• Mac OS X Server

    Setup Profile Manager On macOS Server 5.4

    Profile Manager first appeared in OS X Lion Server as the Apple-provided tool for managing Apple devices, including Mobile Device Management (MDM) for iOS based devices as well as Profile management for macOS based computers, including MacBooks, MacBook Airs, Mac Minis, Mac Pros and iMacs running Mac OS X 10.7 and up. Profile Manager has seen a few more updates over the years, primarily in integrating new MDM options provided by Apple and keeping up with the rapidly changing MDM landscape. Apple has added DEP functionality, content distribution, VPP, and other features over the years. In macOS Server 5.4, there are plenty of new options, including the ability to deploy VPP…

  • Mac OS X,  Mac OS X Server

    Use Startup Profiles In macOS Sierra

    There is a nifty feature available in the profiles command in Sierra (which dates back to Mavericks), where you can configure profiles to install at the next boot, rather than immediately. Useful in a number of scenarios. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure): profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v And that’s it. Nice and easy…

  • Uncategorized

    Use The Profiles Command In Sierra

    You might be happy to note that other than the ability to interpret new payloads, the profiles command mostly stays the same in Sierra. You can still export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up automatically.…

  • Mac OS X Server,  Mac Security,  Xsan

    Configure Xsan Clients In Server 5.2

    Yosemite brought Xsan 4, which included a whole new way to add clients to an Xsan. Xsan Admin is gone, as of El Capitan, but unchanged from then to macOS Sierra (other than a couple of binaries moving around). These days, instead of scanning the network using Xsan Admin. we’ll be adding clients using a Configuration Profile. This is actually a much more similar process to adding Xsan clients to a StorNext environment than it is to adding clients to Metadata Controllers running Xsan 3 and below. But instead of making a fsnameservers file, we’re plugging that information into a profile, which will do that work on the client on our behalf.…

  • Mac OS X Server

    Profile Payload Best Practices

    Apple has defined some best practices to be taken when using Profiles. Obviously these don’t cover every situation, but they cover all but edge cases and lay out a pretty good description of why you should do the things we’ve mostly figured out to do by trial and error thus far. Great job to the OS X Server documentation team! https://help.apple.com/profilemanager/mac/5.1.5/#/apdE3493-C50A-4E9E-A1B6-CBCBC8C73507

  • Apple Configurator,  Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Programmatically Extract Saved Wi-Fi Passwords In OS X

    Previously, I covered how to Programmatically Obtain Recent Wi-Fi Networks On A Mac. But, here I’m gonna’ go a step further and look at how to extract the password for a network as well. The two are stored in different locations. The recent networks are in the /Library/Preferences/SystemConfiguration/com.apple.airport.preferences defaults domain. If you pull one of those, then you can use the security command to extract the password itself. security find-generic-password -ga "Krypted Home" The output is as follows, showing everything that is tracked about this network in the keychain. keychain: "/Library/Keychains/System.keychain" class: "genp" attributes: 0x00000007 <blob>="Krypted Home" 0x00000008 <blob>=<NULL> "acct"<blob>="Krypted Home" "cdat"<timedate>=0x32303135313230373135313731375A00 "20151207151717Z\000" "crtr"<uint32>=<NULL> "cusi"<sint32>=<NULL> "desc"<blob>="AirPort network password" "gena"<blob>=<NULL> "icmt"<blob>=<NULL> "invi"<sint32>=<NULL> "mdat"<timedate>=0x32303135313230373135313731375A00 "20151207151717Z\000"…

  • Apple Configurator,  iPhone,  Mass Deployment

    Add Profiles To Blueprints In Apple Configurator 2

    One of the tasks you’ll need to perform in Apple Configurator 2, is to assign Profiles to iOS devices in order to set them up with features or restrict the device from using certain features. I cover creating a profile here. To get started applying a profile to a device, bring up the Blueprints screen. Choose a Blueprint and right-click on it. Choose Profiles… Browse to the profile and then click on Add Profile. The profile is then applied to any devices that the Blueprint is applied to. For more on Blueprints, view this article.

  • Apple Configurator,  iPhone,  Mass Deployment

    Apple Configurator 2 Guide

    Apple Configurator 2 is a great new evolution in iOS initial and configuration management. And there are lots of great options. And to help you wrap your head around all this new fun stuff, I’ve written up a quick and dirty guide for using Apple Configurator 2. It’s not completely done, but it will be shortly. Hope this help someone. Enjoy!

  • Apple Configurator,  Mac OS X,  Mass Deployment

    Using Apple Configurator 2 Blueprints to Manage iOS Devices

    Blueprints are a new option in Apple Configurator 2. Blueprints allow you setup a template of settings, options, apps, and restore data, and then apply those Blueprints on iOS devices. For example, if you have 1,000 iOS devices, you can create a Blueprint with a restore item, an enrollment profile, a default wallpaper, skip all of the activation steps, install 4 apps, and then enabling encrypted backups. The Blueprint will provide all of these features to any device that the Blueprint is applied to. But then why not call it a group? Why call it a Blueprint? Because the word template is boring. And you’re not dynamically making changes to devices over…

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Use The profiles Command Line In El Capitan

    You might be happy to note that other than the ability to interpret new payloads, the profiles command mostly stays the same in El Capitan, from Yosemite. You can still export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start…