I would like to get some guidance on how to properly deploy Webloc Desktop Shortcut / FUT-FEU dmg. I got a very helpful guide from this post. https://www.jamf.com/jamf-nation/discussions/23531/create-shortcut-on-users-desktops-that-cannot-be-deleted#responseChild147521
On my testing computer, it successfully created the Desktop Shortcut using the guide from the post above. I scoped it on my test computer. When I tried to deploy it using ldap group, it corrupts the Library of the logged in user. I receive "macOS needs to repair your Library" error. I would like the shortcuts immutable by changing the permissions, but I think its the changing of the permissions thats causing the error. I created a Self Service plug ins for this shortcuts but our Users just want it on their desktops instead. Thanks in advance.
Solved! Go to Solution.
@Eigger Are you sure your DMG package only contains the webloc file and nothing else, like any folders or other files it's also deploying? It's hard to imagine how a command directed at a specific file to change it's permissions would be messing up the user's Library folder. Those commands are not directed at the same location.
You also should not need to have the sudo's in those since presumably it's running from a policy and would already be executed as root.
As per yourself and @sapalmerBCS 's post. Below is what I did.
I created a webloc on my Desktop
Opened terminal and changed the permissions
sudo chown root:wheel "Submit MAO Requests.webloc"
sudo chmod 444 "Submit MAO Requests.webloc"
sudo chflags uchg "Submit MAO Requests.webloc"
Dragged it to Composer and created a dmg
Dragged it to Casper Admin and Checked FUT/FEU
On newer macOS systems, I can corroborate that using FUT with items that are UCHG does not appear to work. This behavior seems changed at around 10.9 - I'm thinking that whatever routines that used to run initial user copy essentially had root access - and could overlook the UCHG flag. This does not appear to be the case with newer systems (which I suspect have more stringent security restrictions).