Apple Configurator,  iPhone,  Mac OS X,  Mac OS X Server,  Mac Security

Mac-Only MDM Profile Keys

Below is a listing of all the profile payloads that you see listed when using the Profile Manager web interface as well as their corresponding keys in the mobileconfig files. You can use these to generate profile keys programmatically:

Distribution Type:
Automatic Push
Manual Download

Organization: PayloadOrganization
Description: PayloadDisplayName
Automatically Remove Profile: PayloadRemovalDisallowed
Payload scope: User or computer
——
Identification

User Display Name:
Email address: EmailAddress
User Name: FullName
Password: Password
User Enters Password: AuthMethod
Prompt: Prompt
Prompt Message: PromptMessage
———
Restrictions (com.apple.applicationaccess.new)

Preferences tab:

Restrict Items in System Preferences: familyControlsEnabled
Allow array: EnabledPreferencePanes with each identified in a string for its domain:
EnabledPreferencePanes

com.apple.preferences.users
com.apple.preference.general
com.apple.preference.universalaccess
com.apple.preferences.appstore
com.apple.preferences.softwareupdate
com.apple.preferences.Bluetooth
com.apple.preference.digihub.discs
com.apple.preference.datetime
com.apple.preference.desktopscreeneffect
com.apple.preference.displays
com.apple.preference.dock
com.apple.preference.energysaver
com.apple.preferences.extensions
com.apple.prefpanel.fibrechannel
com.apple.preferences.icloud
com.apple.preference.ink
com.apple.preferences.internetaccounts
com.apple.preference.keyboard
com.apple.Localization
com.apple.preference.expose
com.apple.preference.mouse
com.apple.preference.network
com.apple.preference.notifications
com.apple.preferences.parentalcontrols
com.apple.preference.printfax
com.apple.preferences.configurationprofiles
com.apple.preference.security
com.apple.preferences.sharing
com.apple.preference.sound
com.apple.preference.speech
com.apple.preference.spotlight
com.apple.preference.startupdisk
com.apple.prefs.backup
com.apple.preference.trackpad

Apps tab:
Allow use of Game Center: GKFeatureGameCenterAllowed
Allow multiplayer gaming: GKFeatureMultiplayerGamingAllowed
Allow adding Game Center friends: GKFeatureAddingGameCenterFriendsAllowed
Allow Game Center account modification: GKFeatureAccountModificationAllowed
Allow App Store app adoption: restrict-store-disable-app-adoption
Allow Safari AutoFill: safariAllowAutoFill
Require admin password to install or update apps: restrict-store-require-admin-to-install
Restrict App Store to MDM installed apps and software updates: SHKAllowedShareServices
Restrict which apps are allowed to launch
Allow Apps: whiteListEnabled
Paths to apps: whitelist array
Allow Folders: pathWhiteList
Disallow Folders: pathBlackList

Widgets tab:
Dashboard Widget Restrictions payload:
Enable: whiteListEnabled
Array of enabled objects: whitelist

Media tab: Edit Mount-Controls in Restrictions payload
AirDrop: DisableAirDrop
Internal Disks: harddisk-internal
External Disks: harddisk-external
Disk Images: disk-image
DVD-RAM: dvdram
CDs & CD-ROMs: blankcd
DVDs: blankdvd
Eject at Logout: logout-eject

Sharing:
Edit the SHKAllowedShareServices array of services. Simply remove service to edit the array.

Functionality:
Lock Desktop Picture: locked
Path to picture: override-picture-path
Allow use of camera:
Allow iCloud Documents & Data: allowCloudDocumentSync
Allow use of iCloud Password for Local Accounts: DisableUsingiCloudPassword
Allow Spotlight Suggestions: allowSpotlightInternetResults

———
Messages (for Jabber, not AIM)

Account Description: JabberAccountDescription
Account Type: Sets com.apple.jabber.account payload
Account Name: JabberUserName
Password: JabberPassword
Server Address: JabberHostName
Server Port: JabberPort
Use SSL: JabberUseSSL
Use Kerberos v5: JabberAuthKerberos

———
AD Certificate (alacarte.adcert)

