and see if it solves it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-10-2015 03:43 PM
adding the dock plist to the system user template is probably the best option for you.
You might be running afowl of cfprefsd regarding the dock sometimes not updating, shouldn't be but I've seen weird things
Also remember that once per user frequency is just that, once per user. It is not once per user per computer.
If user A logs into computer B and then later logs into computer C the policy only runs the first time on computer b. it will not run when the user logs into computer c.
a script using dockutil that runs anytime an AD user logs into a machine might also be a good option
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2015 12:33 AM
We use Dockutil to set a dock post imaging at the user template.
So AD users new to the Mac get out default dock.
You'll also want to manage/remove the OS relevant com.apple.dockfixup.plist file to stop extra's from being added.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2015 03:36 PM
Thanks all. @bentoms - I used dockutil, but because of two things it wasn't working:
- I'm deleting the network user folder on a periodic basis.
- The scope of "once per user" is, like @calumhunter said, once per user per scope. We're going to have about 10-15 of these machines in this scope, so I couldn't get it to behave the way I wanted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2015 03:48 PM
- If you're updating the template & deleting the user account, it will come from the template when they next login.
- So once per user even after account deletion?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-12-2015 04:23 PM
If this still isn't working I'd still suggest a LaunchAgent to trigger your script on every login.
Something like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.company.dockscript</string>
<key>ProgramArguments</key>
<array>
<string>sh</string>
<string>-c</string>
<string>/Library/Company/Scripts/dockutilscript.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-13-2015 04:32 PM
@jkuo I use Dockutil as well. I use a LaunchAgent as mentioned above with a script like this.
#!/bin/bash
# Running checkSetupDone function to determine if the rest of this script needs to run.
# Yes, if $HOME/Library/Preferences/com.company.docksetup.plist file does not exist.
# Otherwise, assume this setup script has already run for this user and does not
# need to run again.
checkSetupDone() {
if [ -f $HOME/Library/Preferences/com.company.docksetup.plist ] ; then
exit 0
fi
}
configureDefaultDock() {
DOCKUTIL=/usr/local/bin/dockutil
$DOCKUTIL --remove all --no-restart
$DOCKUTIL --add '/Applications/Launchpad.app' --no-restart
$DOCKUTIL --add '/Applications/Safari.app' --no-restart
$DOCKUTIL --add '/Applications/Self Service.app' --no-restart
$DOCKUTIL --add '/Applications/Mission Control.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Outlook.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart
$DOCKUTIL --add '/Applications/Microsoft Lync.app' --no-restart
$DOCKUTIL --add '/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app' --no-restart
$DOCKUTIL --add '/Applications' --no-restart
$DOCKUTIL --add '~/Downloads'
touch $HOME/Library/Preferences/com.company.docksetup.plist
}
checkSetupDone
configureDefaultDock
exit 0

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-16-2015 09:32 AM
@jhbush1973 - thanks for posting that! I think the missing element I had was the customized com.company.docksetup.plist, as that gets around my issue of deleting the network user folder periodically. So then, my workflow could be:
- Create a policy that runs on every login per computer, instead of per user (essentially the same as a LaunchAgent)
- Insert that script.
When the network user folder gets deleted, so does the plist file, so when the user logs in again, it'll get recreated. That'll be more modular as well, as when I decide to make a change to the default dock, I don't have to rebuilt a new dock plist and put it in the user template, but I can just change the dockutil script.
I'll give it a go and let you know how it went!

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-16-2015 10:55 AM
I think it worked. I had to modify it a little since I was applying it through a JSS policy on Login instead of a directly installed LaunchAgent to directly specify to dockutil to modify the home folder of the actual logged in user using $3, but other than that it worked great! Thanks again everyone.
Here's the final resulting script:
#!/bin/sh
LoggedInUser=$3
LoggedInUserHome="/Users/$3"
checkSetupDone() {
if [ -f $LoggedInUserHome/Library/Preferences/com.company.docksetup.plist ] ; then
echo "Dock has been created already for this user, skipping..."
exit 0
fi
}
configureDefaultDock() {
plist=$LoggedInUserHome/Library/Preferences/com.apple.dock.plist
echo "Logged in user is $LoggedInUser"
echo "Logged in user's home $LoggedInUserHome"
if [ -e /usr/local/bin/dockutil ] ; then
dockutilVersion=`/usr/local/bin/dockutil --version`
echo "dockutil version: $dockutilVersion"
echo "Clearing Dock..."
DOCKUTIL=/usr/local/bin/dockutil
sudo $DOCKUTIL --remove all --no-restart $LoggedInUserHome
echo "Adding Launchpad..."
$DOCKUTIL --add '/Applications/Launchpad.app' --no-restart $LoggedInUserHome
echo "Adding Self Service..."
$DOCKUTIL --add '/Applications/Self Service.app' --no-restart $LoggedInUserHome
echo "Adding Google Chrome..."
$DOCKUTIL --add '/Applications/Google Chrome.app' --no-restart $LoggedInUserHome
echo "Adding Firefox..."
$DOCKUTIL --add '/Applications/Firefox.app' --no-restart $LoggedInUserHome
echo "Adding Excel..."
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart $LoggedInUserHome
echo "Adding PowerPoint..."
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' --no-restart $LoggedInUserHome
echo "Adding Word..."
$DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart $LoggedInUserHome
echo "Adding System Preferences..."
$DOCKUTIL --add '/Applications/System Preferences.app' --no-restart $LoggedInUserHome
touch $LoggedInUserHome/Library/Preferences/com.company.docksetup.plist
else
echo "dockutil not installed, skipping initial dock setup..."
fi
}
checkSetupDone
configureDefaultDock
exit 0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2015 05:12 AM
Experts, I have one dock item that is made out of package, and that had been added to the beginning of the dock. When I start above script, I have an empty spot in my dock. Besides that all works perfectly.
Thank You
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-22-2015 05:51 AM
also it says:
Dock has been created already for this user, skipping...
