Jamf Nation Community

mbrewer · ‎02-04-2014

I'm new to OSX management via the JSS, what I'm looking to do is install a pre-defined Dock to all computers under management. I used composer to create a .DMG and uploaded it to a windows distribution point. I then created a policy to trigger on login, Execution Frequency is set to Once to Computer. I pointed to the package I uploaded via Casper Admin, Action is install and I checked both FUT,EFU. I then pointed to my distribution share with Force over AFP/SMB checked. I scoped it to a computer and rebooted and logged in and nothing happened.

I'm i missing something?

Thanks for the help!

johnnasset · ‎02-04-2014

After enough fiddling trying to get our docks right using Casper tools, I started using dockutil and couldn't be happier:

https://github.com/kcrawford/dockutil

mm2270 · ‎02-04-2014

Agreed. I like most of what the Casper Suite can do, but when it comes to setting up a Dock, it pales in comparison to dockutil.

Also, if you wanted to set the Dock and then really lock it down, as your post title suggests, you may want to look at an MCX setting for com.apple.dock.plist called "contents-immutable" which is a boolean value and can be set to "true" which means users can't modify it. Not sure if you actually wanted to take it that far or just set up a default Dock, but thought it worth mentioning. There may be a setting in Configuration Profiles to do the same thing.

mbrewer · ‎02-04-2014

In order to use dockutil would i need to run in on a different server?
I'm currently running JSS on a Windows box.

mm2270 · ‎02-04-2014

dockutil is a client side binary that you deploy to all your Macs with a policy, or put into your imaging workflow. Its not something that runs from a server.

mbrewer · ‎02-04-2014

Thanks, is there any tutorials available to do this?

mbrewer · ‎02-04-2014

Thanks, is there any tutorials available to do this?

mbrewer · ‎02-04-2014

Thanks, is there any tutorials available to do this?

johnnasset · ‎02-04-2014

There is a pretty good walkthrough as part of the help page. If you install it on your own machine, run the following from Terminal:

dockutil help

We set a policy to install dockutil in usr/local/bin on all machines. We can then add and remove items from some or all homes and most importantly, alter the new user template so any new network account created gets an up-to-date dock. We haven't gone as far as making the dock immutable, although we are considering trashing the dock.plist on logout so a fresh dock shows up the next time the student logs in.

james_ridsdale · ‎02-05-2014

I use a custom ConfigurationProfileDockItemApps.xml and use MDM profiles to manage.

mbrewer · ‎02-07-2014

James,

Can you elaborate on that?

Ive tied issuing the following command via a policy with no luck.
defaults write com.apple.dock contents-immutable -bool true; killall Dock;

Ive also tried running the following script via the JSS with no luck as well.
#!/bin/bash
su -l $3 -c "sudo defaults write /Library/Preferences/com.apple.dock contents-immutable -bool true"
sleep 1
killall Dock

james_ridsdale · ‎02-07-2014

*At your own risk*
Edit the following file located on the JSS:

/path/to/your/jss/dir/WEB-INF/xml/ConfigurationProfileDockItemApps.xml

<dict>
                <key>mcx_typehint</key>
                <integer>1</integer>
                <key>tile-data</key>
                <dict>
                    <key>file-data</key>
                    <dict>
                        <key>_CFURLString</key>
                        <string>/Applications/MyApp.app</string>
                        <key>_CFURLStringType</key>
                        <integer>0</integer>
                    </dict>
                    <key>file-label</key>
                    <string>MyApp</string>
                </dict>
                <key>tile-type</key>
                <string>file-tile</string>
            </dict>

Obviously backup the file you have for safe keeping and ensure you replace after a JSS upgrade. I do lots of work within Education and Business and they often want to *lock it down* as much as possible. This works well and means once I've built up my XML file I can add all the apps via the GUI and via Profiles, which is easier.

dmyrick · ‎06-23-2014

We needed to lock the dock down on our student computers with our Mavericks deployment.
I tried the DockUtil python method and had mixed results. Searched around and tried a few things and eventually found 2 PLists and was able to push those as a DMG package. Now all new users on the laptops have locked down Docks. Seems to be working perfectly so far.

The PLists changed are com.apple.dockfixup.plist, in the /System/Library/User Template/Non_localized/Library/Preferences and the com.apple.dock.plist in Users/USERNAME/Library/Preferences.
Key was pulling the dock plist while not logged in as the user I customized it on. Seems MacOS caches changes while logged in so pulling the PList while logged in only gets partial results. Used the new and modified Composer package and had it replace the two PLists.

Referenced these two sites for info; http://superuser.com/questions/699462/setting-custom-docks-for-all-users-in-mavericks and http://secrets.blacktree.com/?showapp=com.apple.dock

Ended up working better for us than dockutil because it worked on all new users on the computer and didn't have to run any scripts or other programs on the computer. For us I also locked down hiding, resizing, and turned off Expose in the PList as well.

Jamf Nation Community

OS X mavericks Dock lock down