Setting Finder preferences for connected servers fails, but I can set the other 3...

Andrew_Rogers
New Contributor II

Hey all, I am stumped and hoping for some guidance.

I am trying to set Finder Preferences to show Hard Disks, External Disks, External Media, and Connected Servers. I have the script below deployed via policy and it works like a charm for everything but connected servers. I have been banging my head on my desk all day. I know the script runs as root and I have to get it to run as the logged in user AND pointed at the correct .plist of the logged in user and it seems like it is considering 3 of the 4 booleans flip...

Before anyone chimes in about how I should do this with a configuration profile,

  1. We just want it set once per user per computer and the user can change it after that if they want.
  2. I am dealing with a JSS that has database corruption and I cannot push new configuration profiles anyway. (We are migrating everything to a new healthy instance soon.)
#!/bin/bash

#First, get logged in user and set as a variable $user

user=`/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'`

/usr/bin/defaults write /Users/"$user"/Library/Preferences/com.apple.finder ShowExternalHardDrivesOnDesktop -bool true;

/usr/bin/defaults write /Users/"$user"/Library/Preferences/com.apple.finder ShowHardDrivesOnDesktop -bool true;

/usr/bin/defaults write /Users/"$user"/Library/Preferences/com.apple.finder ShowMountedServersOnDesktop -bool true;

/usr/bin/defaults write /Users/"$user"/Library/Preferences/com.apple.finder ShowRemovableMediaOnDesktop -bool true;

killall Finder

exit 0

When I run the script locally, it works like a charm. When I run the script via policy, everything is set right but connected servers. Please point out whatever ridiculous mistake I have made and thank you all for being an awesome community resource!

3 REPLIES 3

barnesaw
Contributor III
  1. the method you are using to get the current user doesn't take user switching into account. Preferable to use:
    #!/bin/bash
    user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
    ");')
  2. Might be as simple as killall cfprefsd before killall Finder. I usually do that to be safe.

stevewood
Honored Contributor II
Honored Contributor II

@Andrew.Rogers take a look at Outset. Outset will run login scripts the way you need: once as root, once as user, ongoing as root, or ongoing as user. So if you want to set those prefs only one time, you can place that script in the "login-once" folder of Outset and it will run just one time for each user that logs into the machine.

mm2270
Legendary Contributor III

I know this isn't the answer you were looking for, but perhaps this would help.
It IS possible to set up a Config Profile to use a "once" option, but the trick is the profile must be kind of made manually using a few tools.

First, you would use defaults to create a new plist using the same domain as your target domain to someplace like your Desktop. Add as many settings into the same plist that you need using those commands.
That plist can then be fed into a tool, which, while it hasn't been updated in a while, still works well, called MCXToProfile. It's a python script created by Tim Sutton. It miraculously still works well, and the cool thing is, it has an option you can use with it when creating the profile to apply the settings only once. It uses some trickery with a timestamp to do this.
And in case you were wondering, I just took the settings you have above, made a local plist, converted it to a Config Profile with the Once option on with MCXToProfile, and applied it to a 10.13.6 Mac and it worked! The settings flipped to On in the prefs, but I was able to go into Finder Preferences and turn one or more of them back off and the settings stuck, even through a logout/login. So it essentially applied once at deployment time.

The one thing I did not try, and this could be a wrinkle, is uploading the profile into Jamf Pro and deploying from there. I only installed the profile locally using profiles. Jamf Pro has a habit of stripping out or otherwise mangling profiles you upload to conform to it's own internal settings. So it's possible that uploading such an unprotected custom profile might end up stripping out the "once" setting in it. Or it may not. I haven't tried that, so I don't know for sure. But worth checking out as an additional option.