Help

Custom Config Profile Payloads & Safari Plugins

JPDyson
Valued Contributor

Posted on ‎03-21-2014 07:27 AM

Sharing: http://support.apple.com/kb/HT6168

This looks supremely useful. The problem I'm running into is that the JSS doesn't actually have this level of implementation for the Custom Config Profile payload; you have to upload a formatted plist (fragment, as it were) wholesale. If you want to make edits, you have to re-upload. I could spin up an OS X Server instance and use Profile Manager to make a config profile, but it would be extra work. Do you guys think this is functionality that you would use regularly? I'm envisioning that it would resemble the old Custom MCX process from Casper 8.

And yes, I'm shamelessly trying to drum up support for my Feature Request here: https://jamfnation.jamfsoftware.com/featureRequest.html?id=2013

0 Kudos
3 REPLIES 3

golbiga
Contributor III
Contributor III

Posted on ‎03-21-2014 10:23 AM

I'm doing something like this with mcxToProfile (https://github.com/timsutton/mcxToProfile). I use it a lot to create custom configuration profiles to replace older MCX settings in my JSS. Just run mcxToProfile.py against ~/Library/Preferences/com.apple.Safari.plist (after you setup Safari to your liking) and you will get a mobileconfig file that you can edit and upload to your JSS.

You will want to edit it so it only contains the ManagedPlugInPolicies setting, this is an example (not full output) for com.oracle.java.JavaAppletPlugin. This will set the configured site to run the java applet in unsafe mode with no user prompt.

<key>mcx_preference_settings</key>
<dict>
<key>ManagedPlugInPolicies</key>
<dict>
<key>com.oracle.java.JavaAppletPlugin</key>
<dict>
<key>PlugInDisallowPromptBeforeUseDialog</key>
<true/>
<key>PlugInFirstVisitPolicy</key>
<string>PlugInPolicyAsk</string>
<key>PlugInHostnamePolicies</key>
<array>
<dict>
<key>PlugInHostname</key>
<string>Your_HostName</string>
<key>PlugInPageURL</key>
<string>https://Your_URL</string>
<key>PlugInPolicy</key>
<string>PlugInPolicyAllowWithSecurityRestrictions</string>
<key>PlugInRunUnsandboxed</key>
<true/>

Once you have the profile to your liking, just upload it to your JSS and scope it out to your clients.

Allen

0 Kudos

JPDyson
Valued Contributor

Posted on ‎03-21-2014 11:42 AM

That seems like a handy work-around; I'd much rather my JSS had the functionality that is present in Profile Manager, and not have to re-upload an entire config profile for every modification, though.

0 Kudos

pblake
Contributor III

Posted on ‎05-12-2014 11:52 AM

I'm using 9.3.1 does anyone know if there is a fix for this. I am doing the same, using mcxtoprofile, uploading, then editing. Not ideal.

0 Kudos