Description: Description
Certificate Server: CertServer
Certificate Authority: CertificateAuthority
Certificate Template: CertTemplate
Certificate Expiration Notification Threshold: CertificateRenewalTimeInterval
Prompt for credentials: PromptForCredentials
Username: UserName
Password: Password
Allow access to all apps: AllowAllAppsAccess
Allow export from keychain: KeyIsExtractable
Hidden setting: CertificateAcquisitionMechanism (set to RPC)
———
Login Items
Apps: AutoLaunchedApplicationDictionary-managed, AutoLaunchedApplicationDictionary-managed
Items: com.apple.loginitems.managed
Authenticated Network Mounts: MCX-NetworkHomeDirectoryItem
Add network home share point: AuthenticateAsLoginUserShortName
User may press Shift to keep items from opening: DisableLoginItemsSuppression

———
Mobility

Account Creation tab
Create mobile account when user logs in to network account: com.apple.cachedaccounts.CreatePHDAtLogin
com.apple.cachedaccounts.CreateAtLogin
Require confirmation before creating mobile account: cachedaccounts.WarnOnCreate.allowNever
Show “Don’t ask me again” checkbox: com.apple.cachedaccounts.WarnOnCreate
Create home using: userPicksExternalVolume
Encrypt contents with FileVault: cachedaccounts.create.encrypt (cachedaccounts.create.encrypt.requireMasterPassword requires a master password)
Restrict size: cachedaccounts.create.maxSize
Fixed size: cachedaccounts.create.maxSize.fixedSize
Percent: cachedaccounts.create.maxSize.percentOfNetworkHome
Home folder location:cachedaccounts.create.location

Account Expiry tab
Delete mobile accounts: cachedaccounts.expiry.delete.disusedSeconds
Delete only after successful sync: cachedaccounts.expiry.cond.successfulSync

Rules tab
Preferences Sync subtab
Sync at login: syncPreferencesAtLogin
Sync at logout: syncPreferencesAtLogout
Sync in background: syncPreferencesInBackground
Sync manually: syncPreferencesAtSyncNow
Sync Folders: syncedPrefFolders-managed
Skip Items: excludedPrefItems-managed
Merge with user’s settings: replaceUserPrefSyncList

Home Sync sub tab: Mobility: Home Sync (com.apple.homesync)
Sync at login: syncBackgroundSetAtLogin
Sync at logout: syncBackgroundSetAtLogout
Sync in background: periodicSyncOn
Sync manually: syncBackgroundSetAtSyncNow
Sync Folders: replaceUserSyncList
Skip Items: excludedItems-managed
Merge with user’s settings: replaceUserSyncList

Options sub tab
Sync in the background: syncPreferencesInBackground
Sync time: syncPeriodSeconds
Show status in menu bar:HomeSync.menu
———
Dock
Dock Size: tilesize (followed by an integer)
Magnification: magnification
Position: orientation
Minimize using: mineffect
Animate opening apps: launchanim
Automatically hide and show the Dock: autohide
Show indicator lights for open apps: show-process-indicators
Dock Apps: static-apps

Dock Items

Merge with User’s Dock:
Add other folders:MCXDockSpecialFolders
My Apps: AddDockMCXMyApplicationsFolder
Documents: AddDockMCXDocumentsFolder
Network Home: AddDockMCXOriginalNetworkHomeFolder

———
Printing
Printer List: UserPrinterList, each has the following:
DeviceURI: Path of the printer
DisplayName: Name of printer
Location: Location in printer description
Model: Model of printer
PrinterLocked: Whether the printer is uninstallable
PPDURL: Path to the Printer driver file

Default Printer: DefaultPrinter
Allow user to modify printer list
Allow printers that connect directly to user’s computer
Require an administrator password: RequireAdminToAddPrinters
Only show managed printers: ShowOnlyManagedPrinters
Print page footer (user name and date): PrintFooter
Include MAC address: PrintMACAddress
Font Name: FooterFontName
Font Size: FooterFontSize

