Help

Webloc Desktop Shortcut Deployment FUT/FEU Issues

Go to solution
Eigger
Contributor III

Posted on ‎06-12-2017 01:03 PM

Hi Admins,

I would like to get some guidance on how to properly deploy Webloc Desktop Shortcut / FUT-FEU dmg. I got a very helpful guide from this post. https://www.jamf.com/jamf-nation/discussions/23531/create-shortcut-on-users-desktops-that-cannot-be-deleted#responseChild147521
On my testing computer, it successfully created the Desktop Shortcut using the guide from the post above. I scoped it on my test computer. When I tried to deploy it using ldap group, it corrupts the Library of the logged in user. I receive "macOS needs to repair your Library" error. I would like the shortcuts immutable by changing the permissions, but I think its the changing of the permissions thats causing the error. I created a Self Service plug ins for this shortcuts but our Users just want it on their desktops instead. Thanks in advance.

Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
sapalmerBCS
New Contributor III

Posted on ‎06-12-2017 02:32 PM

@Eigger I just responded to that other post as well. The method I used ended up causing similar issues for me and I had to revert the changes. The time past and I don't currently need to create a shortcut that can't be deleted at all, so I haven't looked for another foolproof method.

View solution in original post

0 Kudos
Reply
6 REPLIES 6

Go to solution
StoneMagnet
Contributor III

Posted on ‎06-12-2017 01:20 PM

@Eigger Can you post the script you're running to change the file permissions? It'd help to see that in order to suggest what might be causing the error.

0 Kudos
Reply

Go to solution
Eigger
Contributor III

Posted on ‎06-12-2017 01:29 PM

I used exactly what @mm2270 and @sapalmerBCS posted before dragging them to Composer.

sudo chown root:wheel /Users/john.doe/Desktop/TestShortcut.webloc
sudo chmod 444 /Users/john.doe/Desktop/TestShortcut.webloc
sudo chflags uchg /Users/john.doe/Desktop/TestShortcut.webloc

0 Kudos
Reply

Go to solution
mm2270
Legendary Contributor III

Posted on ‎06-12-2017 01:39 PM

@Eigger Are you sure your DMG package only contains the webloc file and nothing else, like any folders or other files it's also deploying? It's hard to imagine how a command directed at a specific file to change it's permissions would be messing up the user's Library folder. Those commands are not directed at the same location.

You also should not need to have the sudo's in those since presumably it's running from a policy and would already be executed as root.

0 Kudos
Reply

Go to solution
Eigger
Contributor III

Posted on ‎06-12-2017 02:28 PM

As per yourself and @sapalmerBCS 's post. Below is what I did.
I created a webloc on my Desktop
Opened terminal and changed the permissions
cd Desktop/
sudo chown root:wheel "Submit MAO Requests.webloc"
sudo chmod 444 "Submit MAO Requests.webloc"
sudo chflags uchg "Submit MAO Requests.webloc"
Dragged it to Composer and created a dmg
Dragged it to Casper Admin and Checked FUT/FEU
41597e1ea5044a68877f1756a42923c3

0 Kudos
Reply

Go to solution
sapalmerBCS
New Contributor III

Posted on ‎06-12-2017 02:32 PM

@Eigger I just responded to that other post as well. The method I used ended up causing similar issues for me and I had to revert the changes. The time past and I don't currently need to create a shortcut that can't be deleted at all, so I haven't looked for another foolproof method.

0 Kudos
Reply

Go to solution
JesseNCSD
New Contributor III

Posted on ‎06-13-2017 06:18 AM

On newer macOS systems, I can corroborate that using FUT with items that are UCHG does not appear to work. This behavior seems changed at around 10.9 - I'm thinking that whatever routines that used to run initial user copy essentially had root access - and could overlook the UCHG flag. This does not appear to be the case with newer systems (which I suspect have more stringent security restrictions).

0 Kudos
Reply