Skip to main content
Jamf Nation, hosted by Jamf, is a dynamic and knowledgeable community of Apple-focused IT admins and Jamf Pro users. Join us in person, in October, for the annual Jamf Nation User Conference (JNUC) to discover new and better ways to manage Apple devices.

Configuration Profiles Reference

Overview

This article explains configuration profile settings that affect devices in a complex way or are unique to the Casper Suite.

Settings



Casper Suite Versions Affected Configuration Profile Type Payload Setting Description
9.101.0 or later Computer Security & Privacy Recovery Key Encryption Method Allows you to choose whether the JSS will automatically encrypt and decrypt personal (also known as "individual") FileVault recovery keys.

There are two options:

  • Automatically encrypt and decrypt recovery key (default)
    • Key decryption—Key is automatically decrypted. If you choose this option, you do not need to configure a certificate in the Certificate payload when the Enable Escrow Personal Recovery Key option is enabled.
    • Key storage—Key is stored in the JSS.
    • Viewing the recovery key—When you view the personal recovery key for a computer, the decrypted recovery key is displayed.
  • Manually specify encryption key
    • Key decryption—You must manually specify the encryption key to decrypt the FileVault recovery key. Manually specifying the encryption key requires a Certificate payload (.cer) included in the configuration profile. The certificate used to encrypt the personal recovery key must be specified in the Personal Recovery Key Encryption Certificate pop-up menu.
    • Key storage—Key is not stored in the JSS.
    • Viewing the recovery key—When you view the personal recovery key for a computer, the encrypted recovery key is displayed. The encrypted key file will be base64- and CMS-encoded and is accessible when viewing management information for a computer by navigating to Management tab > FileVault 2 > Get FileVault 2 Recovery Key.

9.98 or later Mobile Device Restrictions Allow connection to unmanaged Wi-Fi networks Allows you to prevent users from connecting to any Wi-Fi networks not deployed through the JSS.

Warning: If left unchecked, and if at least one Wi-Fi payload is not configured on scoped devices through a configuration profile, devices may lose all network connectivity.

9.9 or later Mobile Device Home Screen Layout Page Layout Allows you to configure the content and layout for each page on the device.

Apps and web clips that are assigned to the device but are not added to the page layout are placed on the last page of the device in alphabetical order.

If a folder on the device is not added to the page layout, the apps within the folder are removed from the folder and are placed on the last page of the device. The folder is removed from the device.

9.8 or later Mobile Device Restrictions Allow installing apps using Apple Configurator and iTunes (supervised iOS 9 only)/Allow installing apps using App Store (iOS 5–8 only) This setting works differently depending on the iOS version:

  • On iOS 9 or later—Devices must be supervised. When selected, the App Store is disabled and removed from the Home screen but apps from the App Store can still be installed and updated using Apple Configurator, iTunes, or the Casper Suite. When deselected, the App Store is still disabled and apps from the App Store can only be installed or updated using the Casper Suite.

  • On iOS 5–8—Supervision not required. When selected, the App Store is enabled and displayed on the Home screen. Apps from the App Store can be installed or updated using the App Store, iTunes, or the Casper Suite. When deselected, the App Store is disabled and removed from the Home screen. Apps from the App Store cannot be installed or updated using the App Store or iTunes but can be installed or updated using the Casper Suite.

9.8 or later Mobile Device Restrictions Allow installing apps using App Store (iOS 9 only; supervised only) Works on supervised devices with iOS 9 only.

When selected, the App Store is enabled and displayed on the Home screen. Apps from the App Store can be installed or updated using the App Store, iTunes, Apple Configurator, or the Casper Suite. (This excludes automatic downloads.)

When deselected, the App Store is disabled and removed from the Home screen but apps from the App Store can still be installed and updated via Apple Configurator, iTunes, or the Casper Suite.

9.2 or later Computer FileVault Recovery Key Redirection Recovery Key Redirection Unique to the Casper Suite.

Choose how you want the recovery keys to be redirected.

9.0 or later Mobile Device
Computer
SCEP Display "Redistribute Profile" setting for this profile Unique to the Casper Suite.

Select this checkbox if you want to display the Redistribute Profile setting in the General payload.

9.0 or later Mobile Device
Computer
General Redistribute Profile Unique to the Casper Suite.

Automatically redistributes the profile when its SCEP-issued certificate is the specified number of days from expiring.

8.6 or later Mobile Device
Computer
SCEP Challenge Type Unique to the Casper Suite.

The challenge password is used as the pre-shared secret for enrollment. There are three challenge type options:

  • Static - Use the same challenge password for each computer or mobile device.

  • Dynamic - Use a unique challenge password for each computer or mobile device. This option is for non-Microsoft CAs.
    The Dynamic option requires use of the JSS API and membership in the Jamf Developer Program. Before selecting this option, contact your Account Manager to learn more about the Jamf Developer Program and the additional steps you need to take to use this option.

  • Dynamic-Microsoft CA - Use a unique challenge password for each computer or mobile device. This option is for Microsoft CAs only.

Like Comment
SOLVED Posted: 8/7/17 at 2:54 PM by jasunlego

So how do you fix this if the box was unchecked and no wi-fi networks were configured? Now i have an iPad that cannot see any networks and cannot check for config changes because it is not able to see and connect to any networks.

Like