Help

Using Configuration Profiles in an enterprise setting

ezmoney202
New Contributor

Posted on ‎11-07-2012 07:53 AM

Im having an issue with distributing configuration Profiles to my 10.8 and up machines. our current environment we have a jss on our corporate network behind a firewall, along with our client machines obviously. Due to certain PCI compliance Regulations, we do not want want expose the company to unmitigated risk by opening the ports necessary(5223, 2195, 2196) to allow APNs traffic to the machines inside our network. Has anyone successfully overcome this specific hurdle for managing 10.8 and up machines with configuration profiles? Any Ideas would be greatly appreciated

0 Kudos
6 REPLIES 6

freddie_cox
Contributor III

Posted on ‎11-07-2012 08:52 AM

If you do not want to/can't use Apple's MDM framework for distributing configuration profiles you have a couple of options:

1) Sneaker-net (Manual installs as needed)
2) You can manage profiles using the "profiles" command through terminal. You could create a policy in your JSS to grab these from a central store and install with a script like something below:

profiles -I -F /testfile.mobileconfig

You can export the configuration profiles you make in the JSS by going to the following URL:
https://YourJSSURLorIP:8443/exportOSXConfigurationProfile.html

Hope this helps!

0 Kudos

mastins
New Contributor

Posted on ‎11-07-2012 12:33 PM

Our Company has the same Security/Compliance concerns regarding opening up the network for APNS. We've been managing 10.8 devices with configuration profiles in two different ways:

1) Any device profiles that are the same for all machines are placed into the /var/db/ConfigurationProfiles/Setup directory at imaging time. Any profiles in this directory are installed automatically the first time the machine is booted after imaging.

2) For any profiles that need to be added or modified after imaging we are using the "profiles" command that Freddie referenced triggered by a JSS policy.

This requires a little more manual work than using Apple's MDM framework, but makes it possible to use configuration profiles in a restricted environment.

0 Kudos

zmbarker
Contributor

Posted on ‎11-08-2012 07:29 AM

mastins - what kind of Config. profiles do you install? At this time I don't have any MCX or Config Profiles. I have been trying to find some downloadable config profiles to see what/how people are using these. Would you be willing to post a few?

0 Kudos

zmbarker
Contributor

Posted on ‎11-08-2012 07:33 AM

mastins - what kind of Config. profiles do you install? At this time I don't have any MCX or Config Profiles. I have been trying to find some downloadable config profiles to see what/how people are using these. Would you be willing to post a few?

0 Kudos

ezmoney202
New Contributor

Posted on ‎11-12-2012 06:49 AM

thanks for the responses. ill give it a shot.

0 Kudos

ezmoney202
New Contributor

Posted on ‎11-12-2012 07:53 AM

Freddie. i used the profiles command and it worked as long the central location is mounted. What are you doing to mount the drive before running the script?

0 Kudos