iPhone,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

Using Payload Variables in Profile Manager

Profile Manager allows you to leave certain fields that are user-centric blank and it will prompt at the time that the profile is installed for the blank information. These are usually user-centric fields, such as short name and password. You can also create a profile in Profile Manager for each user you want to setup mail, Exchange, iCal, Address Book and other services that are tied to a specific user. You can enter the username for each and leave the password blank and the user will be prompted for the password but have the username filled in. And then there are payload variables.

Note: Before we get started on Payload Variables, it’s worth noting that many did not work well prior to 10.7.3, most notably %email%.

Profile Manager provides a number of ways to configure accounts and settings on iOS based devices. When a user logs in, the user’s name, email address, title, phone number and both the short name and GUID of the user’s account are able to be substituted using variables. These variables have a % in front of and behind the name of the variable, making them easy to identify when looking at accounts. These can easily be put into a profile’s payload. When a user logs in the contents of the payload variable are replaced with the information for the account that logged in using the /MyDevices page in the web enrollment interface. When the enrollment profile is downloaded to the device, the variable is substituted with the user’s information from directory services (for user payloads) or from the device itself (for device payloads).

Using payload variables is a really straight forward process. First, create a profile by logging into the Profile Manager web interface (the name of the server followed by /ProfileManager. When prompted, provide the username and password for an administrative account.

Click on a group or user who you would like to configure a profile for.

From the profile screen, select the payload that you’d like to configure.

Enter the variable into the field(s) you’d like the substitution to occur in. For example, here I’m using a variable everywhere currently possible.

Note: You can wrap the variable with other text. For example, if you enter krypton.com/%short_name% then for a user of cedge the variable would expand as krypton.com/cedge, useful in doing Exchange configurations.

Variables available for use include user and device variables. These user variables are as follows:

  • %email% – The email address (the EMailAddress attribute)
  • %first_name% – The first name (the FirstName attribute)
  • %full_name% – The full name (the RealName attribute)
  • %guid% The guid (the GeneratedID attribute)
  • %last_name% – The last name (the LastName attribute)
  • %job_title% The job title (the JobTitle attribute)
  • %mobile_phone% The mobile number (the MobileNumber attribute)
  • %short_name% The short name (the RecordName attribute, typically the name of the account )

The device variables are as follow:

  • %BuildVersion% – Full OS version on the device
  • %ICCID% – ICCID (from the SIM card)
  • %IMEI% – IMEI (International Mobile Equipment Identity)
  • %OSVersion% – Common version number of the device’s OS
  • %ProductName% – Product name
  • %SerialNumber% – Serial number
  • %WIFIMAC% – MAC address of the WiFi interface

There are also 802.1x variables, which include the following:

 

  • %AD_ComputerID%
  • %AD_Domain%
  • %AD_DomainForestName%
  • %AD_DomainGuid%
  • %AD_DomainNameDNS%
  • %AD_KerberosID%
  • %ComputerName%
  • %HardwareUUID%
  • %HostName%
  • %LocalHostName%
  • %MACAddress%
  • %SerialNumber%