With the changes to 10.9's app store lock down and the config profile not working through the JSS/APNS push, is there a way to download the config profile and then bundle it up so it gets installed via the deployment workflow?
Solved
Deploy a config profile via pkg/dmg workflow
+23Best answer by Chris
Not sure if that's what you mean, but you can download Profiles from your JSS
(download button in v9, https://your.jss.address:8443/exportOSXConfigurationProfile.html in v8),
save it to /var/tmp for example, drag it into Composer and add a postflight script with
/usr/bin/profiles -I -F /var/tmp/yourProfile.mobileconfigThen build it as a pkg and deploy it.
+13Not sure if that's what you mean, but you can download Profiles from your JSS
(download button in v9, https://your.jss.address:8443/exportOSXConfigurationProfile.html in v8),
save it to /var/tmp for example, drag it into Composer and add a postflight script with
/usr/bin/profiles -I -F /var/tmp/yourProfile.mobileconfigThen build it as a pkg and deploy it.
+23sweet! thank you!
@Chris][/url][/url, when you install a profile with user-level managed preferences with profiles -I, does it install it as a user-level profile for all users? Or do you need to specify a user?
+13@rtrouton from the Profiles man-page:
Certain configuration profiles may be marked as a device profile (system) using the PayloadScope key. However, the profiles tool will ignore the PayloadScope key and install the profile based on how the profile is installed; either a user profile if installed from a user, or a device profile if installed from root (or sudo).
So if you're deploying the profile with Casper, it'll be a device profile, since it's installed as root
@Chris][/url, Thanks! That's how I had understood it to work from the man page, but I didn't know if I was missing something.
+10@Chris With V9, i wonder if issuing the profiles -I -F command might be better as a single line command in policy rather than a post flight script, since flat packages don't support postflight scripts and the JSS v9 will want to zip the non-flat pkg.
+10With V9, i wonder if issuing the profiles -I -F command might be better as a single line command in policy rather than a post flight script, since flat packages don't support postflight scripts
They don't support postflight scripts, but do support postinstall scripts, which provide the same functionality. (The script simply must be named exactly "postinstall" and be executable)
+24^ Exactly. I build flat packages with postinstall and/or preinstall scripts in them all the time. The older bundle style packages support a few additional script types in addition to preflight and postflight that you don't get with flat packages, but generally. preinstall and postinstall is all you need in most cases.
+23I tried to work around the config file issue by creating one on the 10.9 server's profile manager. It would only create it for my user id, and not for the entire system, despite importing via the sudo command. However, it restricted ALL the app store tabs so you couldn't click on them.
*sigh*
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.