launch agent script to clean user desktop folder

supersizeal
Contributor

Does anyone have a simple script to delete the local standard user accounts desktop files on restart? Sorry, I have limited scripting knowledge.
Thank You!

5 REPLIES 5

skypointer
New Contributor II

I would be interested in knowing what options are available to "reset" a user profile by removing data regularly on about 25 managed machines. We previously used Deep Freeze but are moving away from that program now. Any input would be greatly appreciated.

AJPinto
Honored Contributor III

Why are we wanting to delete the users desktop files on restart? This is something that is extremely dangerous. I strongly recommend doing a lot of research before trying to deploy something that will delete files wholesale like this. The command below figures out who the currently logged in user is, and than cans that in to a variable to call a bit later to know whos desktops contents to delete. You can add to the script giving if statements to check if the logged in user is an admin, but this will complicate the script and you wanted something simple. I would recommend just use JAMF and set exclusions if you need something simple. This script could be baked in to a policy to run at logout, but again do a lot of research before using "rm -rf" like this.

#!/bin/bash

#*=============================================================================
#* GLOBAL VARIABLES
#*=============================================================================
DIV1='####################################################################'
DIV2='--------------------------------------------------------------------'
DIV3='....................................................................'
ActiveUser=`ls -l /dev/console 
    | awk '{ print $3 }' 
    | tr "[a-z]" "[A-Z]"`
ActiveUserRealName=`dscl . -read /Users/$ActiveUser 
    | grep RealName: 
    | cut -c11-`
if [[ -z $ActiveUserRealName ]]; then
    ActiveUserRealName=`dscl . -read /Users/$ActiveUser 
    | awk '/^RealName:/,/^RecordName:/' 
    |sed -n 2p | cut -c 2-`
fi

# Echo Active user name so we know whos files we are deleting

echo $ActiveUser

# Deleting all files and folders on the users desktop

sudo rm -rf /Users/"$ActiveUser"/Desktop/*

This script can be simplified with parameters and using the $3 one from JAMF which is current user. I dont like relying on that parameter incase something has not checked in correctly, and I dont like to have scripts dependent on JAMF unless necessary. This one may work but I have never tested it. Same warning as above.

#!/bin/sh
sudo rm -rf /Users/"$3"/Desktop/*

I have been doing something similar to this (but as a nightly policy triggered by CheckIn) and I have found that in recent months, Jamf is getting a "operation not permitted" when trying to delete local user files, as if somehow having Root access is not sufficient to delete user files.

Has anyone else experienced this?

FWIW, it does work if I do a sudo jamf policy command, but my suspicion is that running the command manually in fact grants the script Root access in addition to the Root access that it already should have been granted.

skypointer
New Contributor II

Hi, Thank you for your input. These are for machines using a single standard login in a common use area. They are not meant to collect data, and since so many students cycle through these machines, we would like a way to keep them relatively tidy. We are also trying to eliminate Deep Freeze, which basically does the same thing on reboot.

Tonyliu2ca
New Contributor

couple roads can reach that goal, but make sure test before deploy to production as AJPinto has pointed out above.

  1. remove the home directory first and then use command createhomedir to create a new one before any user login.
find /Users/* -type d -maxdepth 0 -delete ! -iname "Shared" 
/usr/sbin/createhomedir -l

2. if you know which user, username is consistent, and only Desktop need to be cleaned up:

#!/bin/sh
username="test"
userHome=$(dscl . read /users/$username NFSHomeDirectory | awk '{print $2}')
/bin/rm -fr $userHome/Desktop/*