Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3487: How to enforce a custom Mac Dock via Group Policy

Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:11 AM

Applies to: All versions of Centrify DirectControl on Mac OS X

Question:

Is there a way to force users to only see specified apps in the Mac Dock when they log in?


Answer:

This can be applied via the group policies in the following folder:
  • User Configuration / Centrify Settings / Mac OS X Settings / Dock Settings / ...
    • "Merge with user's Dock"
      • Set this to Disabled
    • "Place Applications in Dock"
      • Set this to Enabled
      • Add the desired applications via their full path and spaces intact, for example:
        • /Applications/Mail.app
        • /Applications/DVD Player.app
        • /Applications/Utilities/System Information.app
With the above configuration, only the specified apps will be shown in the Dock when the user logs in.

Users will still be able to drag their own applications into the Dock while they are logged in, but the user-added icons will be removed upon logout and the Dock will be reset back to GP-configured conditions.

To stop user's from adding their own icons altogether, configure the following GP:
  • "Lock the Dock"
    • Set this to Enabled


To allow users to add and retain their own Dock icons in addition to the GP-specified icons, the following sequence needs to be followed:
  1. User logs in with "Merge with user's Dock" still set to Disabled
  2. Mac builds the initial Dock with only the GP-specified apps
  3. After the user profile has been built and the initial Dock set up, user logs out.
  4. "Merge with user's Dock" can now be set to Enabled (or back to Not Configured).
  5. User can now log in and add their own icons without them being cleared on logout.

Note: 
  • If a new user logs into the Mac while "Merge with user's Dock" is Enabled or Not Configured, then the Mac will build the full default Mac Dock for that user in addition to the GP-specified apps.
    • To initialise that user's Dock to GP-specified apps only again - Set "Merge with user's Dock" to Disabled again and have the user logout and log back in. 
  • Be aware that any other users logging in while "Merge with user's Dock" is Disabled will also have their Docks reset back to GP-specified apps only.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-3925: How to add Centrify parameter to a group policy articleKB-2503: How to place an URL in the Mac Dock via GP. articleKB-5765: How to block OS X updates via Group Policy articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-3131: How to set a screensaver on Mac OS X via Group Policy articleKB-2756: How to set a Mac Desktop Background via Group Policy articleKB-3278: How to disable the Shared sidebar in Finder via Group Policy on Mac OS X articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-3217: How to disable Airdrop via Group Policy on Mac OS X