Automating Safari Configuration on macOS#

Automating Safari configuration on macOS is essential for system administrators, IT departments, and developers who need to deploy standardized browser settings across multiple systems. This guide provides comprehensive scripts and techniques for managing Safari preferences programmatically.

Table of Contents#

Why Automate Safari Configuration?#

Common Use Cases#

Enterprise Deployment: Setting up standardized homepage and security settings across corporate devices
Development Environment: Configuring Safari for testing and development workflows
Kiosk Mode: Setting up dedicated browsing stations with specific configurations
System Administration: Managing browser settings remotely or in bulk
User Onboarding: Automating browser setup for new employees

Benefits of Automation#

Consistency: Ensure identical configurations across all systems
Efficiency: Reduce manual configuration time
Compliance: Meet corporate security and policy requirements
Scalability: Apply changes to hundreds of systems simultaneously

Basic Safari Configuration Script#

Shell Script Approach#

Here’s a comprehensive shell script for automating Safari configuration:

1
#!/bin/bash
2

3
# Quit Safari to ensure changes take effect
4
osascript -e 'tell application "Safari" to quit'
5
sleep 2
6

7
# Set homepage and window behavior using defaults
8
defaults write com.apple.Safari HomePage -string "https://infopercept.com"
9
defaults write com.apple.Safari NewWindowBehavior -int 0
10
defaults write com.apple.Safari NewTabBehavior -int 0
11

12
# Force preferences to reload
13
killall cfprefsd
14

15
# Reopen Safari
16
sleep 2
17
open -a Safari
18
sleep 3
19

20
# Use AppleScript to configure homepage in Safari Preferences
21
osascript <<EOF
22
tell application "System Events"
23
    tell process "Safari"
24
        delay 2
25
        keystroke "," using command down -- Open Preferences
26
        delay 2
27
        -- Navigate to Homepage field
28
        keystroke tab
29
        keystroke tab
30
        keystroke tab
31
        keystroke tab
32
        delay 1
33
        -- Select existing text and replace with homepage URL
34
        keystroke "a" using command down
35
        delay 0.5
36
        keystroke "https://infopercept.com"
37
        delay 0.5
38
        keystroke return
39
        -- Close Preferences
40
        keystroke "w" using command down
41
    end tell
42
end tell
43
EOF
44

45
echo "✅ Safari homepage successfully set to https://infopercept.com"

AppleScript-Only Approach#

For a cleaner AppleScript-only implementation:

1
#!/usr/bin/osascript
2

3
-- Quit Safari to ensure preferences apply
4
tell application "Safari" to quit
5
delay 2
6

7
-- Set homepage and open behavior using shell commands
8
do shell script "defaults write com.apple.Safari HomePage -string 'https://infopercept.com'"
9
do shell script "defaults write com.apple.Safari NewWindowBehavior -int 0"
10
do shell script "defaults write com.apple.Safari NewTabBehavior -int 0"
11
do shell script "killall cfprefsd"
12

13
-- Open Safari
14
delay 2
15
tell application "Safari" to activate
16

17
return "Safari homepage successfully set to https://infopercept.com"

Advanced Configuration Options#

Comprehensive Safari Settings#

1
#!/bin/bash
2

3
# Safari Configuration Script
4
# Configures multiple Safari preferences for enterprise deployment
5

6
HOMEPAGE_URL="https://your-company.com"
7
COMPANY_NAME="Your Company"
8

9
echo "🔧 Configuring Safari for $COMPANY_NAME..."
10

11
# Quit Safari
12
osascript -e 'tell application "Safari" to quit' 2>/dev/null
13
sleep 3
14

15
# Homepage and New Window/Tab Behavior
16
defaults write com.apple.Safari HomePage -string "$HOMEPAGE_URL"
17
defaults write com.apple.Safari NewWindowBehavior -int 0  # Homepage
18
defaults write com.apple.Safari NewTabBehavior -int 0     # Homepage
19

20
# Security Settings
21
defaults write com.apple.Safari AutoOpenSafeDownloads -bool false
22
defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool false
23
defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabledForLocalFiles -bool false
24

25
# Privacy Settings
26
defaults write com.apple.Safari SendDoNotTrackHTTPHeader -bool true
27
defaults write com.apple.Safari WebKitStorageBlockingPolicy -int 1
28
defaults write com.apple.Safari BlockStoragePolicy -int 1
29

