Configuration Profile Custom Settings in Profile Manager

Similar Messages

• How to configure profile manager in Maverics when DNS is externally managed?

  Are there any guides to configuring Profile Manager as a MDM?
  Here is my story.
  Recently installed  Mac mini at a school where the DNS is externally managed by the Education departments IT group.  Upgraded to Maverics and installed Server app.  Configured profile manager to the point where we could generate a trust profile and enrolment profile.  Doesn't work because there is no DNS entry for Mac mini server.   Create entry but need to change host name and computer name and local machine name to match entry.  Suddenly profile manager not working at all.  Delete server app and it's configuration file in ~/Library/.  Reinstall.  Now Profile manager won't even activate.  Speak to Apple on phone, run various commands to reinitialise Open Directory and reset profile manager.  To no avail.  Apple say to reinstall Mavericks, Server and try again.
  Funny thing is I got profile manager to work as an MDM in a test environment, but changing DNS after doing so much configuration seems to have made a real mess of things.  Vowing to make a time machine backup as soon as Mavericks re-installs.
  Anyone know of any guides other than the one on krypted.com, which appears to be for the previous version of Profile Manager.
  Stom

  In general, either your OS X Server box has a DNS translation for its address, or it doesn't. 
  If you don't have valid DNS, you will have problems with various services, as DNS is fundamental to distributed authentication and encryption, among other uses. 
  OS X Server doesn't recover well from installations that start off with DNS errors, and the wipe and reinstallation suggested by Apple is usually easier than resolving the various issues that tend to arise within the configurations of the various services.
  If your server doesn't have a valid DNS translation, then either add the DNS translation into your organization's local DNS environment, or work to retrain or replace the folks that are unwilling or unable to administer and to properly maintain local DNS services, or (far less desirably) configure and start your own parallel DNS services.  There are other options, of course. 
  I'd escalate this discussion to management, and let them sort this out — at its core, this very likely isn't a technical issue.

• Can configurator/profile manager group apps

  Appologies if this post is in the wrong section. 
  I have been asked to set up profile manager in such a way that the on-site admin can not only wirelessly deploy apps to devices, but also group and re-group those apps together on the devices screen over-the-air.  End result should be that end users do not have to wade through a sea of apps just to find one application (users include a large number of very young children, so it has to be easy to direct them to specific apps). 
  Now I'm aware that this could be achieved by making a back-up of a pre-configured device, however, this doesn't work well in terms of maintaining the iPads configuration since any new apps added would fall outside of the grouping and the devices would need to be returned to the server room to get their configurations updated with a new backup image and would defeat the purpose of using Profile Manager.  I have attempted to convince the on-site admin that they should assign the devices to gropus in profile manager so that Group A only get the apps they use, Group B only get the apps they use, and so on the really isn't keen on the idea because there would still be way too many apps (we're talking 50 or so per device) to wade through just to find the one the class will use. 
  Is this possible or will it at some point in the future be possible?  The advances made by this new version of profile manager and the VPP store is fantastic, but it'd be nice if this feature could be added at some point in future. 
  Kindly
  Stom

  If I remember it correctly the user (Apple ID) get a 30 days grace period during which they can migrate data from the app and continue use it. When that period ends they get the opportunity to buy the app for themselves and continue using it for their own money.

• Profile Manager Application Deployment

  While working on building payloads in Profile Manager I encountered an issue with application deployment. It seems the applications I'm attaching are downloading, but failing during install. I read online that this is because Profile Manager does not have a provisioning profile and that to correct this you must either give it one or configure Profile Manager to obtain it automatically.
  Anybody have information on this?

  Hi,
  note that as of today the only reason to use system-jazn-data.xml is if the application uses custom JAAS login modules or ADF Security. If you use J2E container managed authentication and authorization then you create a jazn-data.xml file in your project. The workspace-jazn-data.xml fil is used only if the project doesn't contain its own jazn-data.xml file.
  To add a file, select New from the context menu on the project and go to the deployment descriptor section. Make sure you chose "all technologies" from the select box above and then select OC4J descriptors. Choose jazn-data.xml as a descriptor to create. After that, edit the jazn-data.xml file by right mouse clicking on it and selecting "properties" from the context menu.
  The project jazn-data.xml file is deployed with teh application
  Settings in the system-jazn-data xml file are not copie upon deployment and need to be added manually to the target platform
  Frank

• Do I need internet access on my iOS devices to enroll with Profile Manager?

