Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3219: How to disable Spotlight via Group Policy on Mac OS X

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:30 AM

Applies to: Centrify DirectControl for Mac OS X

Question:

Each time a new AD user logs into a Mac, the Spotlight feature searches through their home folder and stores the index locally on the machine. 

For users who have been configured with network home folders, this may cause excessive network activity and performance degradation - especially if their home folders are large in size.

Is there a way to disable the Spotlight function in OS X via Group Policy?


Answer:

Option 1: To disable Spotlight on all volumes on the Mac systems:
  1. Enable the following Group Policy:
    • User Configuration / Centrify Settings / Common UNIX Settings / "Specify commands to run"
  2. Add the following command to this GP:
    • mdutil -a -i off
  3. The next time the user logs in (or at the next GP refresh interval), Spotlight will be disabled on the Mac.

Option 2: To disable Spotlight on just the user's home folders:
  1. Create a login script with the following lines:
    • #!/bin/sh
    • mdutil -i off ~/
       
    • (Or just use the one attached at the end of this KB)
  2. Save the script to the following folder on the AD server:
    • \\ [domain] \SYSVOL\ [domain] \scripts\
  3. Set up the Login Script GP at: 
    • User Configuration / Centrify Settings / Mac OS X Settings / Scripts / "Specify multiple login scripts"
       
    • Enter the filename of the script only: disable_user_spotlight.sh (If using the attached example)
    • The "Parameters" field can be left blank.
  • Note: Do NOT use the "Specify login script" GP for this script as it needs to be run within the user context.
  • The setting will take effect the next time the user logs out and logs back in.


For further detail on the mdutil command used in this KB, see the following Apple documentation:
Attachments:

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.