Scope Policy by Local User Account

RKauffman
New Contributor II

Is there a way to scope a policy by a local user account?
I wanted to make a Policy to remove certain dock items from the local student account at each login but it does not seem to allow me to specify the local student account only.

1 ACCEPTED SOLUTION

tobiaslinder
Contributor II
Contributor II

You can do this by scoping it to the computers and then set a limitation for the user.

8ed6bc2a6d42449d8d0fbf130c04d7fd

View solution in original post

9 REPLIES 9

exno
Contributor

Not sure if this helps or not but what i have done in the past for guest accounts and local user accounts was Create a Smart group that finds machines with the Local User Accounts, For instance StuGuest.

Then i'd make a bash script to have dockutil add and remove items based on a default dock schema. with the [ plist location specification ] being the path to the home folder

Lastly, i'd set that script and smart group into a policy that runs on login if it has to always look a certain way.

- I am @exno or @exnozero on almost everything that exists.

tobiaslinder
Contributor II
Contributor II

You can do this by scoping it to the computers and then set a limitation for the user.

8ed6bc2a6d42449d8d0fbf130c04d7fd

Look
Valued Contributor III

Pretty sure you need to have the policy set to a login trigger for this to work. Which in this particular case is probably what your after anyway.

tobiaslinder
Contributor II
Contributor II

Yes, @Look is correct.

RKauffman
New Contributor II

@tobiaslinder I must be blind as a bat. Thank you.

daniel_ross
Contributor III

Love the JAMF Nation Resources! This is exactly what I was looking for @Look

stwrz
New Contributor II

@Look What do you do if you want a Self Service item only show up for a particular user, but NOT have that policy execute at login?

chriscollins
Valued Contributor

@stwrz Probably would have to duplicate the policy and have it only set to run via Self Service.

JustDeWon
Contributor III

@stwrz .. following @chriscollins suggestion.. make sure you remember to exclude that particular user from the "Login" policy..