Posted on 10-02-2023 09:32 AM
I am testing out using iMazing Profile Editor and the app works great, and I can save the new profile and upload into Jamf and scope to my test machine and it applies and makes the changes needed which is great. The instructions I'm following say to sign the profile and when I choose to sign the profile within iMazing I have 2 options, the first one says DEP-my serial number and the other option is a long string of letters/numbers, so I'm not sure which to choose and I'm not even sure if this is needed since it worked the first time without signing, so I guess my question is do I need to sign the profile since it already worked without being signed, or will I see issues down the road if I don't sign it and if so, how do I know which cert to use to sign the profile? When I look at the certs in Keychain DEP-my serial number shows Jamf SCEP Intermediate CA as "issued by" and for the other cert with long letters and numbers within Keychain the "issued by" shows JSS Built-in Certificate Authority.
I'm probably way over thinking this, but any help you can provide is appreciated!
Introducing iMazing Profile Editor
Posted on 10-02-2023 09:37 AM
Instead of using ProfileCreator or iMazing Profile Editor, you might be interested in using Jamf manifests.
The manifests created for these two projects are automatically turned into Jamf Pro manifests you can use directly in Configuration Profiles without having to sign anything.
Here’s a Jamf Blog post that provides the details:
https://www.jamf.com/blog/profilecreator-manifests-now-available-for-jamf/
Posted on 10-02-2023 10:49 AM
@talkingmoose Very cool, I didn't know this existed, but it has a lot of useful information, but I don't see any manifests for managing Login Items unfortunately, although it does have a manifest to manage what apps are launched when a user logs in, just not the Allow in Background Login Items.
Posted on 10-02-2023 11:29 AM
Just kidding, I was totally overthinking how to managed Login Items. I now realize there is a default payload called "Managed Login Items", so I'll just use that! Sorry for the dumb questions, but I appreciate the help!