Help

Dockutil Script Login Policy

Go to solution
ken_kramer
New Contributor

Posted on ‎03-12-2013 01:56 PM

I'm new to Casper and new to scripting. I'm looking to apply a few dock items using dockutil at login once per user per machine. I am able to get the following script to run successfully via policy with a manual trigger...

#!/bin/sh
###
# Script to add and remove items from dock using dockutil.
###
sleep 10
# Remove Mail
/usr/bin/sudo /usr/local/bin/dockutil --remove 'Mail' --no-restart --allhomes
# Add OIT IP Helper
/usr/bin/sudo /usr/local/bin/dockutil --add /Applications/OIT IP Helper.app --position beginning --no-restart --allhomes
# Add Self Service
/usr/bin/sudo /usr/local/bin/dockutil --add /Applications/Self Service.app --after 'OIT IP Helper' --no-restart --allhomes
# Relaunch Dock
/usr/bin/sudo killall Dock exit 0

When I run the same script with a login trigger it does not work, but it runs. I understand this could be due to login policy wanting to run as the service account for JSS but when I attempt to run it as a user I run the following and it fails both at login or with manual trigger.

#!/bin/sh
###
# Script to add and remove items from dock using dockutil.
###
sleep 10
User=/bin/ls -l /dev/console | /usr/bin/awk '{ print $3 }'
# Remove Mail
/usr/bin/sudo -u $User /usr/local/bin/dockutil --remove 'Mail' --no-restart --allhomes
# Add OIT IP Helper
/usr/bin/sudo -u $User /usr/local/bin/dockutil --add /Applications/OIT IP Helper.app --position beginning --no-restart --allhomes
# Add Self Service
/usr/bin/sudo -u $User /usr/local/bin/dockutil --add /Applications/Self Service.app --after 'OIT IP Helper' --no-restart --allhomes
# Relaunch Dock
/usr/bin/sudo killall Dock exit 0

If anyone could tell me where I'm going wrong or can offer some help I'd appreciate it.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Kumarasinghe
Valued Contributor

Posted on ‎03-13-2013 11:21 PM

This is what we use as a login policy.

$3 method works reliably with "Perform login actions in background" unticked but not when ticked. So please check this;
Go to "Computer Management Framework Settings" > Login/Logout Hooks > Untick "Perform login actions in background" if it is ticked.

#!/bin/bash


# Apply the dockutil settings to current logging in user $3

sudo -u $3 /usr/local/bin/dockutil --remove all "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Launchpad.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Safari.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Microsoft Office 2011/Microsoft Word.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Self Service.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications' --view grid --display folder --sort name "/Users/$3"

# Remove
sudo -u $3 /usr/local/bin/dockutil --remove 'App Store' --no-restart "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --remove 'Reminders' --no-restart "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --remove 'Notes' --no-restart "/Users/$3"

Also I have edited /Library/Preferences/com.apple.dockfixup.plist file to disable App Store, FaceTime etc apps appear on the Dock.

------------
02-Sep-2013: "--sort name" option added for the /Applications folder view.
------------

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Sandy
Valued Contributor II

Posted on ‎03-12-2013 02:16 PM

Hi and Welcome!
If it were me... I would use the built in Add Dock Items to do this.
First, add the dock items to your Casper Admin computer's dock. Then Open Casper Admin and > Add Dock Items.
Once they are in your JSS, create a policy to add or remove each item, and set the policy to run once per user.
This will add (or remove) your items while leaving the rest of the dock intact.

If I'm managing student docks, I set up a Dock, lock it using:
defaults write com.apple.dock contents-immutable -bool true
then capture it with Composer and deploy either at imaging or w/ policy, using FEU FUT
Hope this helps :)
Sandy

0 Kudos

Go to solution
cbrewer
Valued Contributor II

Posted on ‎03-12-2013 02:57 PM

You can use $3 to avoid finding the current user. The JSS passes the current logged in user as $3. Try it like this...

#!/bin/sh
###
# Script to add and remove items from dock using dockutil.
###
sleep 10
# Remove Mail
/usr/local/bin/dockutil --remove 'Mail' --no-restart /Users/$3
# Add OIT IP Helper
/usr/local/bin/dockutil --add /Applications/OIT IP Helper.app --position beginning --no-restart /Users/$3
# Add Self Service
/usr/local/bin/dockutil --add /Applications/Self Service.app --after 'OIT IP Helper' --no-restart /Users/$3
# Relaunch Dock
killall -u $3 Dock
exit 0
0 Kudos

Go to solution
ken_kramer
New Contributor

Posted on ‎03-13-2013 03:27 PM

Thanks for the replies.
@cbrewer I wasn't able to get that to work either with a manual trigger or on login.
@Sandy I like very much the idea of using the Casper built in Dock Items, however I have not been able to get it to work with a user login policy. It runs and logs that it ran but never changes the dock items. Strange huh. If I create a policy and make it ongoing it will work after the second or third user login if there is a reboot between. I'm in an AD environment with mobile managed accounts locally created upon first login and a network home over smb using dfs.

0 Kudos

Go to solution
Kumarasinghe
Valued Contributor

Posted on ‎03-13-2013 11:21 PM

This is what we use as a login policy.

$3 method works reliably with "Perform login actions in background" unticked but not when ticked. So please check this;
Go to "Computer Management Framework Settings" > Login/Logout Hooks > Untick "Perform login actions in background" if it is ticked.

#!/bin/bash


# Apply the dockutil settings to current logging in user $3

sudo -u $3 /usr/local/bin/dockutil --remove all "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Launchpad.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Safari.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Microsoft Office 2011/Microsoft Word.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Microsoft Office 2011/Microsoft Excel.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Microsoft Office 2011/Microsoft PowerPoint.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications/Self Service.app' "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --add '/Applications' --view grid --display folder --sort name "/Users/$3"

# Remove
sudo -u $3 /usr/local/bin/dockutil --remove 'App Store' --no-restart "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --remove 'Reminders' --no-restart "/Users/$3"
sudo -u $3 /usr/local/bin/dockutil --remove 'Notes' --no-restart "/Users/$3"

Also I have edited /Library/Preferences/com.apple.dockfixup.plist file to disable App Store, FaceTime etc apps appear on the Dock.

------------
02-Sep-2013: "--sort name" option added for the /Applications folder view.
------------

0 Kudos

Go to solution
ken_kramer
New Contributor

Posted on ‎03-14-2013 07:58 AM

Thanks Kumarasinghe! Added a little time to the login process but well worth it.

0 Kudos

Go to solution
rmanly
Contributor III

Posted on ‎03-15-2013 10:34 AM

Why not just copy a new default dock.plist into the User Template with these three changes?

dockutil is unfortunately very unreliable in 10.8. :(

0 Kudos

Go to solution
Kumarasinghe
Valued Contributor

Posted on ‎03-17-2013 03:37 PM

We use Dockutil 1.1.1 very reliably on OS X 10.8 and have no issues except it doesn't apply settings for Default User Template.
You need to make sure that you untick "Perform login actions in background" in Login/Logout Hooks of JSS.

0 Kudos