30
# Developer Settings (Optional)
31
defaults write com.apple.Safari IncludeDevelopMenu -bool true
32
defaults write com.apple.Safari WebKitDeveloperExtrasEnabledPreferenceKey -bool true
33
defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2DeveloperExtrasEnabled -bool true
34

35
# Search Engine Settings
36
defaults write com.apple.Safari SearchProviderIdentifier -string "com.google.www"
37

38
# Appearance Settings
39
defaults write com.apple.Safari ShowFavoritesBar -bool true
40
defaults write com.apple.Safari ShowSidebar -bool false
41

42
# Tab Settings
43
defaults write com.apple.Safari TabCreationPolicy -int 1
44
defaults write com.apple.Safari OpenNewTabsInFront -bool false
45

46
# Download Settings
47
defaults write com.apple.Safari DownloadsClearingPolicy -int 1
48

49
# Force preferences daemon to reload
50
killall cfprefsd
51

52
echo "✅ Safari configuration completed for $COMPANY_NAME"
53

54
# Optionally restart Safari
55
read -p "Would you like to restart Safari now? (y/n): " -n 1 -r
56
echo
57
if [[ $REPLY =~ ^[Yy]$ ]]; then
58
    open -a Safari
59
    echo "🚀 Safari restarted with new configuration"
60
fi

Security-Focused Configuration#

1
#!/bin/bash
2

3
# High-Security Safari Configuration
4
# Suitable for corporate environments with strict security requirements
5

6
echo "🔒 Applying high-security Safari configuration..."
7

8
# Quit Safari
9
osascript -e 'tell application "Safari" to quit' 2>/dev/null
10
sleep 2
11

12
# Security Settings
13
defaults write com.apple.Safari AutoOpenSafeDownloads -bool false
14
defaults write com.apple.Safari AutoFillFromAddressBook -bool false
15
defaults write com.apple.Safari AutoFillPasswords -bool false
16
defaults write com.apple.Safari AutoFillCreditCardData -bool false
17
defaults write com.apple.Safari AutoFillMiscellaneousForms -bool false
18

19
# Disable plugins and Java
20
defaults write com.apple.Safari WebKitPluginsEnabled -bool false
21
defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2PluginsEnabled -bool false
22
defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabled -bool false
23
defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaEnabledForLocalFiles -bool false
24

25
# Enable Do Not Track
26
defaults write com.apple.Safari SendDoNotTrackHTTPHeader -bool true
27

28
# Block pop-ups
29
defaults write com.apple.Safari WebKitJavaScriptCanOpenWindowsAutomatically -bool false
30
defaults write com.apple.Safari com.apple.Safari.ContentPageGroupIdentifier.WebKit2JavaScriptCanOpenWindowsAutomatically -bool false
31

32
# Prevent cross-site tracking
33
defaults write com.apple.Safari WebKitStorageBlockingPolicy -int 1
34
defaults write com.apple.Safari BlockStoragePolicy -int 1
35

36
# Disable location services
37
defaults write com.apple.Safari SafariGeolocationPermissionPolicy -int 0
38

39
# Clear downloads list when Safari quits
40
defaults write com.apple.Safari DownloadsClearingPolicy -int 1
41

42
# Force HTTPS where possible (if available)
43
defaults write com.apple.Safari ForceHTTPS -bool true
44

45
killall cfprefsd
46

47
echo "✅ High-security Safari configuration applied"

Enterprise Deployment Strategies#

Mass Deployment Script#

1
#!/bin/bash
2

3
# Enterprise Safari Deployment Script
4
# Supports multiple users and system-wide configuration
5

6
SCRIPT_NAME="Safari Enterprise Configuration"
7
LOG_FILE="/var/log/safari_config.log"
8
CONFIG_VERSION="1.0"
9

10
# Logging function
11
log_message() {
12
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
13
}
14

15
# Check if running as admin
16
check_admin() {
17
    if [[ $EUID -ne 0 ]]; then
18
        echo "This script must be run as administrator (sudo)"
19
        exit 1
20
    fi
21
}
22

23
# Configure Safari for specific user
24
configure_user_safari() {
25
    local username=$1
26
    local user_home="/Users/$username"
27

28
    if [[ ! -d "$user_home" ]]; then
29
        log_message "ERROR: User home directory not found for $username"
30
        return 1
31
    fi
32

33
    log_message "Configuring Safari for user: $username"
34

35
    # Run configuration as the specific user
36
    sudo -u "$username" defaults write com.apple.Safari HomePage -string "https://company-portal.com"
37
    sudo -u "$username" defaults write com.apple.Safari NewWindowBehavior -int 0
38
    sudo -u "$username" defaults write com.apple.Safari NewTabBehavior -int 0
39
    sudo -u "$username" defaults write com.apple.Safari AutoOpenSafeDownloads -bool false
40
    sudo -u "$username" defaults write com.apple.Safari SendDoNotTrackHTTPHeader -bool true
41

