Change Wallpaper

What the macOS wallpaper enforcer does

This Automox Worklet™ enforces a designated desktop wallpaper across macOS endpoints. The Worklet copies a specified image file into /Library/Desktop Pictures/, identifies the active console user, and calls AppleScript to instruct Finder to set the desktop picture for that user. Because the image lives in a system-wide path, it persists across reboots and is available to any user who later signs into the endpoint.

The remediation script reads a single filename variable that defaults to Wallpaper.jpg. You upload the image as a Worklet attachment in the Automox console and set the variable to match the attachment filename, including the extension. Finder renders the image through the standard macOS graphics stack, so common formats such as JPG, PNG, HEIC, and TIFF work without conversion.

The evaluation script is a single-line exit 1, which marks every endpoint as non-compliant on every cycle. That is intentional. The Worklet behaves as a continuous enforcement policy rather than a one-time deployment, so the next scheduled run reapplies the corporate wallpaper any time a user opens System Settings and picks a personal photo.

Why enforce a managed wallpaper across the Mac fleet

The desktop wallpaper is one of the few surfaces every user sees every day. Security teams use it to display the help desk phone number, the incident reporting address, or an acceptable-use reminder. Internal data-classification programs use it as a visual marker on endpoints that handle sensitive data, alongside the technical controls that protect that data. Operations teams use it to broadcast a maintenance window or a known incident before the user files a ticket.

Each of those use cases breaks down when part of the fleet drifts to a default macOS wallpaper or a vacation photo. Apply this Worklet to a Mac branding or compliance policy so the managed image is reapplied on a recurring schedule. The corporate wallpaper stays in place across new hires, shared developer Macs, and re-imaged endpoints, without an admin opening a remote session.

How wallpaper enforcement works

1. Evaluation phase: The evaluation script exits 1 immediately, marking the endpoint as non-compliant on every cycle. This is by design. Each scheduled run hands control to remediation and reapplies the wallpaper. Schedule the policy at whatever cadence matches your tolerance for user-applied wallpaper changes, typically daily for branded fleets or weekly for lighter enforcement.

2. Remediation phase: The remediation script copies the attached image into /Library/Desktop Pictures/ with cp, identifies the active console user with scutil show State:/Users/ConsoleUser, and runs osascript under that user with sudo -u $currentUser -H to tell Finder to set the desktop picture to the POSIX path of the copied file. The script then prints "Background successfully set" and exits 0. If no console user is logged in at policy execution time, the AppleScript call has no target and remediation is rescheduled for the next interval.

macOS wallpaper enforcement requirements

• macOS workstation or Mac server enrolled in Automox with an active console user session

• Wallpaper image attached to the Worklet in the Automox console (JPG, PNG, HEIC, or TIFF)

• The filename variable in remediation.sh set to match the uploaded image name, including the extension

• Automox agent running with root privileges, which is the default agent context on macOS

• Write access to /Library/Desktop Pictures/, a directory that exists on every supported macOS version

• A console user logged in at policy execution time, because AppleScript drives Finder in that user's session

Expected desktop state after enforcement

After a successful run, the configured image lives at /Library/Desktop Pictures/<filename> and the active console session displays it as the desktop background. The remediation script prints "Background successfully set" and exits 0, which Automox surfaces as a successful activity entry. The evaluation phase continues to exit non-compliant on every cycle, so the wallpaper is reapplied at each scheduled run, which is the intended behavior for an enforcement policy.

Validate the result on a pilot endpoint by running ls -la "/Library/Desktop Pictures/<filename>" to confirm the image is in place. Then run osascript -e 'tell application "Finder" to get desktop picture' as the console user to confirm the path Finder is bound to. For change-control evidence, capture the Automox activity log entry alongside the timestamped file in /Library/Desktop Pictures/. If a user reports the wallpaper reverting after they changed it, treat that as the Worklet working as designed and confirm the next scheduled run completed within the expected interval.