Wondering what people's preferences are on Configuration Profiles. I am looking at either creating a profile per payload such as a profile just for wireless settings, but I also thought about doing it all in one. What is the common preference on this one? I'd thing the first option would allow me to be more granular, but not sure. Thanks in advance!
Answer
Configuration Profile per payload
+6Best answer by Joel_Peasley
I would recommend using a granular approach and have as few as possible, normally one payload per Configuration Profile. That way if you have to remove or modify a screen saver setting it doesn't affect your Configuration Profile that has your VPN settings in it.
+23I would recommend using a granular approach and have as few as possible, normally one payload per Configuration Profile. That way if you have to remove or modify a screen saver setting it doesn't affect your Configuration Profile that has your VPN settings in it.
+24Creating a profile for each payload will allow you to scope them properly. If they are all grouped, you will likely end up duplicating the settings in multiple giant profiles.
+10I moved away from using smart groups for applying my profiles. I now have a static groups for each of my profile configurations.
+36What if you package an 802.1x profile and push it to a Mac, and the first user who logs in gets prompted to select the certificate...is there a way to prevent users from getting this prompt?
TIA
Don
+24While I usually do 1 profile for 1 payload, wifi profiles are an exception for me. I also add the certificates needed for wireless, then add them to the trust portion of the network payload. This should stop the prompt.
+16I went through this same issue last fall and after some troubleshooting issues, and a call to Casper support, the suggestion from Casper is to push each payload as it's own profile. That way, when you experience an issue with a payload, it's easier to troubleshoot where things may be going wrong.
+13Don, I've seen that problem - and actually seen the prompt disappear within a few seconds (user couldn't even finish typing his username). Have you tried letting it sit for a bit?
+36@JPDyson As it turns out the Configuration Profile was never supposed to be released to users. So I was able to package the certs for distribution, including forcing the root cert to be trusted for all users.
The trick now is removing the Configuration Profile from the Macs that have it, the usual scripted method seems broken:
**$** sudo profiles -R -F /private/tmp/FancySchmancyProfile.mobileconfig
profiles uninstall for file:'FancySchmancyProfile.mobileconfig' and user:'(null)' returned -205 (Unable to locate configuration profile.)
**$**Don
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.