42
    log_message "Safari configuration completed for user: $username"
43
}
44

45
# Main execution
46
main() {
47
    log_message "Starting $SCRIPT_NAME v$CONFIG_VERSION"
48

49
    check_admin
50

51
    # Get all user accounts (excluding system accounts)
52
    users=$(dscl . list /Users | grep -v "^_" | grep -v "daemon\|nobody\|root")
53

54
    for user in $users; do
55
        # Skip if user UID is less than 500 (system accounts)
56
        user_id=$(id -u "$user" 2>/dev/null)
57
        if [[ $user_id -ge 500 ]] 2>/dev/null; then
58
            configure_user_safari "$user"
59
        fi
60
    done
61

62
    # System-wide configuration using Configuration Profiles (if needed)
63
    create_configuration_profile
64

65
    log_message "$SCRIPT_NAME completed successfully"
66
}
67

68
# Create Configuration Profile for MDM deployment
69
create_configuration_profile() {
70
    local profile_path="/tmp/safari_config.mobileconfig"
71

72
    cat > "$profile_path" << EOF
73
<?xml version="1.0" encoding="UTF-8"?>
74
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
75
<plist version="1.0">
76
<dict>
77
    <key>PayloadContent</key>
78
    <array>
79
        <dict>
80
            <key>PayloadDisplayName</key>
81
            <string>Safari Settings</string>
82
            <key>PayloadIdentifier</key>
83
            <string>com.company.safari.settings</string>
84
            <key>PayloadType</key>
85
            <string>com.apple.Safari</string>
86
            <key>PayloadUUID</key>
87
            <string>$(uuidgen)</string>
88
            <key>PayloadVersion</key>
89
            <integer>1</integer>
90
            <key>HomePage</key>
91
            <string>https://company-portal.com</string>
92
            <key>NewWindowBehavior</key>
93
            <integer>0</integer>
94
            <key>NewTabBehavior</key>
95
            <integer>0</integer>
96
            <key>AutoOpenSafeDownloads</key>
97
            <false/>
98
            <key>SendDoNotTrackHTTPHeader</key>
99
            <true/>
100
        </dict>
101
    </array>
102
    <key>PayloadDisplayName</key>
103
    <string>Safari Configuration</string>
104
    <key>PayloadIdentifier</key>
105
    <string>com.company.safari</string>
106
    <key>PayloadType</key>
107
    <string>Configuration</string>
108
    <key>PayloadUUID</key>
109
    <string>$(uuidgen)</string>
110
    <key>PayloadVersion</key>
111
    <integer>1</integer>
112
</dict>
113
</plist>
114
EOF
115

116
    log_message "Configuration profile created at: $profile_path"
117
}
118

119
# Run main function
120
main "$@"

Remote Deployment via SSH#

1
#!/bin/bash
2

3
# Remote Safari Configuration Deployment
4
# Deploy Safari settings to multiple macOS systems via SSH
5

6
TARGETS_FILE="macos_targets.txt"
7
CONFIG_SCRIPT="safari_config.sh"
8
SSH_USER="admin"
9
SSH_KEY="~/.ssh/id_rsa"
10

11
# Read target systems from file
12
if [[ ! -f "$TARGETS_FILE" ]]; then
13
    echo "Error: Target systems file '$TARGETS_FILE' not found"
14
    echo "Create a file with one hostname/IP per line"
15
    exit 1
16
fi
17

18
# Deploy to each target
19
while IFS= read -r target; do
20
    [[ -z "$target" ]] && continue
21

22
    echo "🔄 Deploying to: $target"
23

24
    # Copy script to target system
25
    scp -i "$SSH_KEY" "$CONFIG_SCRIPT" "$SSH_USER@$target:/tmp/"
26

27
    # Execute script on target system
28
    ssh -i "$SSH_KEY" "$SSH_USER@$target" "chmod +x /tmp/$CONFIG_SCRIPT && sudo /tmp/$CONFIG_SCRIPT"
29

30
    if [[ $? -eq 0 ]]; then
31
        echo "✅ Successfully configured: $target"
32
    else
33
        echo "❌ Failed to configure: $target"
34
    fi
35

36
    # Clean up
37
    ssh -i "$SSH_KEY" "$SSH_USER@$target" "rm -f /tmp/$CONFIG_SCRIPT"
38

