I’ve written a number of articles on automating MDM enrollments using Apple Configurator in the past. In Apple Configurator 2, there are some new options that make the process much easier than it’s ever been in the past. To get started, let’s open Apple Configurator 2 and click on a Blueprint we’d like to apply to devices being prepared during a mass iPad or iPhone enrollment through Apple Configurator. Control-click on the Blueprint to set up for automated enrollment and click on the Prepare button. At the Organization screen, select the organization you’d like to enroll your device in and click on the Next button. At the Server screen, select…
-
-
The Second Edition of the Enterprise Mac Administrator’s Guide Now Available for Pre-Order!
The latest and greatest of the Enterprise Mac Admin’s Guide is now available for Pre-Order at http://www.amazon.com/Enterprise-Mac-Administrators-Guide-Second/dp/1484217055/ref=sr_1_1?s=books&ie=UTF8&qid=1445529968. This is an interesting update. If you happened to see the previous edition, I’d described more about Casper than most of the other third party products on the market. In this edition, there’s still an equal amount of information on Casper, but now there’s also more information on FileWave, and a whole chapter on the open source toolchain of products, including Munki and AutoPKG. The main reason I decided to update this title was actually the change from focusing on directory services (which still has plenty of page count) to focusing on profile management.…
-
Configure Xsan Clients With OS X Server 5 For El Capitan And Yosemite
Yosemite brought Xsan 4, which included a whole new way to add clients to an Xsan. Xsan Admin is gone. From now on, instead of scanning the network using Xsan Admin. we’ll be adding clients using a Configuration Profile. This is actually a much more similar process to adding Xsan clients to a StorNext environment than it is to adding clients to Metadata Controllers running Xsan 3 and below. But instead of making a fsnameservers file, we’re plugging that information into a profile, which will do that work on the client on our behalf. To make the Xsan configuration profile, we’re going to use Profile Manager. With OS X Server 5, this trend…
-
Install A vpptoken In OS X Server 5 for El Capitan and Yosemite
In order to use the Apple Volume Purchase Program, you will need an MDM solution (Profile Manager, Casper, MobileIron, Meraki, FileWave, etc). Also, token options were traditionally for one to one (1:1) environments until iOS 9, which marked a change where you can now leverage per-device licensing. This removes the requirement that you need an Apple ID running on each device that you choose to install apps on. Suddenly, VPP is for multi-tenant environments. You can also use codes and options for iOS 7 and up as well as OS X 10.9 and up, but those will use Apple IDs. Also, if you install your vpptoken on OS X Server and you’re running that…
-
Mavericks Server: Enable APNS Debug Logging
Troubleshooting push notification communications between OS X Server and Apple’s Push Notification can be a challenge. Especially with Profile Manager. One great tip I’ve learned over the years is that the APNS daemon, apsd, has a debug mode. To enable APNS debug logging, run these commands: defaults write /Library/Preferences/com.apple.apsd APSLogLevel -int 7 defaults write /Library/Preferences/com.apple.apsd APSWriteLogs -bool TRUE killall apsd Then use tail -f to watch the apsd.log file at /Library/Logs/apsd.log. Be wary, as this can fill up your system. So to disable, use these commands: defaults write /Library/Preferences/com.apple.apsd APSWriteLogs -bool FALSE defaults delete /Library/Preferences/com.apple.apsd APSLogLevel killall apsd
-
My Take Control Of OS X Server Book Now Available!
Thanks to all the awesome work from Adam and Tanya Engst, Tidbits announced today that my Take Control of OS X Server is now available! To quote some of the Tidbits writeup: Some projects turn out to be harder than expected, and while Charles Edge’s “Take Control of OS X Server” was one of them, we’re extremely pleased to announce that the full 235-page book is now available in PDF, EPUB, and Mobipocket versions to help anyone in a home or small office environment looking to get started with Apple’s OS X Server. As you’ll likely remember, we published this book chapter by chapter for TidBITS members, finishing it in early…
-
Add Your VPP Token To Profile Manager Running on Yosemite (OS X Server)
Apple began rolling out new features with the new Volume Purchasing Program (VPP) program last year. There are lots of good things to know, here. First, the old way should still work. You’re not loosing the stuff you already invested in such as Configurator with those codes you might have used last year with supervision. However, you will need an MDM solution (Profile Manager, Casper, Absolute, FileWave, etc) to use the new tools. Also, the new token options are for one to one (1:1) environments. This isn’t for multi-tenant environments. You can only use these codes and options for iOS 7 and OS X 10.9 and 10.10. Also, if you install…
-
Configure Profile Manager On Yosemite Server (Yosemite running the Server app)
Profile Manager first appeared in OS X Lion Server as the Apple-provided tool for managing Apple devices, including Mobile Device Management (MDM) for iOS based devices as well as Profile management for OS X based computers, including MacBooks, MacBook Airs, Mac Minis, Mac Pros and iMacs running Mac OS X 10.7 and up. In OS X Mountain Lion, Apple added a number of new features to Profile Manager and revved the software to Profile Manager 2.0, most notably adding the ability to push certain types of apps to mobile devices. In Mavericks Server (Server 3), Apple provides new options and streamlined a bunch of things, most notably App Store and…
-
Install Your Shiny New VPP Token For Profile Manager
Apple began rolling out new features with the new Volume Purchasing Program (VPP) program this week. There are lots of good things to know, here. First, the old way should still work. You’re not loosing the stuff you already invested in such as Configurator with those codes you might have used last year with supervision. However, you will need an MDM solution (Profile Manager, Casper, Absolute, FileWave, etc) to use the new tools. Also, the new token options are for one to one (1:1) environments. This isn’t for multi-tenant environments. You can only use these codes and options for iOS 7 and OS X 10.9 and above. But this article isn’t…
-
Manage Profiles From The Command Line In OS X 10.9
You can export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up automatically. To script profile deployment, administrators can add and remove configuration profiles using the new /usr/bin/profiles command. To see all profiles, aggregated, use the profiles command…