- Change permissions of the `plist` file to restrict editing, using `chmod` and possibly `chown` to set the owner to root or another administrator account, ensuring it can't be easily modified by unauthorized users.
2. Before deploying the script across the organization, test it on a local macOS machine to ensure it behaves as expected. Pay attention to directory paths, permissions, and the successful application of `plist` settings.
3. Ensure that you have the capability to execute scripts remotely on macOS devices. This might involve setting up SSH access or using a remote support tool that supports macOS.
4.  Use a method of remote script execution that fits your organization's infrastructure. Options include:
    - SSH: If SSH is enabled on the target machines, you can use it to execute the script remotely. This method requires knowledge of the device's IP address and appropriate credentials.
    - Remote support tool: For organizations using a remote support tool, you can add the script to a task and execute it across all selected machines.
5. Ensure the script is running as expected on all targeted devices. You may have to check log files or implement logging within the script itself to report its success or failure.

{{< /tab >}}
{{< /tabs >}}

## registry.json method (All)

The following instructions explain how to create and deploy a `registry.json` file to a single device. There are many ways to deploy the `registry.json` file. You can follow the example deployments outlined in the `.plist` file section. The method you choose is dependent on your organization's infrastructure, security policies, and the administrative rights of the end-users.

### Option 1: Create a registry.json file to enforce sign-in

1. Ensure the user is a member of your organization in Docker. For more
details, see [Manage members](/admin/organization/members/).
2. Create the `registry.json` file.

    Based on the user's operating system, create a file named `registry.json` at the following location and make sure the file can't be edited by the user.

    | Platform | Location |
    | --- | --- |
    | Windows | `/ProgramData/DockerDesktop/registry.json` |
    | Mac | `/Library/Application Support/com.docker.docker/registry.json` |
    | Linux | `/usr/share/docker-desktop/registry/registry.json` |

3. Specify your organization in the `registry.json` file.

    Open the `registry.json` file in a text editor and add the following contents, where `myorg` is replaced with your organization’s name. The file contents are case-sensitive and you must use lowercase letters for your organization's name.


    ```json
    {
    "allowedOrgs": ["myorg1", "myorg2"]
    }
    ```
   > [!IMPORTANT]
   >
   > As of Docker Desktop version 4.36 and later, you can add more than one organization. With Docker Desktop version 4.35 and earlier, if you add more than one organization sign-in enforcement silently fails.

4. Verify that sign-in is enforced.

    To activate the `registry.json` file, restart Docker Desktop on the user’s machine. When Docker Desktop starts, verify that the **Sign in
    required!** prompt appears.

    In some cases, a system reboot may be necessary for the enforcement to take effect.

    > [!TIP]
    >
    > If your users have issues starting Docker Desktop after you enforce sign-in, they may need to update to the latest version.

### Option 2: Create a registry.json file when installing Docker Desktop

To create a `registry.json` file when installing Docker Desktop, use the following instructions based on your user's operating system.

{{< tabs >}}
{{< tab name="Windows" >}}

To automatically create a `registry.json` file when installing Docker Desktop,
download `Docker Desktop Installer.exe` and run one of the following commands
from the directory containing `Docker Desktop Installer.exe`. Replace `myorg`
with your organization's name. You must use lowercase letters for your
organization's name.

If you're using PowerShell:

```powershell