39
    echo "---"
40
done < "$TARGETS_FILE"
41

42
echo "🎉 Remote deployment completed"

Troubleshooting and Validation#

Validation Script#

1
#!/bin/bash
2

3
# Safari Configuration Validation Script
4
# Verifies that Safari settings have been applied correctly
5

6
echo "🔍 Validating Safari configuration..."
7

8
# Function to check a setting
9
check_setting() {
10
    local key=$1
11
    local expected=$2
12
    local domain=${3:-com.apple.Safari}
13

14
    current=$(defaults read "$domain" "$key" 2>/dev/null)
15

16
    if [[ "$current" == "$expected" ]]; then
17
        echo "✅ $key: $current (correct)"
18
        return 0
19
    else
20
        echo "❌ $key: $current (expected: $expected)"
21
        return 1
22
    fi
23
}
24

25
# Check critical settings
26
echo "Checking Safari preferences..."
27

28
check_setting "HomePage" "https://infopercept.com"
29
check_setting "NewWindowBehavior" "0"
30
check_setting "NewTabBehavior" "0"
31
check_setting "AutoOpenSafeDownloads" "0"
32
check_setting "SendDoNotTrackHTTPHeader" "1"
33

34
# Check if Safari is configured to show the homepage
35
echo ""
36
echo "🏠 Homepage configuration:"
37
homepage=$(defaults read com.apple.Safari HomePage 2>/dev/null)
38
echo "Current homepage: $homepage"
39

40
# Check Safari version
41
echo ""
42
echo "ℹ️ Safari information:"
43
safari_version=$(osascript -e 'tell application "Safari" to version' 2>/dev/null)
44
echo "Safari version: $safari_version"
45

46
# Check if configuration profiles are installed
47
echo ""
48
echo "📋 Configuration profiles:"
49
profiles -P 2>/dev/null | grep -i safari || echo "No Safari configuration profiles found"
50

51
echo ""
52
echo "🎯 Validation completed"

Common Issues and Solutions#

Issue: Settings Don’t Persist#

1
# Force preferences to reload and persist
2
killall cfprefsd
3
defaults synchronize

Issue: AppleScript UI Automation Fails#

1
# Enable accessibility permissions for Terminal/script
2
# Check System Preferences > Security & Privacy > Privacy > Accessibility

1
# Use Configuration Profiles for persistent settings
2
sudo profiles install -path safari_config.mobileconfig

Debugging Script#

1
#!/bin/bash
2

3
# Safari Configuration Debug Script
4
# Helps diagnose configuration issues
5

6
echo "🔧 Safari Configuration Debug Information"
7
echo "========================================"
8

9
# Check Safari installation
10
if [[ -d "/Applications/Safari.app" ]]; then
11
    echo "✅ Safari is installed"
12
    safari_version=$(defaults read /Applications/Safari.app/Contents/Info.plist CFBundleShortVersionString)
13
    echo "   Version: $safari_version"
14
else
15
    echo "❌ Safari is not installed"
16
    exit 1
17
fi
18

19
# Check current user
20
echo ""
21
echo "👤 Current user: $(whoami)"
22
echo "   User ID: $(id -u)"
23

24
# Check Safari preferences
25
echo ""
26
echo "⚙️ Current Safari preferences:"
27
defaults read com.apple.Safari 2>/dev/null | head -20
28

29
# Check running processes
30
echo ""
31
echo "🔄 Safari-related processes:"
32
ps aux | grep -i safari | grep -v grep
33

34
# Check system integrity
35
echo ""
36
echo "🛡️ System integrity:"
37
if command -v csrutil &> /dev/null; then
38
    csrutil status
39
else
40
    echo "System Integrity Protection status unknown"
41
fi
42

43
# Check accessibility permissions
44
echo ""
45
echo "♿ Accessibility permissions:"
46
sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" \
47
    "SELECT client, auth_value FROM access WHERE service='kTCCServiceAccessibility';" 2>/dev/null || \
48
    echo "Cannot check accessibility permissions (may require admin privileges)"
49

50
echo ""
51
echo "🎯 Debug information collection completed"

Best Practices#

Security Considerations#

Validate Scripts: Always test scripts in a controlled environment before deployment
User Permissions: Run with appropriate privileges (avoid unnecessary root access)
Input Validation: Validate all user inputs and file paths
Secure Distribution: Use secure channels for script distribution
Audit Logging: Maintain logs of configuration changes

