Profile Manager first appeared in OS X Lion Server as the Apple-provided tool for managing Apple devices, including Mobile Device Management (MDM) for iOS based devices as well as Profile management for OS X based computers, including MacBooks, MacBook Airs, Mac Minis, Mac Pros and iMacs running Mac OS X 10.7 and up. In OS X Mountain Lion, Apple added a number of new features to Profile Manager and revved the software to Profile Manager 2.0, most notably adding the ability to push certain types of apps to mobile devices. In Mavericks Server (Server 3), Apple provides new options and streamlines a bunch of things, most notably App Store and…
-
-
A Guide To Using Mountain Lion Server (OS X 10.8)
I’ve been doing a number of postings on how to use various features of the latest version of OS X Server. Given that WordPress is pretty much a reverse chronological listing of articles I’ve written, I thought I’d put together a listing of the pages that I’ve done for OS X Server 10.8 (Mountain Lion Server) in order to offer a more pedagogically aligned way of reading these posts. As such, here is the Table of Contents for these posts: Introduction What Changed 10 Impactful Changes Upgrading from Lion Upgrading from Snow Leopard Managing the Server Configuring Alerts Using Web Modules Enable Push Notifications Configuring Time and Time Services Setting Up…
-
Video on Setting Up Profile Manager in Lion Server
-
Moving Managed Preferences to Profiles
If you’ve been following my postings for the past few weeks you may have noticed that I’m putting the pieces together for a strategy to transition existing managed preferences in environments to profiles, most notably those managed using Lion Server’s Profile Manager as more than just a mobile device management tool, but also as a computer management tool. To put the articles into a bit more order, let’s look at the order that you’d likely use them to actually do an integration: If needed, upgrade any existing Open Directory deployments to Lion: https://krypted.com//mac-os-x/upgrading-open-directory-from-snow-leopard-server-to-lion-server Start off with getting Profile Manager installed (Part 1): https://krypted.com//iphone/setting-up-profile-manager-in-lion-server Then integrate Profile Manager with your internal directory…
-
Automating Profile Manager Enrollment Through DeployStudio
When planning to migrate from managed preferences to profiles, one of the important aspects to consider is automated enrollment. One of the more important aspects of automating a traditional managed preferences environment is to automate the binding to directory services. You do not bind to Profile Manager; however, you do enroll devices. Much like binding computers to Lion Server’s Open Directory (by default), certificates and host names are important aspects of the enrollment process. Much as with local managed preferences, management via profiles can be done through the command line and without any involvement from a centralized source. I had written an article awhile back on using profiles from the…
-
Integrating Mac OS X Lion Server's Profile Manager With Active Directory
Over the years, the terms Magic, Golden, Triangle, Augments, Directory, Domains and Active have given the administrators of Mac OS X environments fits. So when you think about using Active Directory to manage iOS devices through the Profile Manager service, built into Lion Server, you may think that it’s a complicated thing to piece together. You may remember those days when you had to manually craft service principals because xgrid wouldn’t play nice with Acive Directory, or you might think of twisting augmented records to support CalDAV. But you’re gonna’ have to forget all that, ’cause getting Profile Manager to talk to Active Directory is one of the easiest things…
-
Using Apple Configurator For Automated Enrollment
I have covered Apple Configurator in a couple of different articles already. But one question I’ve gotten a number of times is how to do automated enrollment of iOS devices into an MDM solution, such as Profile Manager. Each device that gets enrolled into Profile Manager will require a Trust Profile (installed under the Profiles tab of the MyDevices portal) and an Enrollment Profile (installed under the Devices tab of the MyDevices portal). The Trust Profile requires about 3 or 4 taps to install and the Enrollment Profile requires about the same. The best way I’ve seen for doing automated enrollment is actually to do semi-automated enrollment. Basically, each device…
-
Setting Up Profile Manager in Lion Server
New in Lion Server, Profile Manager is the most substantial new service added to Mac OS X Server in recent memory. A lot of engineering has gone into it since the introduction in 10.7.0 and in 10.7.3, Profile Manager represents a service that is ready for actual deployments. I have written a number of articles about Profile Manager, but they all revolved around working with Profile Manager once the service is setup and configured. Therefore, I have decided to document the steps used to take a system out of the box and configure it for Profile Manager. Before we get started, let’s prep the system for the service. This starts…
-
Fixing Service Issues When Upgrading to 10.7.3 Server
The 10.7.2 to 10.7.3 update for Lion Server has introduced a few issues in some environments that I’ve seen. It just so happens that the update corrects a lot of behavior with Lion Server while also introducing new features, so it’s something you’re gonna’ need to do eventually. Therefore, before I update, I would strongly recommend backing up all of your services, your service data and Open Directory. Once you’ve run the 10.7.3 update, there are a few things that I’ve seen happen. The first is that the web server won’t start. If this happens, reset the web server back to factory default: serveradmin command web:command=restoreFactorySettings Once it’s reset, you…
-
Backing Up and Reindexing The Profile Manager Database in Lion Server
A common task when scaling databases is to reindex tables within the database. This process makes lookups faster and databases run butter. Reindexing becomes a pretty easy step before or after backing up the database as a general housekeeping step. To backup the database, you’ll use the pg_dump command, defining the user with -U and then the database with -d. In the case of Profile Manager, the database is device_management. Given that data is distributed across a lot of tables in the device_management database, the below script will backup the device_management database and then reindex each of the tables. If you follow previous articles to enable the Postgres user, you…