A primer in OS X Server's Profile Manager

More Stories in this Series

A primer in Profile Manager: Enrolling and managing devices

Set up and manage devices using OS X Server's Profile Manager service.

osx server profile manager

This is episode eight in our series on setting up and managing devices using OS X Server’s Profile Manager service.

If you’re just tuning in now, you’ll want to look at:

We’ve now arrived at the point where you can begin device management. Before we continue, you’ll need to spot check a few items, then it’s off to the races.

DNS and SSL certificates

Reminder: You should not be performing these exercises on your server computer. From here on out we’ll be making changes to devices we’re managing.

First, let’s check DNS to make sure everything is configured and working properly.

  1. Open System Preferences on the computer you’re going to manage.
  2. Click the Network preference.
  3. Verify that the DNS Server settings point to a DNS server containing a record for your server. If it isn’t, click the advanced button and add the correct DNS server.
    dns1
  4. Open the Network Utility (Use Spotlight or open /System/Library/CoreServices/Applications using the Finder’s Go menu.)
  5. Click the Lookup tab.
  6. Enter yourserver.yourdomain.com in the address file and click the Lookup button and make sure that name resolves to your server’s IP address.
    dns2
  7. Then enter your server’s IP address in the address field and click the Lookup button and make sure your server’s IP address resolves to your server’s FQDN.
    dns3

After checking to see that your DNS is working properly, you also need to make sure that your server’s services are being secured using the correct SSL certificate.

  1. Open the Server app on your admin computer.
  2. Select Certificates in the Server section of the sidebar.
  3. Verify that the setting that says “Secure services using:” is using the certificate with your server’s FQDN referenced in it. It should not be the certificate that says yourservername.local.
    ssl1

When your DNS and SSL setting are set correctly, it’s time to enroll your first device.

Enroll a device using the My Devices portal

  1. On your admin computer, navigate to Profile Manager’s My Devices portal by typing yourserver.yourdomain.com/mydevices.
  2. Authenticate using one of the accounts you created in the previous tutorial and click Log In.
    mdlogin
    Unlike the last time we logged in here, you should now see a tab that says Devices and a picture of your computer.
    mydevices
  3. Click the Profiles tab.
  4. Click the button next to the Trust Profile for your server that says Install. This will download a Trust Profile for your server, which is what lets your computer trust any other profiles that come from your server.
    trust
  5. System Preferences will open, switch to the Profiles preference and ask if you want to install the Trust Profile for your server. Click Continue.
    profile1
  6. Because you are using a self-signed SSL certificate, you will be asked to confirm that you want to install the profile. Click Install.
    profile2
  7. Authenticate as an administrative user on your computer.

Your Trust Profile will now be installed.

profile3

Once the Trust Profile is installed you can now enroll your device:

  1. Using a web browser, click the Devices tab in Profile Manager’s My Devices portal.
  2. Click the button that says Enroll. This will download a Remote Management profile, which, as with the Trust Profile, will open the Profiles preference and ask if you want to Install “Remote Management”.
    remotemanagement
  3. Click Continue.
  4. Once again, you will be asked to confirm that you want to install this profile. Click Install.
  5. Authenticate as an administrative user.
  6. Make note of the changes to the My Devices portal. You should see your Mac, its serial number, and buttons for locking and wiping your device.
    enrolled
  7. Log out of the My Devices portal.

Manage your first device

Now that you’ve successfully enrolled your device, it’s time to perform your first management task:

  1. Log into Profile Manager by typing yourserver.yourdomain.com in a web browser on either your admin or server computer.
  2. Authenticate as an administrative user.
    auth
  3. Select Devices from the Library sidebar in Profile Manager. You should see something like this:
    devices
    Note that the device you enrolled is listed as belonging to the user you logged in as when you enrolled the device.
  4. Select your enrolled device and click the Settings tab. You should now see the settings for your enrolled device.
    settings

Profile Manager settings are referred to as Payloads and when you enrolled your device the profile that was installed included only one Payload, which included only basic settings. We’ll talk more about payloads next week, but you can view and make changes to a payload by clicking the Edit button. Let’s take a quick look at the General setting, then add one more change to see how these payloads work.

Click the Edit button for your enrolled device. Note that the General payload is already selected and that it contains some basic configuration information.

configinfo
  • Profile Distribution is set to Automatic Push.
  • Organization is un-editable and matches the name of your organization as you set it up in a previous exercise.
  • The Description, Security, and Automatically Remove Profile settings are editable and can be changed or updated if you want to change them.

Again, we’ll talk more about payloads and how you can change them in a subsequent episode, but, for now, we’re going to change one configuration setting using a payload so you can begin to see how this works.

When managing devices, you’ll note that the left-hand side of the configuration window contains a list of settings you can configure using Profile Manager. One of the settings for which it’s easiest to see a change is the Dock. So let’s configure the Dock payload to get some instant gratification:

  1. Scroll through the list until you locate the section that says OS X.
  2. Locate and select the Payload that says Dock—Not Configured.
    osxdock
  3. Click the button that says Configure.
    configure
    Note that the defaults for the Dock are:
    • Dock Size: 6
    • Magnification: None
    • Position: Bottom
    • Minimize using: Genie Effect
    • Animate opening apps
    • Merge with User’s Dock You will want to make changes that differ from your normal Dock settings, otherwise you won’t see any changes when this payload is updated on your Mac. For my Mac those changes would be:
    • Dock Size: 10
    • Magnification: 7
    • Position: Bottom (I usually have my Dock on the Left)
    • And I added a path to a folder in the Dock Items section.
  4. Make changes to your Dock that look something like:
    myconfigs
  5. Click the OK button.

Clicking OK only saves the payload that you’ve just changed, but it does not yet apply the configuration to your enrolled devices. To apply the payload you’ll need to click the Save button in the device’s Settings window.

  1. Click Save. Within a matter of seconds you should your screen flicker briefly and your Dock should now reflect the changes you made in the Dock payload.
  2. Open System Preferences.
  3. Click the Profiles preference.
  4. Select the profile that says Settings for yourcomputername.
    pushedconfig

You should note that this configuration profile reflects the changes you made when you created the Dock profile using Profile Manager.

You have now successfully created and deployed your first Profile Manager configuration profile. Next we’ll take a take a deeper look Profile Manager payloads.

Subscribe to the Best of Macworld Newsletter

Comments