Error Handling#

1
#!/bin/bash
2

3
# Robust Safari Configuration with Error Handling
4

5
set -euo pipefail  # Exit on error, undefined vars, pipe failures
6

7
LOGFILE="/var/log/safari_config.log"
8
HOMEPAGE_URL="https://company.com"
9

10
# Logging function
11
log() {
12
    echo "$(date '+%Y-%m-%d %H:%M:%S'): $*" | tee -a "$LOGFILE"
13
}
14

15
# Error handler
16
error_exit() {
17
    log "ERROR: $1"
18
    exit 1
19
}
20

21
# Validation function
22
validate_url() {
23
    local url=$1
24
    if [[ ! "$url" =~ ^https?:// ]]; then
25
        error_exit "Invalid URL format: $url"
26
    fi
27
}
28

29
# Main configuration function
30
configure_safari() {
31
    log "Starting Safari configuration"
32

33
    validate_url "$HOMEPAGE_URL"
34

35
    # Quit Safari with error handling
36
    if ! osascript -e 'tell application "Safari" to quit' 2>/dev/null; then
37
        log "Safari was not running or failed to quit"
38
    fi
39

40
    sleep 2
41

42
    # Apply settings with error checking
43
    if ! defaults write com.apple.Safari HomePage -string "$HOMEPAGE_URL"; then
44
        error_exit "Failed to set homepage"
45
    fi
46

47
    if ! defaults write com.apple.Safari NewWindowBehavior -int 0; then
48
        error_exit "Failed to set new window behavior"
49
    fi
50

51
    # Force preferences reload
52
    killall cfprefsd || log "Warning: Failed to reload preferences daemon"
53

54
    log "Safari configuration completed successfully"
55
}
56

57
# Run main function
58
configure_safari

Testing Framework#

1
#!/bin/bash
2

3
# Safari Configuration Test Suite
4

5
TEST_RESULTS=()
6

7
# Test function
8
run_test() {
9
    local test_name=$1
10
    local test_command=$2
11

12
    echo "Running test: $test_name"
13

14
    if eval "$test_command"; then
15
        echo "✅ PASS: $test_name"
16
        TEST_RESULTS+=("PASS: $test_name")
17
    else
18
        echo "❌ FAIL: $test_name"
19
        TEST_RESULTS+=("FAIL: $test_name")
20
    fi
21
}
22

23
# Test suite
24
echo "🧪 Safari Configuration Test Suite"
25
echo "================================="
26

27
run_test "Safari Installation" "[[ -d '/Applications/Safari.app' ]]"
28
run_test "Homepage Setting" "[[ \$(defaults read com.apple.Safari HomePage 2>/dev/null) == 'https://company.com' ]]"
29
run_test "New Window Behavior" "[[ \$(defaults read com.apple.Safari NewWindowBehavior 2>/dev/null) == '0' ]]"
30
run_test "Security Settings" "[[ \$(defaults read com.apple.Safari AutoOpenSafeDownloads 2>/dev/null) == '0' ]]"
31

32
# Results summary
33
echo ""
34
echo "📊 Test Results Summary:"
35
echo "======================="
36
for result in "${TEST_RESULTS[@]}"; do
37
    echo "$result"
38
done
39

40
# Count results
41
pass_count=$(printf '%s\n' "${TEST_RESULTS[@]}" | grep -c "PASS" || true)
42
fail_count=$(printf '%s\n' "${TEST_RESULTS[@]}" | grep -c "FAIL" || true)
43

44
echo ""
45
echo "Passed: $pass_count"
46
echo "Failed: $fail_count"
47

48
if [[ $fail_count -eq 0 ]]; then
49
    echo "🎉 All tests passed!"
50
    exit 0
51
else
52
    echo "⚠️ Some tests failed"
53
    exit 1
54
fi

Conclusion#

Automating Safari configuration on macOS provides significant benefits for system administrators and IT departments. By using the scripts and techniques outlined in this guide, you can:

Standardize browser settings across multiple systems
Improve security posture with consistent configuration
Reduce manual effort in deployment and maintenance
Ensure compliance with corporate policies

Key Takeaways#

Use defaults command for persistent preference settings
Combine shell scripts and AppleScript for comprehensive automation
Implement proper error handling and validation
Test thoroughly before enterprise deployment
Document configurations for maintenance and troubleshooting

Whether you’re managing a small team or deploying across hundreds of systems, these automation techniques will help you maintain consistent, secure Safari configurations efficiently.

Remember to always test automation scripts in a controlled environment before deploying to production systems.