Jamf Nation Community

@larry_barrett strange, i had the execution frequency to 'once per user', then 'once per user per computer' and it didn't appear until i set it to 'ongoing'.

why it only appears when using 'ongoing'?

Well @tcandela if you're set to once per user or once per user per computer, you'd have to flush the entry for it to show up in Self Service again. Those frequencies only show up in self service if the policy has not been run (yet)

@larry_barrett the policy was never run yet for any user and it didn't show up in Self Service until i set it to 'ongoing'. So there was nothing to 'flush'.

I wanted it at once per user or once per user per computer
so if Joe logs in he'll see it in self service and run it, next time he opens self service it won't be available
then if Andy logs into the same computer he should see it available for him to configure the dock.

so each user that logs into the computer should see it available, once they run it then it won't be available.

@tcandela I encourage you to not "die on the hill" of once per user. In our mobile carts, we leave it in Self Service so anyone (teacher, para, kid) can reset the dock back to a default state. I understand you want it once per, but there's no benefit to doing it once. Alot of things can change your dock: unexpected containers (I'm looking at you Flash Player), random utility programs (like Disk Utility or Font book). If you don't account for those in your Dock Items, your mileage may vary... Include this bit of magic and set it to login/ongoing +available in Self Service (see attached).

@larry_barrett so the sleep 5; killall Dock just refreshes it with the changes?

so you have a separate policy that sets the Dock back to its default? (would below work in 'EXECUTE COMMAND')?

defaults delete com.apple.dock; killall Dock

so a total of 2 policies (change and reset to default).

Also, in the past i've always had issues with a policy that adds/removes Dock Items using the LOGIN as 'trigger'. It never has correctly added/removed what i had setup. Are you not having issues with LOGIN as a trigger when doing Dock policy?

I only have the one policy set to login (see photo) and Ongoing. It doesn't work 100% of the time, specifically I have a hard time with webhooks on the dock. Occasionally I'll have to drag them back onto the dock from Library -> Application Support -> Configuration Profiles.

As to your issues with the Login trigger, if you aren't running the code mentioned above ( sleep 5; killall Dock ) I wouldn't expect it to ever work. I don't know the answer to the defaults deleting bit, but you should totally share your results.

@larry_barrett I thought this would change the Dock for that particular individual user. So if there is multiple users, running that self service policy will reset the Dock for everyone.

Do you have a policy to reset the Dock to the Apple default dock setup?

I did a new policy with execute commands = defaults delete com.apple.dock; killall Dock but it doesnt do anything. The Dock stays setup the way the previous policy set it.

I logged in as Administrator and ran defaults delete com.apple.dock; killall Dock from the terminal but it only set the Apple default Dock for this Administrator account, the user account that ran the Self Service policy still had the changed up Dock.

In a previous reply you said you had the Self Service policy stay ongoing just in case you wanted other users to set the Dock back to it's default. How are you doing it?

Each users dock is independent. If you have it set to Login trigger, then yes, everyone's would be the same. If it's just in Self Service, for example, it would be up to the user if they wanted that dock or not. You'll have to be careful with your frequency if this is an "opt-in" type of setup. Again, to clarify, running the Dock Reset in Self Service only installs the dock for the logged in user, not computer-wide.

The way I'd do it is to make a separate policy and have a Dock Items entry with the default apps. To be fair, I've never tried to reset it back to the default dock. Testing on a Catalina 10.15.3 machine, defaults delete com.apple.dock; killall Dock worked for me. Make sure you capitalize Dock or it won't work.

@larry_barrett everything you're saying is totally opposite from my results.

I have a Self Service policy basically removing all the Apple dock items and adding Office Word, Excel, PPoint, Firefox .......
so User1 runs the policy from SS and the Dock is set. When i login with User2 the Dock is set to the way the Self Service policy ran for User1. So it changes the Dock for everyone.

running the defaults delete com.apple.dock; killall Dock through 'terminal' works, but not if i use this command in the 'execute commands' section for Files and Processes payload.

where are you running defaults delete com.apple.dock; killall Dock from?

@larry_barrett i just tested both ways 'login' and 'self service' no matter which way it changes the Dock for all users

I'll post my entire policy. I can't replicate your error. Just in case, I'm on 10.15.3 with on Prem Jamf Pro.

A few things to keep in mind. Defaults is a command-line tool. For you to be able to use files and processes or a script, you will have to mimic the behavior of the Defaults program. Defaults basically lets you edit any .plist file, in my head this means you would have to nuke the plist file or something similar. com.apple.dock is in Library/Managed Preferences/User Name.

Also, if you use defaults delete com.apple.dock, the com.apple.dock file will be empty until you do one of two things: change the dock (think right click and remove from dock) or restart. Attempting to delete the file a second time will throw up an error since it's empty from your deletion.

Finally, here's screen shots of two different users on the same machine using the above policy. I don't know how you are achieving what you are achieving, but it's really interesting to me. Don't give up.

@larry_barrett easy to create the policy, but when run either on login or self service it changes the dock for everyone. Not sure how yours is not doing it.

User1 runs Self Service Dock policy and it changes (sleep 5; killall Dock i added). Login as User2 and it's the same Dock as user1.

I reset both user1 & user2 Docks by going to each and going to terminal (defaults delete com.apple.dock; killall Dock) and then flushing the policy and same thing. No matter what login or self service the Dock gets changed for not only the user that ran Self Service but also other user accounts.

Is your account with the default account a new account created maybe from AD login?

this are 2 local accounts already created, so they both exist at the same time.

That might be it. Mine are AD accounts. I only have a hidden admin account and AD accounts, nothing local.

@larry_barrett no doubt about it that's it. I have 2 local users that are both currently created. Once one of them runs the policy either via 'login' or 'self service' (tested both ways) it gets applied to user accounts currently existing.

Well, thanks for coming to my Ted talk. Sorry we couldn't figure it out (yet).

@larry_barrett It would be really stupid if this is how it works. And it's obvious it's how it does work.

You're going to absolutely die.

So, I setup two local accounts (I had to see it), set the dock via Self Service on Test1, restarted, logged into Test2 and the dock was different.

@larry_barrett i'm not getting that result. I think i found the issue, i have the frequency set to 'once per user per computer', i'll change it to ongoing and test

@larry_barrett no change with 'ongoing' or 'once per user per computer'. Dock changes apply to all

tested on Mojave

I feel like, if you purge the policy logs and reboot you should be back to square one. Once per user per computer means everyone who logs in will get it. Try another computer? I really have no idea as I can't replicate your results. Catalina DOES change some dock items (new file paths, etc), but that's the only change I made from Mojave to Catalina.

Just checked on a Mojave machine. I was able to reproduce your results. Its "fixed" in Catalina.

@larry_barrett I just tried it on Catalina and get the same result. User1 runs policy in Self Service and gets thew new Dock configuration. I logged in with User2 and his Dock also got changed.

not sure how it's working for you.

Yikes.

I'm running out of guesses over here. Can you post screenshots of your policy and the policy logs from the affected computer?

You've tried multiple computers right? Do these computer(s) have SIP enabled? Are there multiple policies modifying the dock or Managed Preferences?

My next guess? I'd flush all the policy logs, manually reset the dock to the OG dock settings, restart and try again. Unscope the policy and see if there is something else affecting the workflow.