  Hi, I'm trying to configure Profile Manager on a closed network. The Mac Server does have Internet access, but the network for the iOS devices can only have communication with the server, but not to the internet because of company policies. Is there a way around to make it work or do I need internet access on the iOS devices as well?
  I've made the enrollment process in another network with internet access for every device and everything works well, but on the other network(no internet for iOS devices)  everything seems ok (from conection to the server, profile certifiacation and stuf) but the devices can't send or receive anything else, like pushed configurations and device info. Ports and everything is ok, I even read that they need to be on an open network so I know it all comes down to having internet access, but just wanted to ask if there's another way around?? Suggestions?
  Thanks!

  You can share internet connection with your XP-PC using a router(as I do with XP-old MAC's,connected via cable).You may look for more info at:
  http://homepage.mac.com/car1son/mylinksyssetup.html
  and
  http://homepage.mac.com/car1son/os9xnet_nfilesharing.html
  Did you ever use a MAC before? Have you got Airport at your PC?Which?
  Good luck

• Custom Settings - reload issue

  Having an issue with a custom settings in Profile Manager.
  I have two Mac Minis, one I use as a test deploy Mac and that works just fine and the other is used as a shared computer for students.
  I have configured identical custom settings for both minis that sets some options for Google Chrome but the one used as shared computer I always get an error message when I try to load the custom settings panel in Profile Manager saying:
  An Error Occured - Reload Profile Manager and try again - Error: TypeError: Requested keys of a value that is not an object.
  This error occurs when I scroll down in custom settings, and as soon as the setting appear I receive this error. This means that I cannot correct it neither can I delete it. Is there any other way for me to remove this setting?
  The setting that I get a error on is a couple of settings for Google Chrome.
  Any one have a clue how to get rid of this single setting for Google Chrome as now I cannot remove using the regular GUI in Profile Manager, any other place on the OSX Server that holds this setting? Maybe removing a XML file somewhere, anyone?

  No, I never ever did get this issue solved in an easy matter.
  Have You found a resolution for your problem, I dont really exactly remember how I did to solve my problem, I think that I deleted my hole machine from profile manager and removed the profiles on the local client manually, then crazy thing about this is that I had 2 exactly identical clients and one worked the other one did not.

• Early on while configuring the Device Management settings in Profile Manager (Mavericks server) I received an error code -1

  When I started up the Server application, Profile Manager was not selected as expected.  I selected it and started the first step of configuring Device Management in the Settings section.  I entered the organization information and went on to the next step which was to Configure an SSL Certificate
  I selected a "Self Signed" Cert.  Which was the only one of the two choices that made sense.  The other being the, com.deploystudio.server - Self signed
  Hit next and it processed the info and went to "Finish"  I click "Finish" and this is what I get when the setting are confirmed.
  I stopped there since I suspect this error will probably come back to haunt me further down the line as if you recall we could not get the Profile to install due to the invalid cert which I suspect has something to do with this code -1 error at the get go.  I ran the one command line instruction twice to verify this was not a quirk and the same occurred.
  sudo /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB.sh

  Did you ever get this resolved? This error is usually related to DNS, hostname, or Open Directory configuration. Let me know if you still need help.

• HT202577 What Apple TV settings can be managed by pushing configuration profiles?

  Hi everyone,
  I'm aware that Apple TVs support configuration profiles installed via Apple Configurator.
  I was wondering what Apple TV settings can be managed by those configuration profiles. Does such list with settings exist?
  Thanks,
  Dimitar

