Help

Clear macbook desktop automatically via Jamf School?

lkc1042
New Contributor

a month ago

Hi everyone,

I'm looking for a reliable best practice for a common administrative task: automatically clearing the contents of the Desktop and Downloads folders for our standard (non-admin) student users every time they log in or log out of a MacBook.

I attempted to resolve this by deploying a shell script directly through the Jamf School "Scripts" module. However, after pushing the script to the MacBooks, it did not successfully clean the files from the target folders upon user login or logout.

Environment:

  • MDM: Jamf School
  • Device Platform: macOS (currently on macOS Sequoia 15.5)
  • Target User Accounts: Standard, non-admin users

Here is the script I used:

#!/bin/bash

target_users=("student_ac" "public_user")

current_user=$(/usr/bin/stat -f%Su /dev/console)

if [[ " ${target_users[@]} " =~ " ${current_user} " ]]; then
    find "/Users/${current_user}/Desktop" -mindepth 1 -exec mv {} "/Users/${current_user}/.Trash/" \;
    find "/Users/${current_user}/Downloads" -mindepth 1 -exec mv {} "/Users/${current_user}/.Trash/" \;
fi

exit 0

 

Has anyone successfully implemented a similar workflow?

Is there a fundamental flaw in my script's logic or syntax that would prevent it from executing correctly?

Using Jamf School's script module is the right approach for this task?

 

The Jamf School support team suggested I turn to the community for broader expertise, as this question might fall outside the scope of standard support.

 

Any advice or guidance you could offer would be greatly appreciated.

Reply
1 REPLY 1

AJPinto
Esteemed Contributor

4 weeks ago

Login Log out hooks have been deprecated and can be flaky, if you can run this once a day it would be far more stable. My recommendation is running a script that loops through all accounts to delete ~/Desktop and ~/Downloads once a day at midnight. 

 

something like this, make sure to test it as I had chatGPT create the script.

#!/bin/bash

# Define admin user to exclude
ADMIN_USER="admin"

# Get list of local user accounts (UID >= 501), excluding admin
USER_LIST=$(dscl . list /Users UniqueID | awk '$2 >= 501 {print $1}' | grep -v "^$ADMIN_USER$")

for USER in $USER_LIST; do
    USER_HOME=$(dscl . read /Users/"$USER" NFSHomeDirectory | awk '{print $2}')

    if [ -d "$USER_HOME" ]; then
        echo "[$(date)] Cleaning Desktop and Downloads for user: $USER"

        DESKTOP="$USER_HOME/Desktop"
        DOWNLOADS="$USER_HOME/Downloads"

        # Safely clear contents
        [ -d "$DESKTOP" ] && find "$DESKTOP" -mindepth 1 -exec rm -rf {} +
        [ -d "$DOWNLOADS" ] && find "$DOWNLOADS" -mindepth 1 -exec rm -rf {} +

        # Ensure proper ownership
        chown -R "$USER:staff" "$DESKTOP" "$DOWNLOADS"
    else
        echo "[$(date)] Home directory not found for user: $USER"
    fi
done

echo "[$(date)] Cleanup complete. Admin user ($ADMIN_USER) excluded."

 

Reply