2 weeks ago
Hello! I used Jamf Compliance Editor to make a config policy to disable AutoOpenSafeDownloads, as part of implementing CIS lvl 1 benchmarks. I know Jamf Compliance Editor isn't supported, no worries, my question is more about conflicting config profiles!
The result is a file named `com.apple.Safari.plist`. This file is very short, with only 1 option. However, `com.apple.Safari.plist` is a file that already exists - you can view the default settings with
`defaults read com.apple.Safari`.
My concern is: will having two config profiles with the same name cause issues? If I upload my new `com.apple.Safari.plist` to Jamf, and push it to a Mac, will it overwrite the settings specified in the `com.apple.Safari.plist` that already exists?
Can macOS apply the settings from both policies of the same name, if one is applied through JAMF and the other is already on the machine?
Thank you!!
Helpful Info:
In my `~/Library/Preferences/` directory, there is no `com.apple.Safari.plist`, but there is many files beginning with `com.apple.Safari`. Output of `ls ~/Library/Preferences/com.apple.Safari*`:
```
com.apple.Safari.PasswordBreachAgent.plist
com.apple.Safari.SafeBrowsing.plist
com.apple.Safari.SandboxBroker.plist
com.apple.SafariBookmarksSyncAgent.plist
```
The `com.apple.Safari.plist` made with Jamf Compliance Editor:
```
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" http://www.apple.com/DTDs/PropertyList-1.0.dtd>
<plist version="1.0">
<dict>
<key>AutoOpenSafeDownloads</key>
<false/>
</dict>
</plist>
```
Output of `defaults read com.apple.Safari` is:
```
{
AutoOpenSafeDownloads = 0;
AutoplayPolicyWhitelistConfigurationUpdateDate = "2024-10-08 15:08:51 +0000";
AutoplayQuirksWhitelistConfigurationUpdateDate = "2024-10-08 15:08:51 +0000";
DidClearLegacySpotlightMetadataCaches = 1;
DidGrantSearchProviderAccessToWebNavigationExtensions = 1;
DidMigrateAppExtensionPermissions = 1;
DidMigrateDownloadFolderToSandbox = 1;
DidMigrateLastSessionPlist = 1;
DidMigrateNewBookmarkSheetToReadingListDefault = 1;
DidMigrateResourcesToSandbox = 1;
DidMigrateSecureDefaultsToUserDefaults = 1;
DidMigrateStartPageDefaultSidebarVisibility = 1;
DidMigrateToCoreSpotlightBasedHistorySearch = 1;
DidMigrateToMoreRestrictiveFileURLPolicy = 1;
DidMigrateWebDriverAllowRemoteAutomation = 1;
DidMigrateWebExtensionSQLiteStorageToWebKit = 1;
DidReportHistorySettings = 1;
DidShowWhatsNewInSafari17 = 1;
DidShowWhatsNewInSafari18 = 1;
DidUpdateCoreSpotlightBookmarksDataOnUpgrade = 1;
ExtensionsEnabled = 1;
FaviconDatabaseDidEraseLegacyDatabase = 1;
HideHighlightsEmptyItemViewPreferenceKey = 1;
HideStartPageFrecentsEmptyItemView = 1;
HideStartPageSiriSuggestionsEmptyItemView = 1;
HideSuggestionsEmptyItemView = 1;
HomePage = "https://www.apple.com/startpage/";
LastApplicationCacheMessageTraceTime = "749666844.942233";
LastCloudHistoryConfigurationUpdateTime = "2024-10-08 15:07:56 +0000";
LastOSVersionSafariWasLaunchedOn = "15.0";
LastSharedLinksMessageTraceTime = "749667142.9176379";
LocalFileRestrictionsEnabled = 1;
"NSToolbar Configuration BrowserStandaloneTabBarToolbarIdentifier-v2" = {
"TB Display Mode" = 2;
"TB Icon Size Mode" = 1;
"TB Is Shown" = 1;
"TB Size Mode" = 1;
};
"NSWindow Frame BrowserWindowFrame" = "94 85 1324 859 0 0 1512 944 ";
NewestLaunchedSafariVersion = "619.1.26.31.6";
OpenWindows = (
);
PrivacyReportStartPageNumberOfTrackers = {
DefaultProfile = 0;
};
RecentWebSearches = (
);
SafariProfilesLastActiveProfileUUIDString = DefaultProfile;
SafariVersionForExperimentalFeatures = "18.0";
SearchProviderIdentifierMigratedToSystemPreference = 1;
ShowServiceNamesInPasswords = 1;
ShowSidebarInTopSites = 0;
SkipLoadingEnabledAppExtensionsAtLaunch = 1;
SkipLoadingEnabledContentBlockersAtLaunch = 1;
SkipLoadingEnabledWebExtensionsAtLaunch = 1;