———
Parental Controls
Content Filtering: useContentFilter
Disable use of Dictation
Hide profanity in Dictionary and Dictation
Trying to limit access to adult websites
Allowing access to the following websites only
Enable URL white list:
Allow URLs: filterWhitelist (each url is stored in an item in the array
Deny URLs: filterBlacklist

Time Limits
Enforce Allowances: allowancesActive, limits-list, allowancesActive
Weekday Allowances: com.apple.familycontrols.timelimits.computer, timeLimitSeconds
Weekend Allowances: com.apple.familycontrols.timelimits.computer, timeLimitSeconds
Enforce Limits: familyControlsEnabled
Sunday through Thursday: each day has an entry in the array
Sunday: start and end string, each listing a time
Monday: start and end string, each listing a time
Tuesday: start and end string, each listing a time
Wednesday: start and end string, each listing a time
Thursday: start and end string, each listing a time
Friday through Saturday
Friday : start and end string, each listing a time
Saturday: start and end string, each listing a time
—————
Accessibility
Vision
Enable Zoom via ScrollWheel: closeViewScrollWheelToggle
Enable Zoom via Keyboard: closeViewHotkeysEnabled
Maximum Zoom: closeViewFarPoint
Minimum Zoom: closeViewNearPoint
Show preview rectangle when zoomed out: closeViewShowPreview
Smooth images: closeViewSmoothImages
Invert colors: whiteOnBlack
Use grayscale: grayscale
Enhance Contrast: contrast
Cursor size: mouseDriverCursorSize
Enable VoiceOver: voiceOverOnOffKey

Hearing
Flash the screen when an alert occurs: flashScreen
Play stereo audio as mono: stereoAsMono

Interacting
Enable Sticky Keys: stickyKey
Beep when a modifier key is set: stickyKeyBeepOnModifier
Display pressed keys on screen: stickyKeyShowWindow
Enable Slow Keys: slowKey
Use click key sounds: slowKeyBeepOn
Acceptance delay: slowKeyDelay
Enable Mouse Keys: mouseDriver
Initial delay: mouseDriverInitialDelay
Maximum speed: mouseDriverMaxSpeed
Ignore built-in trackpad: mouseDriverIgnoreTrackpad

Finder
Preferences tab
Use Simple Finder: InterfaceLevel
Show Hard disks on the desktop: ShowHardDrivesOnDesktop
Show External disks on the desktop: ShowExternalHardDrivesOnDesktop
Show CDs, DVDs and iPods on the desktop: ShowRemovableMediaOnDesktop
Show Connected servers on the desktop: ShowMountedServersOnDesktop
Show warning before emptying the Trash: WarnOnEmptyTrash

Commands tab
Connect to Server: ProhibitConnectTo
Eject: ProhibitEject
Burn Disc: ProhibitBurn
Go to Folder: ProhibitGoToFolder
Restart: RestartDisabledWhileLoggedIn
Shut Down: ShutDownDisabledWhileLoggedIn

Proxies
Enable Web Proxy: HTTPEnable
Web Proxy URL: HTTPProxy
Web Proxy Port Number: HTTPPort
Enable Secure Web Proxy: HTTPSEnable
Secure Web Proxy URL: HTTPSProxy
Secure Web Proxy Port Number: HTTPSPort
Enable FTP Proxy: FTPEnable
Secure FTP Proxy URL: FTPProxy
Secure FTP Proxy Port Number: FTPPort
Enable SOCKS Proxy: SOCKSEnable
Secure SOCKS Proxy URL: SOCKSProxy
Secure SOCKS Proxy Port Number: SOCKSPortNumber
Enable Streaming Proxy (RTSP): RTSPEnable
Secure Streaming Proxy URL: RTSPProxy
Secure Streaming Proxy Port Number RTSPPort
Enable Gopher Proxy: GopherEable
Secure Gopher Proxy URL: GopherProxy
Secure Gopher Proxy Port Number: GopherPort
Exceptions: array called Exceptions
Use Passive FTP Mode (PASV): FTPPassive
Enable Automatic Configuration: ProxyAutoConfigEnabled
Automatic Proxy Configuration URL: ProxyAutoConfigURLString

Custom Profiles