Script to configure the dock is not executing upon login and only works with manual trigger

mbowman11
New Contributor II

I have a script to remove the default apps from the dock but I can't get it to execute when a user logs in. It only works when I run the policy in terminal or from Self Service. The policy is set to trigger at login but doesn't seem to run. Is there an issue with the script or a Jamf policy setting that should be modified?

 

#!/bin/bash

# Get currently logged in user
currentUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')

# Path to dockutil tool
dockutilbin="/usr/local/bin/dockutil"

# Sleep for 30 seconds
sleep 30

# Remove default Mac apps from the dock
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'App Store' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Contacts' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'FaceTime' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Freeform' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'iTunes' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Keynote' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Mail' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Maps' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Messages' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Music' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'News' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Numbers' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Pages' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'Safari' --restart $loggedInUserPlist
/bin/launchctl asuser $(id -u $currentUser) $dockutilbin --remove 'TV' --restart $loggedInUserPlist

# Add Google Chrome to the dock
dockutil --add '/Applications/Google Chrome.app'

# Restart the dock
killall cfprefsd
killall Dock

exit 0

 

1 ACCEPTED SOLUTION

Assuming you have a computer group, or the computer itself, added and the policy is enabled, next step is to get the policy logs to make sure the computer is in the log list. That should also help confirm the policy is running as you should see logs for every execution.

looking at the script itself what is $loggedInUserPlist set to?

Also is this dockutil? if so, shouldn't that be --no-restart instead of --restart?

Coding tips, Jamf executes script with the username in $3, so currentUser could be set to $(id -u $3) so that id -u doesn't have to be executed for every launchctl command. You may want to insert a check that dockutil is installed and trigger an install if not found, and lastly for consistency, perhaps use $dockutilbin instead of dockutil when adding Google Chrome.

i.e.

#!/bin/bash

# Get currently logged in user
# currentUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')
currentUser=$(id -u $3)
loggedInUserPlist="/Users/$3/Library/Preferences/com.apple.dock.plist"

# Path to dockutil tool and check installed
dockutilbin="/usr/local/bin/dockutil"
if [ ! -e "$dockutilbin" ]; then
/usr/local/bin/jamf policy -event installdockutil
# replace installdockutil with the custom event/trigger name for a policy to install docktuil
fi

# Sleep for 30 seconds
sleep 30

# Remove default Mac apps from the dock
/bin/launchctl asuser $currentUser $dockutilbin --remove 'App Store' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Contacts' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'FaceTime' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Freeform' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'iTunes' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Keynote' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Mail' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Maps' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Messages' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Music' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'News' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Numbers' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Pages' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Safari' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'TV' --no-restart $loggedInUserPlist

# Add Google Chrome to the dock
$dockutilbin --add '/Applications/Google Chrome.app'

# Restart the dock
killall cfprefsd
killall Dock

exit 0

After all that though, there is a better way, instead of configuring a users dock after login and annoying the user because this might re-run, removing anything the user might want on the dock (i.e. they had re-added them), how about configuring the default user template(s) instead, then this doesn't need to be on login, just once per computer, or once a month i.e.

#!/bin/bash

# Path to dockutil tool and check installed
dockutilbin="/usr/local/bin/dockutil"
if [ ! -e "$dockutilbin" ]; then
/usr/local/bin/jamf policy -event installdockutil
# replace installdockutil with the custom event/trigger name for the policy that installs docktuil
fi

# Create default dock
cd "/Library/User Template"
for LANGDIR in ./* ; do
$dockutilbin --add '/System/Applications/Launchpad.app' --no-restart $LANGDIR
$dockutilbin --add '/System/Applications/Photos.app' --no-restart $LANGDIR
$dockutilbin --add '/System/Applications/Calendar.app' --no-restart $LANGDIR
$dockutilbin --add '/System/Applications/Reminders.app' --no-restart $LANGDIR
$dockutilbin --add '/System/Applications/Notes.app' --no-restart $LANGDIR
 $dockutilbin --add '/System/Applications/System Settings.app' --no-restart $LANGDIR
$dockutilbin --add '/Applications/Google Chrome.app' --no-restart $LANGDIR
done
exit 0

 

View solution in original post

8 REPLIES 8

wakco
Contributor III

Let's start with checking the Jamf instance has login events enabled, go to Settings -> Computer Management -> Check-in, and Create login events and Check for policies triggered by login should be ticked. If they are not ticked, the computers will never execute any policies configured for on login.

