How to Properly Set the Dock the first time a Network User Logs in

jkuo
Contributor

I'm trying to do the following:

  • On an Active Directory joined Mac, the first time a user logs in, set the Dock to have a certain set of items in the Dock. The Mac is domain joined with network accounts only, not Mobile accounts.
  • I also delete the locally created user folders (for the network users only) on a regular schedule, and the next time they log in, I want that Dock recreated. I also flush the policy log of the computer when this script runs.

I've tried this a few different ways, all with inconsistent behavior:

  • Created a Policy with a Dock Items payload to load the dock, and set it to execute once per user.
  • Preloaded com.apple.dock.plist into the user template folder
  • Created a Policy with a script using dockutil to preload the dock, and set it to execute once per user.

None of these seems to operate consistently. I sometimes get the right dock created, other times the default Mac dock, and other times it keeps the same settings from the last time that user logged in, even though I've ran rm -rf /Users/username on that folder.

Any ideas on the correct way to do this?

Thanks in advance!

1 ACCEPTED SOLUTION

jhbush
Valued Contributor II

@jkuo I use Dockutil as well. I use a LaunchAgent as mentioned above with a script like this.

#!/bin/bash

# Running checkSetupDone function to determine if the rest of this script needs to run.
# Yes, if $HOME/Library/Preferences/com.company.docksetup.plist file does not exist.
# Otherwise, assume this setup script has already run for this user and does not
# need to run again.



checkSetupDone()    {

    if [ -f $HOME/Library/Preferences/com.company.docksetup.plist ] ; then
        exit 0
    fi

}

configureDefaultDock()  {

    DOCKUTIL=/usr/local/bin/dockutil


    $DOCKUTIL --remove all --no-restart

    $DOCKUTIL --add '/Applications/Launchpad.app' --no-restart

    $DOCKUTIL --add '/Applications/Safari.app' --no-restart

    $DOCKUTIL --add '/Applications/Self Service.app' --no-restart

    $DOCKUTIL --add '/Applications/Mission Control.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Outlook.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Lync.app' --no-restart

    $DOCKUTIL --add '/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app' --no-restart

    $DOCKUTIL --add '/Applications' --no-restart

    $DOCKUTIL --add '~/Downloads'

    touch $HOME/Library/Preferences/com.company.docksetup.plist

}

checkSetupDone
configureDefaultDock

exit 0

View solution in original post

14 REPLIES 14

jmahlman
Valued Contributor

I believe you can change the default user template in MacOS. Maybe this will help: https://sites.sas.upenn.edu/jasonrw/blog/2013/03/create-custom-default-user-profile-os-x-107108

hkabik
Valued Contributor

Maybe create a launch agent that triggers your dockutil script?

davidacland
Honored Contributor II
Honored Contributor II

Configuration profiles work well for me. You can create a "set once" version using mcxToProfile:

  1. Setup the Dock as you want it
  2. Run the mcx to profile script:
mcxToProfile.py --plist /path/to/com.apple.dock.plist --identifier DockSettings --manage Once

There some more examples using mcxtoprofile in this blog about half way down

jkuo
Contributor

Thanks all! Digging a little deeper, copying to the User Template/English.lproj in conjunction with not only removing the user folder, but also the cached preferences file may have done the trick.

Here are the relevant lines in my regularly scheduled cleanup script (currently running daily for testing):

sudo killall -u $username cfprefsd
sudo rm -rf $username

It was the killall command that wipes out the previously saved Mavericks preferences, even though I deleted the user folder. I'm going to give this new configuration a whirl and see if it solves it.

calumhunter
Contributor III

adding the dock plist to the system user template is probably the best option for you.
You might be running afowl of cfprefsd regarding the dock sometimes not updating, shouldn't be but I've seen weird things

Also remember that once per user frequency is just that, once per user. It is not once per user per computer.

If user A logs into computer B and then later logs into computer C the policy only runs the first time on computer b. it will not run when the user logs into computer c.

a script using dockutil that runs anytime an AD user logs into a machine might also be a good option

bentoms
Honored Contributor III
Honored Contributor III

We use Dockutil to set a dock post imaging at the user template.

So AD users new to the Mac get out default dock.

You'll also want to manage/remove the OS relevant com.apple.dockfixup.plist file to stop extra's from being added.

jkuo
Contributor

Thanks all. @bentoms - I used dockutil, but because of two things it wasn't working:

  1. I'm deleting the network user folder on a periodic basis.
  2. The scope of "once per user" is, like @calumhunter said, once per user per scope. We're going to have about 10-15 of these machines in this scope, so I couldn't get it to behave the way I wanted.

bentoms
Honored Contributor III
Honored Contributor III

@jkuo

  1. If you're updating the template & deleting the user account, it will come from the template when they next login.
  2. So once per user even after account deletion?

hkabik
Valued Contributor

If this still isn't working I'd still suggest a LaunchAgent to trigger your script on every login.

