Alan Siu's Blog

Tag: profiles

  • Signs you may have conflicting MDM profiles in macOS

    Jamf doesn’t currently let you easily separate out individual parts of a profile, so if you deploy a Restrictions profile, you have to enforce all the parts of the Restrictions profile. Sure, you can download the profile, un-sign it, modify it, re-sign it, and then re-upload it, but that’s not very easy to then modify…

  • Managing macOS Notification Center settings using a Jamf profile

    There’s a feature request called Add support for new Notification Settings payloads for Catalina, originally created 19 August, 2019 and currently marked as partially implemented in Jamf Pro 10.19.0, the details being Starting in Jamf Pro 10.19.0, admins may automatically whitelist notifications in macOS Catalina for the Jamf Management Framework and Self Service application bundle..…

  • Semi-automating profile installation in Big Sur

    It’s pretty well known among Mac admins that, starting with Big Sur (macOS 11), Apple has removed the ability for the profiles command to silently install .mobileconfig profiles. Apple wants you to use an MDM to deliver profiles silently… or have users themselves manually install profiles. If you try to install them silently the old…

  • The limits of password-protecting a .mobileconfig profile

    Three years ago, Rich Trouton wrote Adding password protection to manually installed management profiles, which gives step-by-step instructions for how to make a manually-installed profile prompt for a custom password (in addition to the local admin password) when being removed. I’ve tested this on Catalina, and it still works! That said, it worked only from…

  • Things to keep in mind if using a profile to delay macOS updates

    Now that Apple has removed the –ignore flag from softwareupdate, it’s recommending you use the forceDelayedSoftwareUpdates and enforcedSoftwareUpdateDelay flags (more details in Device Management Profile: Restrictions), which are supposed to, in theory, delay an updates user visibility a certain number of days after the update’s release. The number of days delayed may not be precise…

  • Forcing updates to Google Chrome using Chrome preferences / a Chrome profile

    Why use Chrome relaunch notification instead of Munki I’m a huge fan of using Munki to patch software on macOS, but Munki is generally polite—it usually won’t kill an application while the user is using it. There is an option in Munki to force an install after a certain date, but that will log the…