Help

VPN Config profile in Casper Admin and Casper Imaging?

rich_seide
New Contributor

Posted on ‎06-12-2015 08:41 AM

Hello,

Is there a way to put a configuration profile in Casper Admin to use in Casper Imaging?

What I'm trying to do is, have all new machines that are being imaged to have the VPN settings installed at imaging time. I've found a way to set the VPN settings in Configuration Profiles.

I don't want to push the VPN configuration profile out to all Macs because it will over write the settings that are out there now. Everyone has a different username and password, but the rest of the VPN settings are the same.

I'm not sure how to make a smart group that has all the Macs with VPN already set up and to exclude that group from the configuration profile, otherwise I'd have it set up that way.

Will it work if I download the config profile, put it Casper Admin and then have that installed through Casper Imaging?

0 Kudos
4 REPLIES 4

rlandgraf
Contributor

Posted on ‎06-12-2015 08:46 AM

You can, just create the config profile, then download it and save it on the machine somewhere users won't find it. Then package it with composer and put in casper admin. Also create a script that then installs it with the profiles -i command. and run this as a a post reboot script during imaging. The problem with this method of install is that if you make changes to the profile in the JSS they will not be changed on the machines as it wasn't installed pushed directly from there.

0 Kudos

bpavlov
Honored Contributor

Posted on ‎06-12-2015 08:57 AM

Are the VPN credentials just using their $username? If so you can use that value in the VPN config profile (it's a config profile variable that Casper allows; read pages 325-326 of the 9.72 casper admin guide for other variables you can use) and update the VPN profile so that everyone gets the new settings with their specific username. The only thing that would change would be that their password would have to be put in.

This assumes that the computer is assigned to a username. If it's not assigned a username I'm not sure what happens to be honest (probably stays blank until a username is either assigned or filled in).

0 Kudos

alexjdale
Valued Contributor III

Posted on ‎06-12-2015 09:07 AM

A little tip for configuration profiles: you can install them easily with just a script. No need for a package, file payload, or anything else. In the script, echo the profile out to a temp file, install it with the profiles command, then delete the file afterwards. This works amazingly well if you have your DPs migrated and scripts execute directly from the JSS.

Added bonus: you can sub in variables if you need to fill in usernames or other data that may not be supported by stock profiles, including passwords or whatnot that can be passed as script parameters. This is how I do all my config profiles, forget static .mobileconfig files!

#!/bin/bash

echo > /tmp/profile.mobileconfig "<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
...
</dict>
</plist>"

profiles -I -F /tmp/profile.mobileconfig
rm /tmp/profile.mobileconfig
0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎06-16-2015 05:35 AM

@rich.seide I second what @bpavlov mentioned, as that's what we do.

0 Kudos