Mac Logon Hook per user????

Posted on 2012-09-13
Last Modified: 2012-09-17
I have a mobile lab of MacBook Pro's running OS X 10.7.4 that are being used in a K-8 school.  They are running the Golden Triangle (AD accounts with OD for MDX).  For their Junior High each student has their own AD account and we are using Network home folders so they can use any of the Mac's and still access their stuff.  Seems to be working well.  The lower grades are using class logons so the entire class logons with the same account.  These are also AD accounts with Network Home Folders.  We are running in to issues with applications not opening.  Specifically Safari and Google Chrome so far.  The application will bounce but then doesn't open.  I tracked the issue down to plist files in ~/Library/Application Support/...  If I delete them then it works but after a bit they become corrupt again and won't open.  My thought is that having 20+ machines all accessing the same folder is what is corrupting the files.  So I started looking for an alternative and I created a script that will allow me to create symbolic links to redirect only parts of the home folder (Desktop, Documents, Downloads...) leaving the Library and other folders local on the Macs.  The issue is that the only way I know to get this to run is to put it in as a login hook.  Which if I do that then it will run for ALL users that logon and I don't want that.  Is there a way to have it only run for certain user accounts?  Or is there a way to create a script that does a check if a user is part of an AD group and only continues if they are?
Or is there a different solution all together?
Question by:LiberatingInsight
    LVL 28

    Accepted Solution

    Have you tried putting your hook/script/whatever into the account(s) used by the lower grades as a Login Item in Users and Groups System Preferences?  If the hook resides in AD or the AD login script, perhaps you could write it as an Apple Script and then apply it to the appropriate user(s) as a Login Item as above.

    Author Comment

    Is there a way to do that through the managed preferences from the OS X Server Workgroup Manager?  When I tried to look at the  Script option it said this could not be done on a per user basis.  Can I put a file in the Items list?
    LVL 28

    Expert Comment

    I do not know the first part as we don't use OS X server. I know that you can put an Apple Script .app file in the Login items. If the .sh is "executable" I would think the answer would be "yes".  Unless the Server can be used, it would be per Mac, which may or may not work in your environment.
    LVL 10

    Expert Comment

    In answer to your last question, why not just create a local user and a shared network folder for those files that are common to the users. Have the share mount automatically at login so that each user has access to the same files that would typically be in the desktop and documents folders. Seems like it would create a real similar situation.
    As far as your current approach, you could create a condition in your login script that would check for the username and only run when the appropriate user logs in.
    LVL 10

    Assisted Solution

    Here is a little more useful info concerning the second part of my post.
    Using a bash script called through a login hook, the following command will return the username of the one logging in.
    `eval echo $1`

    eg. CurrentUser=`eval echo $1`

    Author Closing Comment

    I created a script that just mounted the specific users shared folders as part of their profile.  However the customer ended up just having me create network accounts for the users so I never really got a chance to see how it worked in production.  Thanks for your help.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    #Citrix #Citrix Netscaler #HTTP Compression #Load Balance
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now