Centrify DirectControl on Mac OS X 10.6 and higher.Question:
Is it possible to have the homepages and bookmarks of Safari and Chrome on OS X be controlled via GP?Answer:
Safari and Chrome store their configuration files and bookmarks in various locations in the user's ~/Library/
folder on the Mac.
It is possible to have the desired settings be managed using a combination of group policies:
- The Safari homepage can be set using the "Import plist" GP.
- The Chrome homepage can be set using the "Specify login script" GP.
- The bookmarks for both can be set using the "Copy files" GP and then the "Specify login script" GP.
- Once these GPs are in place, the bookmarks and homepages effectively become "Managed Settings"
- This means that any edits the user makes to the bookmarks or preferences will be overwritten the next time the AD user logs in again.
- There is currently no way to have both managed settings and user-settings co-exist at the same time.
- The first load of Safari on an AD account which has never logged into the Mac before will always load the default Apple homepage first.
- All subsequent loads of Safari will then load the desired GP-set homepage.
- The supplied login script will skip over the appropriate settings if it detects the associated files are not present. It will then continue to import any settings it does detect.
- This means that if only the bookmarks are desired to be managed, then it is safe to skip the Preference steps in this KB (and vice versa).
- If Chrome is not going to be used, then just skip the Chrome files completely.
- The scripting hints provided in this KB are provided as a proof-of-concept only.
- Centrify Support does not cover custom-scripting - please contact Centrify Professional Services for further assistance with scripts.
- Since 10.13, the method no longer apply to Safari. This is a change in Apple that Safari will no longer look at the plist file for its preference.
- Configuring Safari (Go straight to Step 2. if only Chrome will be used)
- On a "template" Mac, open Safari and set the homepage and bookmarks to the desired configuration.
- Close down Safari and copy out the following two files to the Mac desktop:
- Tip: A fast way to do this is with Terminal commands:
- cp ~/Library/Safari/Bookmarks.plist ~/Desktop/
- Use a plist editor program (such as Pref Setter) and open up the com.apple.Safari.plist on the desktop.
- Remove all non-essential keys (make sure to keep the the HomePage key) and save the plist.
- Note: Although most simple boolean and integer key entries could also be kept and managed, it is recommended to remove any keys that use unique identifiers, dates and timings to ensure reliable compatibility of this plist between different versions of Safari. Attempting to import the whole Safari plist could result in unexpected side-effects for Safari users.
- The following exported plist has been attached to this KB as an example:
- Copy both plist files over to the AD server and save them to location (Create the plist folder if it does not already exist):
\\ [domain] \SYSVOL\ [domain] \plist\
- Configuring Chrome (Go straight to Step 3. if Chrome will not be used)
- Similar to Safari, open Chrome on a "template" Mac and set the homepage and bookmarks to the desired configuration.
- Close down Chrome and copy out the following two files to the Mac desktop:
- ~/Library/Application Support/Google/Chrome/Default/Preferences
- ~/Library/Application Support/Google/Chrome/Default/Bookmarks
- Note: The versions of Chrome being managed MUST match the version of Chrome on the template Mac that the Preference file comes from.
- Copying over the Preference files from different versions of Chrome may have unexpected side effects for the Chrome user.
- Create the folder on the AD server and copy both files into the location:
\\ [domain] \SYSVOL\ [domain] \Chrome\
- Setting up the login script
- Save the attached login script onto AD server into the location:
\\ [domain] \SYSVOL\ [domain] \scripts\
- Configure the group policies as shown:
- User Configuration / Centrify Settings / Mac OS X Settings / Import Settings / "Import plist files"
- User Configuration / Centrify Settings / Mac OS X Settings / Scripts / "Specify login script"
- Computer Configuration / Centrify Settings / Common UNIX Settings / "Copy files"
- For all three files, make sure to set the destination as: /tmp/
- Once all GPs are set up, open the Terminal on the Mac and run the command:
- Logout and log as an AD user to test both Safari and Chrome.
- Remember that AD users logging into the Mac for the first time may only see the settings be applied after their second login.
- If any of the settings are not working correctly, try adjusting and recreating the preferences/bookmarks files from the template Mac.