Tag: profiles

  • Signs you may have conflicting MDM profiles in macOS

    Jamf doesn’t currently let you easily separate out individual parts of a profile, so if you deploy a Restrictions profile, you have to enforce all the parts of the Restrictions profile. Sure, you can download the profile, un-sign it, modify it, re-sign it, and then re-upload it, but that’s not very easy to then modify…

  • Managing macOS Notification Center settings using a Jamf profile

    There’s a feature request called Add support for new Notification Settings payloads for Catalina, originally created 19 August, 2019 and currently marked as partially implemented in Jamf Pro 10.19.0, the details being Starting in Jamf Pro 10.19.0, admins may automatically whitelist notifications in macOS Catalina for the Jamf Management Framework and Self Service application bundle..…

  • Semi-automating profile installation in Big Sur

    It’s pretty well known among Mac admins that, starting with Big Sur (macOS 11), Apple has removed the ability for the profiles command to silently install .mobileconfig profiles. Apple wants you to use an MDM to deliver profiles silently… or have users themselves manually install profiles. If you try to install them silently the old…

  • The limits of password-protecting a .mobileconfig profile

    Three years ago, Rich Trouton wrote Adding password protection to manually installed management profiles, which gives step-by-step instructions for how to make a manually-installed profile prompt for a custom password (in addition to the local admin password) when being removed. I’ve tested this on Catalina, and it still works! That said, it worked only from…

  • Things to keep in mind if using a profile to delay macOS updates

    Now that Apple has removed the –ignore flag from softwareupdate, it’s recommending you use the forceDelayedSoftwareUpdates and enforcedSoftwareUpdateDelay flags (more details in Device Management Profile: Restrictions), which are supposed to, in theory, delay an updates user visibility a certain number of days after the update’s release. The number of days delayed may not be precise…

  • Forcing updates to Google Chrome using Chrome preferences / a Chrome profile

    Why use Chrome relaunch notification instead of Munki I’m a huge fan of using Munki to patch software on macOS, but Munki is generally polite—it usually won’t kill an application while the user is using it. There is an option in Munki to force an install after a certain date, but that will log the…

  • BlacklistRegex and WhitelistRegex on Santa

    Acknowledgements Thanks once again to @bur on the Mac Admins Slack for the info I’m documenting here. BlacklistRegex and WhitelistRegex In a previous blog entry, I talked about using Santa to block apps by certificate (and I briefly mentioned blocking by binary). You can also block by path using regular expressions. Binary takes precedence over…

  • askForPassword and askForPasswordDelay in macOS 10.13 (High Sierra)

    Update: Apparently 10.13.4 just breaks this completely (defaults write commands won’t do anything any more). Thanks to tristan on the MacAdmins Slack for pointing this out. In macOS 10.12 (Sierra) and earlier, you could go to System Preferences > Security & Privacy > General > Require password ________ after sleep or screen saver begins, and…

  • Importing custom .mobileconfig profiles into Mosyle MDM

    Acknowledgements: Full credit to Tom Case on the MacAdmins Slack for this tip. It’s not immediately obvious that you can import custom .mobileconfig profiles into Mosyle MDM, but apparently you can if you go to Management > Certificates > (click on profile or add new one) > Select the file. Those can be any .mobileconfig…

  • Can’t change Safari homepage in Sierra, even with no profiles managing homepage

    So I came across something weird that’s affected only my 10.12.4 clients (none of my 10.11.6 clients seem to be affected by this). Even though I have only one Safari profile enabled, which is set-once and doesn’t manage the homepage, my 10.12.4 clients are unable to change the homepage in Safari manually. Whatever the homepage…

  • Set ShoreTel Communicator server name with a profile

    When you install ShoreTel Communicator’s Mac app, it launches up and asks you for a server name, username, and password. The username and password will be specific to each user, but the server name will likely be the same for everyone, at least at a small- or medium-sized organization. So if you have Mac clients…

  • Using a profile to re-enable Safari plugins

    Recently (not sure the exact date), Apple started disabling certain Safari plugins by default. That’s great for security, but it’s not that great for usability, especially if users actually want to use those plugins. If you want your users to enable plugins themselves manually, they can follow Apple’s instructions at How to use Internet plug-ins…

  • Forcing a Chrome homepage on Macs

    Nick McSpadden has a great (and thorough) write-up on Deploying and Managing Google Chrome: The Rough Guide, and his recommendation is to have some initial Master Preferences that set a default, which can be overriden. In some cases, though (for example, we have some machines that will be used for Hour of Code next week…

  • Preparing SonicWALL Mobile Connect for Munki

    I’ve found NetExtender (Packaging NetExtender for Munki) to be a little less buggy than SonicWALL Mobile Connect, but NetExtender is pretty much non-functioning in El Capitan, so I’m looking at possibly deploying SonicWALL Mobile Connect in the future. The import process into Munki for the .app is fairly straightforward. You install SonicWALL Mobile Connect from…