I'm hoping that someone can confirm what I'm seeing. We were hoping to set the safari homepage on our macs through Jamf Pro. But it appears that in Mojave (earlier?), Safari has been containerized so the plist that has the homepage is now under /users/*/library/containers/.... There doesn't appear to be anyway to modify the setting(not via script or configuration profile) unless you turn off SIP first. Is that correct? Or is there something I'm missing?
In my experience, you can update ~/Library/Preferences/com.apple.Safari.plist HomePage value with a script or config profile and it still works fine in Mojave. If you update it with a script, use a defaults write command and don't forget to give ownership to the user that is logging in.
You may also want to set NewWindowBehavior and NewTabBehavior
Example:
defaults write /Users/$3/Library/Preferences/com.apple.Safari HomePage -string "$homePage"
defaults write /Users/$3/Library/Preferences/com.apple.Safari NewWindowBehavior -int 0
defaults write /Users/$3/Library/Preferences/com.apple.Safari NewTabBehavior -int 0
chown $3 /Users/$3/Library/Preferences/com.apple.Safari.plist
Ah, didn't give ownership when I tried before. Will try that. Thanks
@cbrewer
Still not working. com.apple.safari that is in /library/preferences is edited successfully and ownership is set, however, safari is not reading the setting from that plist file. It is still pulling the safari homepage from /library/containers/com.apple.safari/data/library/preferences/com.apple.safari.plist.
Ah, I’ve got ya :)
Run these two commands in Terminal:
defaults write ~/Desktop/com.apple.Safari.SandboxBroker.plist Homepage “https://jamf.com”
defaults write ~/Desktop/com.apple.Safari.plist HomePage “https://jamf.com”
(Certainly swap out jamf.com for whatever you want your homepage to be!)
Then upload both of those plists to a Configuration Profile, using the Custom Settings payload. (Upload both Plists to the same profile) You’ll get an error about their formatting, just run the command Jamf tells you to in Terminal. (plutil -convert xml1 /path/to/file.plist)
Deploy the profile out, and that’ll set AND enforce Safari’s homepage, so the user can’t change it.
I've also tried to go with it and test
defaults write ~/library/containers/com.apple.safari/data/library/preferences/com.apple.safari.plist HomePage -string http://home
It gets set in the plist but again safari does not appear to read that setting.
I used composer and monitored changes, changed the homepage in safari>preferences and what it found was that /library/preferences/com.apple.Safari.SandboxBroker.plist was changed.
Any Thoughts?
Thanks
@brian.eybs You may need to uncheck "Perform login hook actions in background" in Jamf > Settings > Computer > Check-In. That will cause login scripts to complete before the login session happens.
I am deploying this through a configuration profile without any issues.
Preference Domain for config profile is: com.apple.Safari
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NewWindowBehavior</key>
<integer>0</integer>
<key>NewTabBehavior</key>
<integer>0</integer>
<key>HomePage</key>
<string>https://inside.companyname.com/wps/myportal/</string>
<key>AutoFillCreditCardData</key>
<false/>
<key>AutoFillPasswords</key>
<false/>
<key>AutoFillMiscellaneousForms</key>
<false/>
<key>AutoFillFromAddressBook</key>
<false/>
<key>AlwaysShowTabBar</key>
<true/>
</dict>
</plist>
Any ideas on how to set an initial homepage but not force it for Mojave?
You could use Outset and place a script in the login-once directory with the above defaults write commands. That in practice should set but not enforce the homepage setting.
If you are changing it by commands you would also recommend running a "killall cfprefsd" as you are changing preferences.
After scouring multiple jamf nation posts and blogs, I think I've finally figured out how to do this. The Safari homepage is changed without being locked by a configuration profile. Oddly enough, the GUI doesn't change the homepage URL. Oh well, this is probably as good as it's going to get.
Note: Make sure that safari is closed before running the script. When the script is finished, Safari should open your new homepage. As I mentioned above, the URL in the General Tab will not change. As of now, this works on Mojave and Catalina.
Note 2: If you attempt to check the URL in the General Tab, the browser will default to the listed URL. The next time Safari is opened it will open the listed URL. Basically, don't check the General Tab.
#!/bin/bash
HomePage='https://www.jamf.com/jamf-nation/'
CurrentUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`
# Set Safari Homepage
defaults write /Users/$CurrentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist HomePage -string $HomePage
defaults write /Users/$CurrentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist NewWindowBehavior -int 0
defaults write /Users/$CurrentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist NewTabBehavior -int 0
chown $CurrentUser /Users/$CurrentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist
#Flush Preference Cache
killall cfprefsd
I cannot get this to work. I have copied @woodsb script above verbatim and keep getting errors. Unexpected arguments, illegal usernames etc.
@a.holley, the commands from @woodsb worked for me when I hard-coded the user and the homepage. I guess there's something wrong there.
I'll post an update when if I find it.
@a.holley , I got it to work with the following code:
#!/bin/bash
#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`
#substituting as user stored in variable to modify plist
#echo "$currentuser"
defaults write /Users/$currentuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist HomePage www.jamf.com
defaults write /Users/$currentuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist NewWindowBehavior -int 0
defaults write /Users/$currentuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist NewTabBehavior -int 0
chown $currentuser /Users/$currentuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist
killall cfprefsd
@julienvs You are amazing, thanks! Off to test this now
@julienvs , still get unexpected arguments. I'll keep playing.
Worked on one machine but then not on another one.
Super frustrating.
I manage to change most preferences but just not the ones of macOS apps such as Safari or Calendar.
hi all - id be interested to understand why if you want to deploy this via JAMF, you wouldn't just set this via a config profile - computer level, with com.apple.safari as pref domain, and PLIST file, with entry {HomePage=http://yourhomepage} ?
We do it this way, but curious as to other methods, or perhaps a different use case where this wouldn't meet your requirements.
Hi @RJH ,
The idea is to prepare a computer for its users without enforcing settings.
We want new users to see the company's homepage, but if they want to change it, they should be able to do so.
Or is that also possible with Configuration Profiles?
Julien
@julienvs If you set the homepage with a Configuration Profile the user can not change it
Thanks for your reply @sdagley ,
That's why we're looking for a solution to make it work through a policy.
@julienvs The approach I take for this is to have a Self Service policy that will allow the user to exclude their Mac from Configuration Profiles which are considered "options". As an example, we have a Configuration Profile that sets the desktop background, and a Self Service policy named "Unlock Desktop Background" that adds the computer to a Static Group which is used as a Scope Exclusion for that Configuration Policy.
Thanks @sdagley
For those that have a working Safari Prefs policy/Config Policy, What is the OS version that you working on? Is SIP disabled? Thanks
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.