Webloc Desktop Shortcut Deployment FUT/FEU Issues

Eigger
Contributor III

Hi Admins,

I would like to get some guidance on how to properly deploy Webloc Desktop Shortcut / FUT-FEU dmg. I got a very helpful guide from this post. https://www.jamf.com/jamf-nation/discussions/23531/create-shortcut-on-users-desktops-that-cannot-be-deleted#responseChild147521
On my testing computer, it successfully created the Desktop Shortcut using the guide from the post above. I scoped it on my test computer. When I tried to deploy it using ldap group, it corrupts the Library of the logged in user. I receive "macOS needs to repair your Library" error. I would like the shortcuts immutable by changing the permissions, but I think its the changing of the permissions thats causing the error. I created a Self Service plug ins for this shortcuts but our Users just want it on their desktops instead. Thanks in advance.

1 ACCEPTED SOLUTION

sapalmerBCS
New Contributor III

@Eigger I just responded to that other post as well. The method I used ended up causing similar issues for me and I had to revert the changes. The time past and I don't currently need to create a shortcut that can't be deleted at all, so I haven't looked for another foolproof method.

View solution in original post

6 REPLIES 6

StoneMagnet
Contributor III

@Eigger Can you post the script you're running to change the file permissions? It'd help to see that in order to suggest what might be causing the error.

Eigger
Contributor III

I used exactly what @mm2270 and @sapalmerBCS posted before dragging them to Composer.

sudo chown root:wheel /Users/john.doe/Desktop/TestShortcut.webloc
sudo chmod 444 /Users/john.doe/Desktop/TestShortcut.webloc
sudo chflags uchg /Users/john.doe/Desktop/TestShortcut.webloc

mm2270
Legendary Contributor III

@Eigger Are you sure your DMG package only contains the webloc file and nothing else, like any folders or other files it's also deploying? It's hard to imagine how a command directed at a specific file to change it's permissions would be messing up the user's Library folder. Those commands are not directed at the same location.

You also should not need to have the sudo's in those since presumably it's running from a policy and would already be executed as root.

Eigger
Contributor III

As per yourself and @sapalmerBCS 's post. Below is what I did.
I created a webloc on my Desktop
Opened terminal and changed the permissions
cd Desktop/
sudo chown root:wheel "Submit MAO Requests.webloc"
sudo chmod 444 "Submit MAO Requests.webloc"
sudo chflags uchg "Submit MAO Requests.webloc"
Dragged it to Composer and created a dmg
Dragged it to Casper Admin and Checked FUT/FEU
41597e1ea5044a68877f1756a42923c3

sapalmerBCS
New Contributor III

@Eigger I just responded to that other post as well. The method I used ended up causing similar issues for me and I had to revert the changes. The time past and I don't currently need to create a shortcut that can't be deleted at all, so I haven't looked for another foolproof method.

JesseNCSD
New Contributor III

On newer macOS systems, I can corroborate that using FUT with items that are UCHG does not appear to work. This behavior seems changed at around 10.9 - I'm thinking that whatever routines that used to run initial user copy essentially had root access - and could overlook the UCHG flag. This does not appear to be the case with newer systems (which I suspect have more stringent security restrictions).