Skip to main content

Profiles: An IT Admin’s Best Friend

Watch this JNUC session in its entirety.

Profiles – a pain point or a plus? In today’s session, IT experts Ben Toms and James Ridsdale looked at profile flexibility and examined what the JSS offers when it comes to profiles and payloads. They further dove into the difference between Mac and iOS profiles, sharing their experience with everything from how multiple profiles composite the same payload to how execution frequencies work.

System engineers at dataJAR Ltd. (a Jamf Gold Partner and managed service provider responsible for approximately 50 Jamf Pro instances), Ridsdale and Toms are responsible for more than 10,000 Apple devices. In other words – they know their way around Jamf.

Ridsdale started by going back in time. “In 2001, the first version of Mac OS X was released,” he said. “However, if we were to start managing settings on devices, we’d need to script.” Scripting required setting what was needed at login, once. There was no central management option.

In 2002, the release of 10.2 came with Workgroup Manager. “This gave us a way to deploy plists remotely to Macs and also enforce those settings via Managed Preferences,” Ridsdale explained, further noting that while Apple may have envisioned Macs authenticating to a Mac server only and receiving its managed preferences from there, there was another way. So together, they did what they found worked until time allowed for a different solution.

In 2007, the iPhone was released. And in 2008, Apple released iPhone Configuration Utility, a way to install and configure profiles to locally attached devices. #imtoosexyformcx

“Both iOS and OS X started to allow deploying of configuration profiles over the air via MDM,” Ridsdale said. “For iOS, however, it was limited to some inbuilt commands.”

Take a step forward. Apple Push Notification Service relays the message for a device to check in. “This is a bit like when as a kid you were playing in the park and someone calls out to say that your mum is after you,” Ridsdale explained. The device checks in with the MDM, and the MDM relays what it had for the device. The device then advises the status of the request.

2013 brought Mavericks and iOS 7 and 10.9 brought preference caching, which eliminated the use of Plistbuddy, except for newly created plists.

With the background explained, the session turned to process. How does it work?

To answer the question, they first looked at the hierarchy of macOS. They evaluated the precedence to see what’s been done in order to understand the foundation of where things are now.

The duo took a detailed look at Managed Preferences; Identification; Applying Profiles; Checking Preferences; and Composition.

All-in-all the session was a technical deep dive into the world of profiles: why and how they work and why you should care.

Check out their Github for more details: https://github.com/dataJAR/jnuc2016.git

Want to see this session in all of its glory complete with musical interludes? Check jamf.com in the coming weeks to see the full video of this session. Happy viewing!