Jamf Nation Community

Ah, didn't give ownership when I tried before. Will try that. Thanks

@cbrewer

Still not working. com.apple.safari that is in /library/preferences is edited successfully and ownership is set, however, safari is not reading the setting from that plist file. It is still pulling the safari homepage from /library/containers/com.apple.safari/data/library/preferences/com.apple.safari.plist.

Ah, I’ve got ya :)

Run these two commands in Terminal:

defaults write ~/Desktop/com.apple.Safari.SandboxBroker.plist Homepage “https://jamf.com”

defaults write ~/Desktop/com.apple.Safari.plist HomePage “https://jamf.com”

(Certainly swap out jamf.com for whatever you want your homepage to be!)

Then upload both of those plists to a Configuration Profile, using the Custom Settings payload. (Upload both Plists to the same profile) You’ll get an error about their formatting, just run the command Jamf tells you to in Terminal. (plutil -convert xml1 /path/to/file.plist)

Deploy the profile out, and that’ll set AND enforce Safari’s homepage, so the user can’t change it.

I've also tried to go with it and test

defaults write ~/library/containers/com.apple.safari/data/library/preferences/com.apple.safari.plist HomePage -string http://home

It gets set in the plist but again safari does not appear to read that setting.

I used composer and monitored changes, changed the homepage in safari>preferences and what it found was that /library/preferences/com.apple.Safari.SandboxBroker.plist was changed.

Any Thoughts?
Thanks

@brian.eybs You may need to uncheck "Perform login hook actions in background" in Jamf > Settings > Computer > Check-In. That will cause login scripts to complete before the login session happens.

@iMatthewCM

Thanks

I'll try that.

I am deploying this through a configuration profile without any issues.

Preference Domain for config profile is: com.apple.Safari

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> 
    <key>NewWindowBehavior</key>
    <integer>0</integer>
    <key>NewTabBehavior</key>
    <integer>0</integer>
    <key>HomePage</key>
    <string>https://inside.companyname.com/wps/myportal/</string>
    <key>AutoFillCreditCardData</key>
    <false/>
    <key>AutoFillPasswords</key>
    <false/>
    <key>AutoFillMiscellaneousForms</key>
    <false/>
    <key>AutoFillFromAddressBook</key>
    <false/>
    <key>AlwaysShowTabBar</key>
    <true/>
</dict>
</plist>

Any ideas on how to set an initial homepage but not force it for Mojave?

You could use Outset and place a script in the login-once directory with the above defaults write commands. That in practice should set but not enforce the homepage setting.

If you are changing it by commands you would also recommend running a "killall cfprefsd" as you are changing preferences.

After scouring multiple jamf nation posts and blogs, I think I've finally figured out how to do this. The Safari homepage is changed without being locked by a configuration profile. Oddly enough, the GUI doesn't change the homepage URL. Oh well, this is probably as good as it's going to get.

Note: Make sure that safari is closed before running the script. When the script is finished, Safari should open your new homepage. As I mentioned above, the URL in the General Tab will not change. As of now, this works on Mojave and Catalina.

Note 2: If you attempt to check the URL in the General Tab, the browser will default to the listed URL. The next time Safari is opened it will open the listed URL. Basically, don't check the General Tab.

#!/bin/bash

HomePage='https://www.jamf.com/jamf-nation/'

CurrentUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`


# Set Safari Homepage

defaults write /Users/$CurrentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist HomePage -string $HomePage
defaults write /Users/$CurrentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist NewWindowBehavior -int 0
defaults write /Users/$CurrentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist NewTabBehavior -int 0
chown $CurrentUser /Users/$CurrentUser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist

#Flush Preference Cache
killall cfprefsd

I cannot get this to work. I have copied @woodsb script above verbatim and keep getting errors. Unexpected arguments, illegal usernames etc.

@a.holley, the commands from @woodsb worked for me when I hard-coded the user and the homepage. I guess there's something wrong there.
I'll post an update when if I find it.

@a.holley , I got it to work with the following code:

#!/bin/bash
#variable for storing the current users name
currentuser=`stat -f "%Su" /dev/console`

#substituting as user stored in variable to modify plist
#echo "$currentuser"

defaults write /Users/$currentuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist HomePage www.jamf.com
defaults write /Users/$currentuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist NewWindowBehavior -int 0
defaults write /Users/$currentuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist NewTabBehavior -int 0
chown $currentuser /Users/$currentuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist

killall cfprefsd

@julienvs You are amazing, thanks! Off to test this now

@julienvs , still get unexpected arguments. I'll keep playing.

Worked on one machine but then not on another one.
Super frustrating.
I manage to change most preferences but just not the ones of macOS apps such as Safari or Calendar.

hi all - id be interested to understand why if you want to deploy this via JAMF, you wouldn't just set this via a config profile - computer level, with com.apple.safari as pref domain, and PLIST file, with entry {HomePage=http://yourhomepage} ?
We do it this way, but curious as to other methods, or perhaps a different use case where this wouldn't meet your requirements.

Hi @RJH , The idea is to prepare a computer for its users without enforcing settings.
We want new users to see the company's homepage, but if they want to change it, they should be able to do so.
Or is that also possible with Configuration Profiles?

Julien

@julienvs If you set the homepage with a Configuration Profile the user can not change it

Thanks for your reply @sdagley ,
That's why we're looking for a solution to make it work through a policy.

@julienvs The approach I take for this is to have a Self Service policy that will allow the user to exclude their Mac from Configuration Profiles which are considered "options". As an example, we have a Configuration Profile that sets the desktop background, and a Self Service policy named "Unlock Desktop Background" that adds the computer to a Static Group which is used as a Scope Exclusion for that Configuration Policy.

Thanks @sdagley

For those that have a working Safari Prefs policy/Config Policy, What is the OS version that you working on? Is SIP disabled? Thanks

@sdagley and @a.holley. Apologies for not responding. Jamf created a Jamf ID for me and I can't access my old account. I'm noticing that my script above doesn't work anymore until I grant full disk access to my Code Runner in 10.15.5. I still need to test it while running from Jamf. This post gave me some help with this https://discussions.apple.com/thread/8637915.

@a.holley just tested, my original script using Jamf, it still works. I think you may need to reconfigure your PPPC settings to give the jamf binary full disk access to your builds. You should be able to fix this with the PPPC utility. @jhorn SIP is still enabled on all of my builds.

When testing with Code Runner, remember to add "sudo" to the commands. You also need to ensure that safari is closed during testing. Please reach out if you need any help with this. I am now @bwoods.

Anyone confirm this is working for them with Safari 14.x? I get:

2021-05-12 15:37:27.894 defaults[46370:361899] Rep argument is not a dictionary Defaults have not been changed.

even when running locally….

Script above is still working.

@user-aj what OS version are you running? What is the output of the script?