Something like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.company.dockscript</string>
    <key>ProgramArguments</key>
    <array>
        <string>sh</string>
        <string>-c</string>
        <string>/Library/Company/Scripts/dockutilscript.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

jhbush
Valued Contributor II

@jkuo I use Dockutil as well. I use a LaunchAgent as mentioned above with a script like this.

#!/bin/bash

# Running checkSetupDone function to determine if the rest of this script needs to run.
# Yes, if $HOME/Library/Preferences/com.company.docksetup.plist file does not exist.
# Otherwise, assume this setup script has already run for this user and does not
# need to run again.



checkSetupDone()    {

    if [ -f $HOME/Library/Preferences/com.company.docksetup.plist ] ; then
        exit 0
    fi

}

configureDefaultDock()  {

    DOCKUTIL=/usr/local/bin/dockutil


    $DOCKUTIL --remove all --no-restart

    $DOCKUTIL --add '/Applications/Launchpad.app' --no-restart

    $DOCKUTIL --add '/Applications/Safari.app' --no-restart

    $DOCKUTIL --add '/Applications/Self Service.app' --no-restart

    $DOCKUTIL --add '/Applications/Mission Control.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Outlook.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart

    $DOCKUTIL --add '/Applications/Microsoft Lync.app' --no-restart

    $DOCKUTIL --add '/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app' --no-restart

    $DOCKUTIL --add '/Applications' --no-restart

    $DOCKUTIL --add '~/Downloads'

    touch $HOME/Library/Preferences/com.company.docksetup.plist

}

checkSetupDone
configureDefaultDock

exit 0

View solution in original post

jkuo
Contributor

@jhbush1973 - thanks for posting that! I think the missing element I had was the customized com.company.docksetup.plist, as that gets around my issue of deleting the network user folder periodically. So then, my workflow could be:

  1. Create a policy that runs on every login per computer, instead of per user (essentially the same as a LaunchAgent)
  2. Insert that script.

When the network user folder gets deleted, so does the plist file, so when the user logs in again, it'll get recreated. That'll be more modular as well, as when I decide to make a change to the default dock, I don't have to rebuilt a new dock plist and put it in the user template, but I can just change the dockutil script.

I'll give it a go and let you know how it went!

jkuo
Contributor

I think it worked. I had to modify it a little since I was applying it through a JSS policy on Login instead of a directly installed LaunchAgent to directly specify to dockutil to modify the home folder of the actual logged in user using $3, but other than that it worked great! Thanks again everyone.

Here's the final resulting script:

#!/bin/sh

LoggedInUser=$3
LoggedInUserHome="/Users/$3"

checkSetupDone() {

    if [ -f $LoggedInUserHome/Library/Preferences/com.company.docksetup.plist ] ; then
        echo "Dock has been created already for this user, skipping..."
        exit 0
    fi

}

configureDefaultDock() {

    plist=$LoggedInUserHome/Library/Preferences/com.apple.dock.plist

    echo "Logged in user is $LoggedInUser"
    echo "Logged in user's home $LoggedInUserHome"

    if [ -e /usr/local/bin/dockutil ] ; then
        dockutilVersion=`/usr/local/bin/dockutil --version`
        echo "dockutil version: $dockutilVersion"
        echo "Clearing Dock..."

        DOCKUTIL=/usr/local/bin/dockutil

        sudo $DOCKUTIL --remove all --no-restart $LoggedInUserHome 

        echo "Adding Launchpad..."
        $DOCKUTIL --add '/Applications/Launchpad.app' --no-restart $LoggedInUserHome 
        echo "Adding Self Service..."
        $DOCKUTIL --add '/Applications/Self Service.app' --no-restart $LoggedInUserHome
        echo "Adding Google Chrome..."
        $DOCKUTIL --add '/Applications/Google Chrome.app' --no-restart $LoggedInUserHome 
        echo "Adding Firefox..."
        $DOCKUTIL --add '/Applications/Firefox.app' --no-restart $LoggedInUserHome 
        echo "Adding Excel..."
        $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' --no-restart $LoggedInUserHome 
        echo "Adding PowerPoint..."
        $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' --no-restart $LoggedInUserHome 
        echo "Adding Word..."
        $DOCKUTIL --add '/Applications/Microsoft Office 2011/Microsoft Word.app' --no-restart $LoggedInUserHome 
        echo "Adding System Preferences..."
        $DOCKUTIL --add '/Applications/System Preferences.app' --no-restart $LoggedInUserHome  

        touch $LoggedInUserHome/Library/Preferences/com.company.docksetup.plist

    else
        echo "dockutil not installed, skipping initial dock setup..."
    fi

}

checkSetupDone
configureDefaultDock

exit 0

MST
Contributor

Experts, I have one dock item that is made out of package, and that had been added to the beginning of the dock. When I start above script, I have an empty spot in my dock. Besides that all works perfectly.

Thank You

MST
Contributor

also it says:

Dock has been created already for this user, skipping...