  One, going from a G5 Quad to this pci access is a dream come true. I don't have an earlier intelamac to compare it with so maybe you're right though. Still I don't see any reason why people would have a problem with this on the new machines.
  Two, the storage write performance surprised me too but I'm not upset about it, the numbers for both are still very high, and I'm wondering what software and hardware changes in the future might do about that.
  Three, I guess machines and sensitivities differ, but my Mac is virtually silent. The only thing I hear is the fans on the video card when I start up and that goes away in seconds. The noisy ATI card reputation is not being lived up to in this case.
  After just shelling out thousands for an 08 Mac Pro I can understand your reasons for not spending thousands more on an 09 model. But overall by most tests I've seen the 09's smoke your machine, and I believe they were not just produced for their capabilities now, but for what's coming in the future.
  Like me with my Quad though, you'll just have to wait a few years, with me many years, to see the benefits of getting another machine.
  To Leslie... Putting blue ray into the new macs would have highly inflated their already very expensive prices. Windows machines can get by with it because they are so cheap, and cheaply made, to begin with. I'm pretty sure the program Toast can make blue ray disks, and there's a plethora of devices to attach to a mac to do so as well.
  And don't be so cynical about offsite reviews of products. I've read many scathing articles about products advertised on their websites. And if you've been reading articles about Macs as long as I have, you'd realize that the toughest articles on Macs come from people who are heads over heels Mac devotees.

• Profile Manager Custom Settings multiple payloads?

  We have been unable to deploy multiple Mac OS X Custom Settings payloads in Profile Manager under a Device Group profile.
  We can seemingly create multiple Custom Settings payloads in one Device Group profile using Profile Manager's web interface, but when deployed, if more than one custom setting payload was created, none of the Custom Settings payloads will deploy.
  We can deploy a single Custom Settings payload per device group profile, and have verified our key/data pairs have correct syntax. But add a second custom setting and deployment fails.
  We have also tried downloading the multiple Custom Settings payload profile for manual installation, yet the issue still occurs - multiple custom settings payloads won't deploy. There must be some mangling in the XML content from Profile Manager.
  Mac OS X 10.8.4
  OS X Server 2.2.1
  Any common experience with this? Any workarounds? We could create multiple Device Groups, each with a single Custom Setting payload, but that will get very complicated very quickly.
  Otherwise we're stuck with using Workgroup Manager preference management for now.

  I have almost the exact same problem. This stupid issue/ bug has existed since server 10.7 I simply tried to import the com.apple.sidebarlists plist file from my local account. It almost seems to corrupt profile manager when anything is loaded into the custom settings. When I try to install the profile on another mac I don't have the Enroll option avaiable to me becuase it acts like it's already enrolled. Soon as I remove the custom setting the profile installs fine. If Apple can't make a critical part of profile manager work corretly they need to just remove it. This problem has existed for a while. I tried filing a bug report under apple.com/feedback since I don't have a develpoer account...but even that website doesn't have a choice for OSX server 10.7 or 10.8 becuase the stupid site is so outdated.

• Lion Server Profile Manager Configuration

  Hi Guys,
  Currently have been testing Lion Server and Profile Manager Configuration.
  So Far Have setup
  Lion with Server App and Server Admin Tools
  Configured Open Directory Master and enabled SSL on LDAP
  Once Configured OD has created a CA Certificate can use for Profile Manager
  Have Enabled in Server.app Web and Profile manager
  In SSL Certificate Configuration have set CA Certificate for Web and Enabled Apple push notifications with my apple ID
  In Profile Manager Enabled Device Management and Enabled Sign configuration profiles and selected CA Open Directory Certificate Created when setting up OD Master.
  On Server Originally could install Trust Profile OK and Enroll Server OK with no issues, but on any other 10.7 Devices could install Trust Profile OK but would always say unsigned and Enroll would never work or just hang.
  Now Since Played around with settings on 10.7 Server can no longer enroll but trust OK.
  Questions have is
  For SSL and Profile Manager to work properly as well as Certificates do you require to purchase a proper SSL Certificate or can we use the OD Master Certificate that gets created. All we are testing is on the Local LAN so don't want to get a SSL certificate from the internet.
  Also why cannot 10.7 clients trust profile and enroll Devices Properly? How do I get this working properly?
  Any ideas?
  Regards,
  Shane

  taubmas wrote:
  Not sure if its that as finally got Lion Server working on a VM setup so network shouldn't be an issue...
  Had 1 OSX Lion Server VM and 1 OSX Lion Client VM and OSX Lion Server VM gets profile and enrolls device fine but again OSX client doesn't get enroll just sits again at installing..... even if set keychain to trust and make trust profile verified..
  any other ideas? I think need to somehow get the server to trust trust profile by default instead of going to keychain all the time.
  Shane
  Did you get this to work in an ESXI envrionment? If so, which version are you running?

