That's pretty sweet, I might use this for locking down open lab computer docks.

Hi Robert,

Have you applied these to any machines? and if so, did you use the pkg method? or try and import as a config profile into the JSS?

@tim.rees

The best method would be using the JSS and scoping the profile to a group. If you want to use the .pkg method, here are some relevant links.

https://github.com/timsutton/make-profile-pkg

http://themacadmin.com/deploying-os-x-configuration-profiles-without-mdm/

@tim.rees

I have been using Composer to deploy these rather than relying on the MDM features. I wasn't aware of make-profile-pkg that @Abdiaziz mentioned and I am sure it is much easier than what I have been doing. I will definitely give this a shot next time I need to send one out.

Here is the basic process I follow to package up my configuration profiles:

Install Profiles Using Composer

Quick question @freddie.cox . How come you package the profiles rather than relying on the MDM features? And how do you go about confirming that the profile is properly installed via Casper since you are going around the profile management Casper provides? Sounds like an interesting approach so I'm just curious.

As for the website in question, I saw it and it looks very interesting. But I wish the developer would open it up and share the code so that one could use it locally rather than relying on the website.

Spoke too soon. Looks like in the comments the developer says he will make it a native Mac app soon and will release it to github.

@bpavlov Previously the reporting features were lacking regarding who did/didn't have the configuration profile installed. Recent updates to the JSS have improved this visibility but I have just got in the habit of packaging them up.

It also allows me to install them at first-boot imaging (ie WiFi configuration) rather than have to wait until the computer is setup.

@freddie.cox

Hey,

I'm trying to make these configs into packages.
Do I just drag the configs into composer?

@esantiago Correct. Place the config files where you want them to be copied to on the client (I do /Library/MyOrgName/ so that no one sees anything has been copied and its a simple path to work with) then drag them into the left side of the composer window and it will create a new package.

Then you can add the post install script to install those copied profiles using the profiles command.

@freddie.cox

The post install script would look like this> ??

!/bin/sh

postinstall

pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

Install New Profile

/usr/bin/profiles -I -F /Library/MyOrgName/mslobasedock.mobileconfig

sleep 2

Clean Up After ourself

rm -f /Library/MyOrgName/mslobasedock.mobileconfig

exit 0 ## Success

I'm assuming it's this because I don't have any config profile to remove - and only one item to delete after it runs.

@esantiago Looks OK minus the comments were stripped. But I think that might be a bug with the response WYSIWYG.

#!/bin/sh
postinstall
pathToScript=$0
pathToPackage=$1
targetLocation=$2
targetVolume=$3

#Install New Profile
/usr/bin/profiles -I -F /Library/MyOrgName/mslobasedock.mobileconfig

sleep 2

#Clean Up After ourself
rm -f /Library/MyOrgName/mslobasedock.mobileconfig

exit 0 ## Success

Obviously try this out on a VM or test box before sending it out to the world. :)

@freddie.cox

Thanks man. I Appreciate your help.
Just made the package I'm going to attempt to roll it out in an config during Imaging.

Make sure to check the "Install on Boot Drive after Imaging" in Casper Admin when you upload it so it will run once the OS is actually up and booted.

@freddie.cox are you signing these or just installing them unsigned? If you are signing them how are you doing it if you are using JAMF.

If it's a configuration profile uploaded to the JSS then it gets signed when its deployed. I also believe if you download the profile from the JSS that it is also signed. Easy enough to test that yourself if so inclined. Really the only situation to look out for is if you're doing custom profiles and staying outside of the JSS completely by deploying them through packages. In that case perhaps using the JSS to get it signed through there may help or you can look into something like Profile Manager. I was briefly reading about that option the other day but then learned the JSS signs the profile so it wasn't necessary.

@bpavlov I'm familiar with the JSS auto-signing uploaded profiles. The issue I see is with custom payloads/attributes that the JSS doesn't understand get stripped away or don't function properly.

@jhbush1973 I usually create the config profiles in the JSS and I have setup code signing in the JSS and in Composer using our Developer account. At this point I haven't had any issues with importing them using profiles.