mbowman11
New Contributor II

Just confirmed they are both enabled 

Next step is to check the Scope of the policy, a common gotcha is All Users vs. Specific Users with no users/usergroups set. All Users can often cause policies not to execute when you think they should, usually works best for limiting a Self Service policy to when someone logs into Self Service, making Specific Users with no users/usergroups set the better, more reliable option.

mbowman11
New Contributor II

the policy is currently scoped to Specific Computers and Specific Users (with no users/usergroups set). What's interesting is that I just noticed the screen blinks 30 seconds after I login to my test device like it's refreshing the dock (leading me to believe it does receive the policy) but then the dock comes back up with no changes

Assuming you have a computer group, or the computer itself, added and the policy is enabled, next step is to get the policy logs to make sure the computer is in the log list. That should also help confirm the policy is running as you should see logs for every execution.

looking at the script itself what is $loggedInUserPlist set to?

Also is this dockutil? if so, shouldn't that be --no-restart instead of --restart?

Coding tips, Jamf executes script with the username in $3, so currentUser could be set to $(id -u $3) so that id -u doesn't have to be executed for every launchctl command. You may want to insert a check that dockutil is installed and trigger an install if not found, and lastly for consistency, perhaps use $dockutilbin instead of dockutil when adding Google Chrome.

i.e.

#!/bin/bash

# Get currently logged in user
# currentUser=$(scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }')
currentUser=$(id -u $3)
loggedInUserPlist="/Users/$3/Library/Preferences/com.apple.dock.plist"

# Path to dockutil tool and check installed
dockutilbin="/usr/local/bin/dockutil"
if [ ! -e "$dockutilbin" ]; then
/usr/local/bin/jamf policy -event installdockutil
# replace installdockutil with the custom event/trigger name for a policy to install docktuil
fi

# Sleep for 30 seconds
sleep 30

# Remove default Mac apps from the dock
/bin/launchctl asuser $currentUser $dockutilbin --remove 'App Store' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Contacts' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'FaceTime' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Freeform' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'iTunes' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Keynote' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Mail' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Maps' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Messages' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Music' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'News' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Numbers' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Pages' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'Safari' --no-restart $loggedInUserPlist
/bin/launchctl asuser $currentUser $dockutilbin --remove 'TV' --no-restart $loggedInUserPlist

# Add Google Chrome to the dock
$dockutilbin --add '/Applications/Google Chrome.app'

# Restart the dock
killall cfprefsd
killall Dock

exit 0

After all that though, there is a better way, instead of configuring a users dock after login and annoying the user because this might re-run, removing anything the user might want on the dock (i.e. they had re-added them), how about configuring the default user template(s) instead, then this doesn't need to be on login, just once per computer, or once a month i.e.

#!/bin/bash

# Path to dockutil tool and check installed
dockutilbin="/usr/local/bin/dockutil"
if [ ! -e "$dockutilbin" ]; then
/usr/local/bin/jamf policy -event installdockutil
# replace installdockutil with the custom event/trigger name for the policy that installs docktuil
fi

# Create default dock
cd "/Library/User Template"
for LANGDIR in ./* ; do
$dockutilbin --add '/System/Applications/Launchpad.app' --no-restart $LANGDIR
$dockutilbin --add '/System/Applications/Photos.app' --no-restart $LANGDIR
$dockutilbin --add '/System/Applications/Calendar.app' --no-restart $LANGDIR
$dockutilbin --add '/System/Applications/Reminders.app' --no-restart $LANGDIR
$dockutilbin --add '/System/Applications/Notes.app' --no-restart $LANGDIR
 $dockutilbin --add '/System/Applications/System Settings.app' --no-restart $LANGDIR
$dockutilbin --add '/Applications/Google Chrome.app' --no-restart $LANGDIR
done
exit 0

 

mbowman11
New Contributor II

After testing, it appears the first example script you gave me worked! I removed sleep 30 since I don't need that anymore. However, the 2nd example you provided did not work unfortunately. But I'll just schedule the policy to run once per user per computer, so the user can modify their dock after the initial configuration without having it default every time they login.

Thank you so much for your help!

A_Collins
Contributor

What does the dockbuilder log says. location: 

~/Library/Logs/DockBuilder.log

mbowman11
New Contributor II

Thanks for the tip! This was very helpful for troubleshooting