• Custom Plist to enable Remote Management in Profile Manager

  Looking to enable Remote Management via a payload in Profile Manager. Can anyone help me create the custom plist values to enable all the toggle boxes for remote management as shown below. If you can also tell me what the preference domain is, I'd greatly appreciate the help!

  Hey Matt, thanks, but I think this is not the source of that problem.
  As shown in the figure, "Device Management" will never change do "Enabled", no matter how much I click on configure.
  The configure process is always successful but the state remains "Disabled". 

• Is there an easier/more-automated way to create user settings in Profile Manager?

  I'm setting up a Mavericks Server and am setting up the settings for each user within the Profile Manager. I'm finding somewhat tedious to have to enter all of the server and account information per service per user. Seeing that it knows the details of the server it's running on – and the user for whom I'm setting up the profiles, is there no automatic way to produce a settings bundle for each user? At the very least, the server hostname and username should be prefilled.

  What settings are you setting in the profiles? You can set a general setting that is available to all users, and also create various device configurations and add devices to them. I personally have not found much use for user specific profiles within profile management.   

• Messages Settings in Profile Manager 2.1 Mountain Lion

  Just want to let anyone and everyone know about something that I've found in Profile Manager.
  I have been messing about with Messages, trying to get it set up without any success but I have found something that could be useful to anyone else in the same situation.
  When applying messages settings to a Profile it seems to spoil all other settings, or at least Dock settings.
  I set up my Dock and other settings for a group and all was fine. I then added the messages settings to the group and all of the Dock settings were removed leaving just Finder and the Trash Can in the dock.
  Removing the Messages setting restored the previous Dock settings and everything is back to normal. Perhaps I am doing something wrong but this seems to be a bit of a bug with Profile Manager.
  On a side note, I'd really appreciate some help with setting Messages up. I work in a school where it would be great if the teachers could use Messages as instant messaging between classrooms.

  Did you ever get this resolved? This error is usually related to DNS, hostname, or Open Directory configuration. Let me know if you still need help.

• Why don't network volume mounts (login items) configured in Profile Manager show up

  Using Lion server and Lion clients.  Bound both the server and client to Active Directory and successfully got Profile Manager up and running.  All I really need from Profile Manager is the ability to mount network volumes so when the user logs in it mounts their home directory.  Please note we do not specify any home directory paths in AD.  I can login with my AD accounts on the Lion client and get other Profile Manager settings to work, however when I try and mount a network volume via login items nothing happens.  I am using SMB for this.  If I try to manually connect to the same path via Go -> Connect To Server it works fine.  For a simple test I even created a folder on one of my Windows servers D drive and shared it and within profile manager configured it as SMB://server/share and still nothing.  I tried setting it in the Dock section as well which I read in another post somewhere but all I get is a question mark.  I have tried all variations of server name, FQDN, ip address, etc.  I know it's not permissions since it works when I try it manually so am really at a loss here.  Is there any way to log what happens at login to see if it's even trying to mount the volume?  I do know the client is getting the profile since i can see it in system preferences but it never works.  Any ideas would be greatly appreciated, thank you!

  @bkma did you find any solution? i run into the same problem.

• Configuring the default configuration profile for Profile Manager

  Hello folks,
  I would like to edit the default configuration profile served by Profile Manger. As far as I understand the only thing I can configure from the Server.app is the name of the profile. The settings for the different services provided by the server (such Mail, Messages, etc.) are automatically chosen by Server.app. When logging as an administrator on the Profile Manager webapp, I can go to "Groups", choose "Everyone", go to "Settings" to review the different payloads. However, almost none of the settings are editable. You can read "This payload is configured using the Server app" on the top of the various panels.
  So my question is: How do you use Server to tweek those payloads? Can this be done using the serveradmin command line tool?
  Thank you very much for your help.
  Regards

  Bump. This is annoying the crap out of me. Every time I try to design a website using Coda, this color picker bug plagues me. I just wish I could turn off color profiles completely as I will never use them.