- Jamf Nation Community
- Products
- Jamf Pro
- Configuration Profiles for Dummies
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Configuration Profiles for Dummies
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2014 07:53 AM
Hey, all.
So, I'm somewhat new to Configuration Profiles. However, I've been told that MCX is going away and isn't a very good choice for pushing out Managed Settings.
I was wondering if anyone had a "For Dummies" guide on how to prepare, set up, and push Configuration Profiles?
I've been trying it out and google-ing to try to figure this out and I seem to be failing miserably. xD
Any help would be greatly appreciated.
Sincerely,
TJ
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-11-2014 09:02 AM
Hi TJ,
The Profile Manager section of the OS X Server support page has a lot of good documentation on using Configuration Profiles: https://www.apple.com/support/osxserver/profilemanager/
I also highly recommend hopping into your JSS (or even better a test jss) and try creating some profiles that have payloads that mirror what you are currently doing with MCX. Scope your test profiles to a single test machine to give 'em a whirl (you'll have to enable push certificates in the JSS to actually deploy any config profiles: https://jamfnation.jamfsoftware.com/article.html?id=111).
Apple Configurator is another place where you can play around with creating configuration profiles, however, they are going to be geared towards iOS devices instead of OS X. A lot of the configs are the same for both platforms though, so if you just want to get more comfortable with creating profiles Configurator does the trick.
Based on my experience I recommend breaking out your payloads into separate profiles so that it's easier to make changes to a single config without it potentially having it break or interrupt the payloads of your other configs (for example: wireless profile, security profile, login window profile, software update server profile, etc.) Others here may have a different opinion on that though, preferring consolidated profiles with multiple settings within.
Also, if you are used to using MCX, you can roughly translate some of your MCX settings into the "Custom Settings" area of the configuration profile.
Once you get going with config profiles it's pretty easy to make the switch.
Best of luck!
J
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2014 12:11 PM
Okay, so, here's what I've done.
- I got my Push Certificate created.
- I created a Test Config Profile with a single Payload modified.
- I set a scope for the Config Profile.
The issues I'm having:
- The Config Profile never pushes.
- Only certain devices show up for in the list of "selectable" devices for the scope.
Thoughts?
-TJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2014 12:46 PM
Just curious... Have you had your JumpStart yet or are you only evaluating Casper right now? All of this would get covered in the JumpStart. If you've purchased the product then I recommend calling JAMF Support for assistance. They're there to help with this type of setup.
A few additional things I've learned about pushing profiles when doing JumpStarts for folks:
- Sometimes the self-signed certificate gets corrupt and needs to be regenerated in the Tomcat settings. Simple to do but requires restarting Tomcat. You'll probably have to re-enroll devices, though.
- Check your ports. Your JSS needs access to Apple's APNs on ports 2195 and 2196. Your devices all need access to Apple's 17.0.0.0 network on 5223.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-12-2014 12:58 PM
95% of what I know about Casper/JSS/etc. is learned through figuring it out.
See, the problem with my role is, the original JSS was set up by 4 predecessors ago. I haven't had any 'formal' training just yet. However, I do have my CCA class next month. I like to search the community, then reach out to the community, then contact JAMF support. I don't like to waste their time if I can find it online, if that makes sense. I suppose it could be wasting other people's time when asking on the forums, but I also believe that if it's not out there right now, it could be helpful for someone later on who could be in a situation similar to my own.
That being said, I will check on the ports and see if that is causing the issue. I appreciate everyone's help.
Sincerely,
TJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-15-2014 01:23 PM
Hi @tthurman][/url, sorry for not catching your response earlier. I think @talkingmoose][/url is probably right with the ports, many environments have these ports blocked in their firewall rules and that prevents the whole push notification transaction from happening.
The reason why you only see some devices is that those are the only ones that have received the MDM enrollment profile so far. So, it will take a little bit of time for all of your config profile compatible Macs to be available in your scope. If you use smart or static groups instead of individual computers that will help catch Macs as they become MDM capable, that way you don't have to go back in and check things off as they show up in the selectable list of the profile scopes.
