Help

Creating configuration profiles: Manually? Profile Manager? Some other tool?

stevenjklein
Contributor II

Posted on ‎09-25-2019 07:07 AM

I have two requirements that Jamf thinks are in conflict. I need to:

  • "require password" after sleep or screen saver, and
  • Allow users to turn their firewall on/off.

I should be able to create a config profile that just does the "require password" bit while not touching the firewall setting, right? And then use Jamf to push that profile to our Macs?

It's been years since I've had to create config profiles from scratch. Is Apple's Profile Manager the best tool? (Requiers buying macOS Server, but that's only $20.)

Are there other apps for creating config profiles?

Is there a tutorial for creating configuration profiles manually (with a text editor, for example)?

0 Kudos
Reply
8 REPLIES 8

cpresnall
Contributor

Posted on ‎09-25-2019 07:28 AM

We've been using Profile Creator for those simple options where you don't want to lock out a whole panel for a single item.
https://github.com/ProfileCreator/ProfileCreator

0 Kudos
Reply

rhooper
Contributor III

Posted on ‎09-25-2019 10:11 AM

@cpresnall Are you using JAMF to push out the selected item(s) restrictions? If so, How?
If I Am reading this right the program can be used to limit certain aspects of System Prefs item? Example: We would like to block access to FileVault2, but cannot do that in JAMF without blocking access to Security and Privacy (S&P) as a whole. Will the program allow only the blocking of FV2 without blocking the entirety of S&P in System Preferences?

0 Kudos
Reply

stevenjklein
Contributor II

Posted on ‎09-25-2019 10:29 AM

@cpresnall : Thanks! I hadn't previously heard of ProfileCreator, but it's just what I needed.

@rhooper : I've never heard of someone trying to block access to FileVault2. We actually use a Jamf config profile to force FV2.

I'm not sure why you want to block it, but perhaps if you explain your reasoning, your fellow Jamfers might be able to offer a better suggestion.

If your concern is that users might block access to data you need, then you can enable FV, and use Jamf's "recovery key redirection" and "enable escrow" to get a copy of the key on the Jamf server.

0 Kudos
Reply

rhooper
Contributor III

Posted on ‎09-25-2019 10:31 AM

I was just using FV2 as an example.

0 Kudos
Reply

cpresnall
Contributor

Posted on ‎09-25-2019 11:22 AM

@rhooper Correct. We use it to create a much smaller profile (fewer features touched or locked) and then push out the profile through Jamf. Create your profile and save it. Go to Jamf and upload the profile. Scope as appropriate and enjoy.

Reply

sdagley
Esteemed Contributor II

Posted on ‎09-25-2019 12:00 PM

To expand on @cpresnall said, be sure to sign the profile you're saving from ProfileCreator so that Jamf Pro won't make any changes to it before deployment.

0 Kudos
Reply

rhooper
Contributor III

Posted on ‎09-25-2019 12:03 PM

Thanks. I will try it. and see if there are any issues. It sounds like a pretty cool and easy to use program.

0 Kudos
Reply

stevenjklein
Contributor II

Posted on ‎10-02-2019 06:20 AM

Thanks again to @cpresnall and @sdagley!
I created a profile using ProfileCreator, then signed it and uploaded it. Worked perfectly!

Reply