StartPageSectionOrdering = (
tabGroupHeadingIdentifier,
tabGroupFavoritesItemIdentifier,
separatorSectionIdentifier,
startPageHeadingIdentifier,
favoritesItemIdentifier,
frequentlyVisitedItemIdentifier,
highlightsItemIdentifier,
privacyReportIdentifier,
exploreItemIdentifier,
readingListItemIdentifier,
recentlyClosedTabsInTabGroupItemIdentifier,
cloudTabsItemIdentifier
);
StartPageSections = {length = 893, bytes = 0x62706c69 73743030 d4010203 04050607 ... 00000000 000002b5 };
SuccessfulLaunchTimestamp = "750092593.3843271";
UniversalSearchFeatureNotificationHasBeenDisplayed = 1;
UserAgentQuirksConfigurationUpdateDate = "2024-10-08 15:08:51 +0000";
WBSOfflineSearchDisablementKey = "2024-10-08 15:08:51 +0000";
WBSOfflineSearchSuggestionsModelGoogleWasDefaultSearchEngineKey = 1;
WBSOfflineSearchSuggestionsModelLastUpdateDateKey = "2024-10-03-1147";
WBSOfflineSearchSuggestionsModelLastUsedLocaleIdentifierKey = "en_US";
WBSPerSiteSettingSyncInitialSyncCompletedKey = 1;
WBSPrivacyProxyAvailabilityAccountType = 1;
WBSPrivacyProxyAvailabilityActiveOnDefaultNetwork = 0;
WBSPrivacyProxyAvailabilityServiceStatus = 0;
WBSPrivacyProxyAvailabilitySubscriberTier = 0;
WBSPrivacyProxyAvailabilitySubscriberTierUnavailableInUserCountry = 1;
WBSPrivacyProxyAvailabilityTraffic = 66977004;
WBSRemoteAutoFillQuirksLastUpdateTime = "2024-10-07 15:07:30 +0000";
"WebKitPreferences.allowsPictureInPictureMediaPlayback" = 1;
"WebKitPreferences.applePayEnabled" = 1;
"WebKitPreferences.hiddenPageDOMTimerThrottlingAutoIncreases" = 1;
"WebKitPreferences.invisibleMediaAutoplayNotPermitted" = 1;
"WebKitPreferences.javaScriptCanOpenWindowsAutomatically" = 1;
"WebKitPreferences.needsStorageAccessFromFileURLsQuirk" = 0;
"WebKitPreferences.pushAPIEnabled" = 1;
"WebKitPreferences.shouldAllowUserInstalledFonts" = 0;
"WebKitPreferences.shouldSuppressKeyboardInputDuringProvisionalNavigation" = 1;
WebKitRespectStandardStyleKeyEquivalents = 1;
WebsiteNameProviderLastUpdateTime = "2024-10-07 15:07:30 +0000";
"com.apple.WebPrivacy.TrackingResourceRequestContentBlockerVersion" = "qrsAAAGSKksiIAhvTDg=";
}
```
2 weeks ago
In most cases, the first profile will be authoritative, and subsequent profiles will be ignored - but this is not universally true for all the various combinations of OS and application domain. If you want to see one of the most infuriating things Apple has written in recent years, take a look here, last point under Payload Basics.
So for this case, revoke the original Safari profile, then scope the new one.
Keep your profiles task-oriented and limited to a single app or area of settings. Configuring all your web browsers in a single profile might seem appealing but quickly becomes unmanageable; keeping profiles separated by app lets you stay granular over time and adjust faster.
Don't ever delete a computer-level profile without setting its scope to none! Better yet, just don't delete the old profiles, move them to some "Archive" category.
Version your profiles, even if that just means you're keeping text notes somewhere, or put a version indicator into the PayloadDescription.
If you're using profiles from community sources like GitHub, remember to change the PayloadOrganization to your own org.
This is still a worthwhile reference: https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf
Finally, if you're new to profiles, I recommend you take a look at the excellent iMazing Profile Editor (and say hi in their channel on the Slack).
2 weeks ago
Hi @dacontracta ,
LowProfile by @ninxsoft will help you inspect the Apple Configuration Profile payloads. It can list duplicated property keys for most of the payload.
Thanks.
2 weeks ago
you can deploy two plist with same name , but it shouldn't contain the same key .