Jamf Nation Community

The first one I'm doing as user level enforced and no dice.

The JAMF com.apple.loginwindow templates are set to system level I think?

I have a policy running the following at logout (ongoing) for all 10.7 machines:

sudo /bin/rm /Users/*/Library/Preferences/ByHost/com.apple.loginwindow.*

Works beautifully for disabling the Re-open at login feature, whether the user checks or unchecks the option.

Interesting solution Andrew. Is anyone else handling this any differently? I hate to be running an ongoing logout trigger.

Google search returned this, which I could do as post image script, but wish there was more flexibility to simply do this through MCX.

<<To permanently disable 'Reopen windows when logging back in,' you can use the following command:

defaults write com.apple.loginwindow TALLogoutSavesState -bool false

This will effectively disable 'Reopen windows when logging back in,' though the checkbox will still be ticked. However, this switch resets itself every time on reboot. To prevent this from happening, again we remove write permissions on the file containing the option:

chmod a-w ~/Library/Preferences/com.apple.loginwindow.plist

This should do it. But there's where OS X gets nasty. When it can't write to this file, it will try to put the write permissions back itself. The solution is to change the owner to root, effectively preventing anyone (but root) from changing permissions on the file:

sudo chown root ~/Library/Preferences/com.apple.loginwindow.plist >>

Posted 2/8/12 at 4:04 PM by andrew_stenehjem I have a policy running the following at logout (ongoing) for all 10.7 machines: sudo /bin/rm /Users/*/Library/Preferences/ByHost/com.apple.loginwindow.* Works beautifully for disabling the Re-open at login feature, whether the user checks or unchecks the option.

This doesn't work with network homes as the hook runs as root and doesn't know the path to the network home of the current user. Any way to get that value?

You could try the following.
Get the logged in user's shortname in the script, or just use the $3 Casper Suite set variable if you want, and then get the user's home directory path using this:

userHome=$(dscl . read /Users/$3 NFSHomeDirectory | awk '{print $NF}')

Then pass that back into the above script:

sudo /bin/rm $userHome/Library/Preferences/ByHost/com.apple.loginwindow.*

Note that I haven't tested this against actual network home directory accounts. We don't use them and I haven't touched them in awhile, so you'll need to see how that works. You might want to change your test script to just echo back what it finds instead of trying to delete anything, until you're sure its getting the right path.

Thanks! A very helpful push in the right direction.

#!/bin/sh
userHome=$(dscl /Active Directory/<your domain name here>/All Domains -read /Users/$3 NFSHomeDirectory | awk '{print $NF}')
sudo /bin/rm $userHome/Library/Preferences/ByHost/com.apple.loginwindow.*

This worked for me to produce the right path but when I run it as a logout policy in casper I get:

/usr/sbin/jamf is version 8.62
Executing Policy Run Script removeAutoOpenFIles.sh...
Mounting afp://sidekick.cgps.org/CasperShare to /Volumes/CasperShare...
Running script removeAutoOpenFIles.sh...
Script exit code: 1
Script result: rm: /home/stest/Library/Preferences/ByHost/com.apple.loginwindow.*: No such file or directory
Unmounting file server…