Jamf Nation Community

Nice write up @davidacland makes me sad I have not gotten around to as much of this as I would like. And now I am itching to sit and clean stuff up.

Thanks @davidacland ! Learned a lot reading AmSys' blog! Thanks for sharing.

@McArenas FWIW, Firefox does not use confit profiles for settings management.

Chrome uses some, but not sure if all what you want can be achieved with profiles alone.

Would it be rude to suggest to the OP:

@calumhunter If you have to ask...

Sure you can point someone to google, but it doesn't necessarily help the conversation. Plus so many of the same questions are asked that if we resorted to doing that there wouldn't be much of a community at all and people wouldn't feel very welcome to ask questions....

@McArenas
For Google check out these links:
http://www.chromium.org/administrators/policy-templates
http://www.chromium.org/administrators/policy-templates
http://www.chromium.org/administrators/policy-list-3
http://www.chromium.org/administrators/configuring-other-preferences
http://krypted.com/mass-deployment/deploying-and-managing-google-chrome-the-rough-guide/

There was also a good thread where people offered different ways to manage Google on JAMF Nation a few months ago.

For Firefox, lookup CCK2. I believe @davidacland has a good guide. Check out these links:
http://www.amsys.co.uk/2014/blog/locking-firefox-cck-2/
http://www.amsys.co.uk/2015/blog/changes-cck-2-usage-firefox-35/
https://jamfnation.jamfsoftware.com/discussion.html?id=12720

For Safari:
I recommend using a config profile for Safari if you want to set the homepage. To create a PLIST file here is the command (change myhomepage.com to your choice):

defaults write com.apple.Safari HomePage -string http://www.myhomepage.com

The PLIST file to convert into a config profile would look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>HomePage</key>
    <string>http://www.myhomepage.com</string>
</dict>
</plist>

I recommend looking at MCXtoProfile which will allow you to create profiles that can either manage certain settings ALWAYS (user can't change it) or ONCE (only sets the initial setting but the user can change it afterward). Profiles can work for Google Chrome and Safari. Not so much for Firefox unfortunately.

For the Sharing preference pane there are two ways to do this:
You use a config profile (create one using OS X Server's Profile Manager which allows you to restrict preference panes; it's the Restriction payload)
Or you can read this article on managing the authorization database in OS X Mavericks and Yosemite:
https://derflounder.wordpress.com/2014/02/16/managing-the-authorization-database-in-os-x-mavericks/
The second option works great if your users do not have admin access.

For the TimeMachine menubar icon I believe that's actually on by default in OS X. If you want to disable just the menubar though:

defaults write com.apple.mcxMenuExtras TimeMachine.menu -bool false

and convert that plist file (which should be located in ~/Library/Preferences/ if you run it as I wrote it) into a config profile. The PLIST should look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>TimeMachine.menu</key>
    <false/>
</dict>
</plist>

For creating a dock there are a few tools:
https://github.com/kcrawford/dockutil
http://errorfreeit.com.au/blog/2015/4/28/dock-master

There are a few gotchas though:
You will probably want to delete /Library/Preferences/com.apple.dockfixup.plist so that certain OS X apps do not get added (I forget right now which ones they are). But you'll figure it out.
And if you end up with a default plist you'll want overwrite the appropriate file (for me it's english so I use en.lproj):

/System/Library/CoreServices/Dock.app/Contents/Resources/en.lproj/default.plist

But it may be something else if you're using a different localization. And this method may not work in future version of OS X.

The other items I can't comment as I don't deal with them. This may be all over the place and not precise, but it should hopefully get you started. As with anything, be sure to test many times over.

@calumhunter No. You are not rude at all. I greatly appreciate your suggestion. I apologise if I clutter your JAMFNation feed with something not beneficial for you. FYI, i diligently tried your suggestion before I posted this question. However, I am unable to get an answer that really sings to me, maybe it's my bad, having English as my second language, I may not be hitting the right keyword. I just thought, there are some people in this community that will be in the same boat and just starting to go "thin" that will benefit from the invaluable replies from the folks who are generous enough to share their experience and expertise. I believe this what makes JAMF Nation, one of the best community of Mac Admins (if not the best!).

This reminds me of a blog post on AmSys: an interview with one of JAMF's Senior Systems Engineer

He was asked: What is the best advice you have ever been given?

“Better ask too often how to do something, even if it makes you look stupid, then not to ask and make it wrong.”

@bpavlov and @davidacland thanks a lot for your replies. Greatly appreciated.

You are indeed a blessing to this community. Keep sharing bros!

If you ever move along into the Casper route you will find that you have a lot more flexibility for deployment. Once you get your OS (Booted and modified or fresh and scripted) and other items (.pkgs, .dmgs, scripts) you can distribute them package by package during a deployment or have them compiled into a temporary, block copy, .dmg for distro which gives the speed of monolithic imaging while still being modular in organization and setup. We were a Deploy Studio shop years ago and are super happy with Casper Imaging.