Configuration Profile per payload

jdeltazulu
New Contributor

Wondering what people's preferences are on Configuration Profiles. I am looking at either creating a profile per payload such as a profile just for wireless settings, but I also thought about doing it all in one. What is the common preference on this one? I'd thing the first option would allow me to be more granular, but not sure. Thanks in advance!

2 ACCEPTED SOLUTIONS

Joel_Peasley
Contributor
Contributor

I would recommend using a granular approach and have as few as possible, normally one payload per Configuration Profile. That way if you have to remove or modify a screen saver setting it doesn't affect your Configuration Profile that has your VPN settings in it.

View solution in original post

mscottblake
Valued Contributor

Creating a profile for each payload will allow you to scope them properly. If they are all grouped, you will likely end up duplicating the settings in multiple giant profiles.

View solution in original post

9 REPLIES 9

Joel_Peasley
Contributor
Contributor

I would recommend using a granular approach and have as few as possible, normally one payload per Configuration Profile. That way if you have to remove or modify a screen saver setting it doesn't affect your Configuration Profile that has your VPN settings in it.

mscottblake
Valued Contributor

Creating a profile for each payload will allow you to scope them properly. If they are all grouped, you will likely end up duplicating the settings in multiple giant profiles.

jdeltazulu
New Contributor

As a new Casper user this advice is greatly appreciated!

LarryH
New Contributor III

I moved away from using smart groups for applying my profiles. I now have a static groups for each of my profile configurations.

donmontalvo
Esteemed Contributor III

What if you package an 802.1x profile and push it to a Mac, and the first user who logs in gets prompted to select the certificate...is there a way to prevent users from getting this prompt?

TIA
Don

external image link

--
https://donmontalvo.com

mscottblake
Valued Contributor

While I usually do 1 profile for 1 payload, wifi profiles are an exception for me. I also add the certificates needed for wireless, then add them to the trust portion of the network payload. This should stop the prompt.

easyedc
Valued Contributor II

I went through this same issue last fall and after some troubleshooting issues, and a call to Casper support, the suggestion from Casper is to push each payload as it's own profile. That way, when you experience an issue with a payload, it's easier to troubleshoot where things may be going wrong.

JPDyson
Valued Contributor

Don, I've seen that problem - and actually seen the prompt disappear within a few seconds (user couldn't even finish typing his username). Have you tried letting it sit for a bit?

donmontalvo
Esteemed Contributor III

@JPDyson As it turns out the Configuration Profile was never supposed to be released to users. So I was able to package the certs for distribution, including forcing the root cert to be trusted for all users.

The trick now is removing the Configuration Profile from the Macs that have it, the usual scripted method seems broken:

**$** sudo profiles -R -F /private/tmp/FancySchmancyProfile.mobileconfig
profiles uninstall for file:'FancySchmancyProfile.mobileconfig' and user:'(null)' returned -205 (Unable to locate configuration profile.)
**$**

Don

--
https://donmontalvo.com