Hey, I used the App configurations policy to apply a custom app configuration profile to the Safari browser, where a key was created to delete browser history older than 7 days automatically. The policy association was successful, and the key was created, but history beyond the last 7 days has not been deleted.
17 Views
Replies (5)
Marked SolutionPending Review
Participant
1 day ago
Jan 14, 2026
Marked SolutionPending Review
@wilma Have you tried applying the configuration profile through the Deploy Custom Configuration policy? It might work that way.
Marked SolutionPending Review
Participant
1 day ago
Jan 14, 2026
Marked SolutionPending Review
@harold Tried that but still no effect. The key is getting created with the configured value, but the history remains as is.
Marked SolutionPending Review
Hexnode Expert
22 hours ago
Jan 14, 2026
Marked SolutionPending Review
Hello @wilma and @harold , As the app configuration profile is applied to Safari, the Remove History Items option under the Safari Browser Settings updates to the value given in the key created under the profile. This indicates that the setting is applied via the UEM and would appear greyed out. However, it does not trigger immediate deletion of history older than the specified time in the key.
As a workaround, please utilize the Script policy under Configurations to delete the browser history older than the specified number of days that match the key value in your profile. Configure the policy to deploy the below provided script periodically to delete Safari browser history and cache.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
#!/bin/bash # --- CONFIGURATION --- # Match this to your XML Profile setting (e.g., 7 days) DAYS_TO_KEEP=7 # --------------------- # 1. Detect currently logged-in user # MDM scripts run as root, so $HOME usually points to /var/root. # We must detect the actual console user to find the correct Library folder. loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' ) if [ -z "$loggedInUser" ] || [ "$loggedInUser" == "root" ]; then echo "No active user session found. Exiting." exit 0 fi echo "Running maintenance for user: $loggedInUser" # 2. Define Paths based on the detected user USER_HOME="/Users/$loggedInUser" HISTORY_DB="$USER_HOME/Library/Safari/History.db" BACKUP_DB="$USER_HOME/Library/Safari/History.db.bak" CACHE_DIR="$USER_HOME/Library/Caches/com.apple.Safari" # 3. Force Close Safari # Essential to prevent database corruption or the browser overwriting our changes from memory. echo "Closing Safari..." pkill -x Safari sleep 2 # --- PART A: HISTORY DATABASE CLEANUP --- if [ -f "$HISTORY_DB" ]; then echo "Processing History Database..." # 4. Create a Backup (Restored from Apu's logic) cp "$HISTORY_DB" "$BACKUP_DB" # Ensure the user owns the backup, not root chown "$loggedInUser":staff "$BACKUP_DB" echo "Backup created at: $BACKUP_DB" # 5. Calculate Timestamps # macOS Core Data timestamp = Seconds since Jan 1, 2001 (UTC) # Unix timestamp = Seconds since Jan 1, 1970 (UTC) # Difference = 978307200 seconds CURRENT_UNIX_TIME=$(date +%s) CORE_DATA_OFFSET=978307200 SECONDS_TO_KEEP=$((DAYS_TO_KEEP * 86400)) CUTOFF_TIME=$((CURRENT_UNIX_TIME - SECONDS_TO_KEEP - CORE_DATA_OFFSET)) echo "Deleting history entries older than $DAYS_TO_KEEP days." # 6. Modify the Database # Delete visits older than the cutoff sqlite3 "$HISTORY_DB" "DELETE FROM history_visits WHERE visit_time < $CUTOFF_TIME;" # Vacuum to reclaim disk space (prevents DB fragmentation) sqlite3 "$HISTORY_DB" "VACUUM;" # 7. Restore Permissions # Critical: Since this script runs as root, modifying the file might change ownership to root. # We must give it back to the user, or Safari will crash/be unable to save new history. chown "$loggedInUser":staff "$HISTORY_DB" echo "History database cleaned." else echo "History database not found at $HISTORY_DB. User may not have launched Safari yet." fi # --- PART B: CACHE CLEANUP (Restored from Apu's logic) --- if [ -d "$CACHE_DIR" ]; then echo "Clearing Cache files older than $DAYS_TO_KEEP days..." # Find files in Cache directory modified more than X days ago and delete them find "$CACHE_DIR" -type f -mtime +$DAYS_TO_KEEP -delete echo "Old cache files removed." else echo "Cache directory not found at $CACHE_DIR." fi echo "Maintenance complete." exit 0 |
Please note that the script will forcefully close Safari, so make sure to deploy the script outside the active hours of the device. Closing Safari is necessary to successfully delete history.
Regards,
Elle Reed,
Hexnode UEM
Marked SolutionPending Review
Participant
19 hours ago
Jan 14, 2026
Marked SolutionPending Review
@elle_reed I just finished the deleting Safari history older than 7 days, like I intended. It was quite easy to setup the Script policy too.
Marked SolutionPending Review
Participant
16 hours ago
Jan 14, 2026
Marked SolutionPending Review
@wilma I think the script will be better for more granular control, rather than applying a configuration profile.
Save
