Jamf Nation Community

ImAMacGuy · ‎11-14-2013

With the changes to 10.9's app store lock down and the config profile not working through the JSS/APNS push, is there a way to download the config profile and then bundle it up so it gets installed via the deployment workflow?

Chris · ‎11-14-2013

Not sure if that's what you mean, but you can download Profiles from your JSS
(download button in v9, https://your.jss.address:8443/exportOSXConfigurationProfile.html in v8),
save it to /var/tmp for example, drag it into Composer and add a postflight script with

/usr/bin/profiles -I -F /var/tmp/yourProfile.mobileconfig

Then build it as a pkg and deploy it.

View solution in original post

Chris · ‎11-14-2013

Not sure if that's what you mean, but you can download Profiles from your JSS
(download button in v9, https://your.jss.address:8443/exportOSXConfigurationProfile.html in v8),
save it to /var/tmp for example, drag it into Composer and add a postflight script with

/usr/bin/profiles -I -F /var/tmp/yourProfile.mobileconfig

Then build it as a pkg and deploy it.

ImAMacGuy · ‎11-14-2013

sweet! thank you!

rtrouton · ‎11-14-2013

@Chris][/url][/url, when you install a profile with user-level managed preferences with profiles -I, does it install it as a user-level profile for all users? Or do you need to specify a user?

Chris · ‎11-14-2013

@rtrouton from the Profiles man-page:

Certain configuration profiles may be marked as a device profile (system) using the PayloadScope key. However, the profiles tool will ignore the PayloadScope key and install the profile based on how the profile is installed; either a user profile if installed from a user, or a device profile if installed from root (or sudo).

So if you're deploying the profile with Casper, it'll be a device profile, since it's installed as root

rtrouton · ‎11-14-2013

@Chris][/url, Thanks! That's how I had understood it to work from the man page, but I didn't know if I was missing something.

denmoff · ‎11-14-2013

@Chris With V9, i wonder if issuing the profiles -I -F command might be better as a single line command in policy rather than a post flight script, since flat packages don't support postflight scripts and the JSS v9 will want to zip the non-flat pkg.

gregneagle · ‎11-14-2013

With V9, i wonder if issuing the profiles -I -F command might be better as a single line command in policy rather than a post flight script, since flat packages don't support postflight scripts

They don't support postflight scripts, but do support postinstall scripts, which provide the same functionality. (The script simply must be named exactly "postinstall" and be executable)

mm2270 · ‎11-14-2013

^ Exactly. I build flat packages with postinstall and/or preinstall scripts in them all the time. The older bundle style packages support a few additional script types in addition to preflight and postflight that you don't get with flat packages, but generally. preinstall and postinstall is all you need in most cases.

ImAMacGuy · ‎11-14-2013

I tried to work around the config file issue by creating one on the 10.9 server's profile manager. It would only create it for my user id, and not for the entire system, despite importing via the sudo command. However, it restricted ALL the app store tabs so you couldn't click on them.

*sigh*

Jamf Nation Community

Deploy a config profile via pkg/dmg workflow