- Introducing Account Management
- Configuring Profile Manager
- Managing User, Group, Device, and Device Group Accounts
- Troubleshooting
- What You’ve Learned
- References
- Chapter Review
Managing User, Group, Device, and Device Group Accounts
You can create settings for four different types of accounts:
- User—Usually relates to a specific person. This is the account that the person identifies himself or herself with when logging in to the machine. A user’s short name or UID number uniquely identifies the user on a system.
- Group—Represents a group of users, a group of groups, or a mixture of both.
- Device—Similar to a user account, it’s the singular entity that represents a given piece of hardware. Device accounts are uniquely identified by their Ethernet ID, serial number, IMEI, or MEID.
- Device Group—Represents a group of computers or iOS devices, a group of device groups, or a mixture of both.
Which Preferences Can Be Managed?
In addition to various other settings for user, group, devices, and device group accounts, Profile Manager provides control over the preferences listed in Table 4.1. Table 4.2 describes the manageable preferences payloads for devices and device groups.
Table 4.1. Manageable Preferences Payloads for Users and Groups
Preference |
OS X |
iOS |
Description |
General |
• |
• |
Profile distribution type, how the profile can be removed, organization, and description |
Passcode |
• |
• |
Define passcode requirements such as length, complexity, reuse, etc. |
|
• |
• |
Configure email settings such as servers, account name, etc. |
Exchange |
• |
• |
Configure Exchange ActiveSync settings |
CardDAV |
• |
• |
Configure access to CardDAV server |
CalDAV |
• |
• |
Configure access to CalDAV server |
Network |
• |
• |
Configure network setting on the device,including wireless and wired |
VPN |
• |
• |
Configure VPN settings: L2TP, PPTP, IPSec (Cisco), CiscoAnyConnect, Juniper SSL,and F5 SSL |
Certificate |
• |
• |
Allows the installation of PKCS1 and PKCS12 certificates |
SCEP |
• |
• |
Define connection to Simple Certificate Enrollment Protocol (SCEP) server |
Web Clips |
• |
• |
Display defined Web Clips as application icons |
Restrictions |
• |
• |
Define application and content restrictions (separate OS X and iOS versions) |
Subscribed Calendars |
• |
Configure calendar subscriptions |
|
APN |
• |
Configure carrier settings such as the Access Point Name (Advanced use only) |
|
iChat |
• |
Configure connection to Jabber or AIM chat servers |
|
Login Items |
• |
Specify applications, items and network mounts to launch at login |
|
Mobility |
• |
Define mobility settings for OS X clients to allow cached credentials and portable home directories |
|
Dock |
• |
Configure Dock behavior |
|
Printing |
• |
Configure printing settings and access to printers or print queues |
|
Parental Controls |
• |
Define settings for Parental Controls such as content filtering and time limits |
|
Security and Privacy |
• |
Define whether or not to send diagnostic and usage data to Apple (might change in the future) |
|
Custom Settings |
• |
Apply custom preferences for items not defined in other payloads. Similar to applying preference manifests in WGM |
|
Directory |
• |
Configure binding to directory services |
|
Login Window |
• |
Configure Login Window options, such as messages, appearance, access, and Login/LogoutHooks |
|
Software Update |
• |
Define an Apple Software Update Server to be used by the computer |
|
Energy Saver |
• |
Define Energy Saver policy such as sleeping,timed actions and, wake settings |
Table 4.2 Manageable Preferences Payloads for Devices and Device Groups
Preference |
OS X |
iOS |
Description |
General |
• |
• |
Profile distribution type, how the profile can be removed, organization, and description |
Passcode |
• |
• |
Define passcode requirements such as length, complexity, reuse, etc. |
|
• |
Configure email settings such as servers, account name, etc. |
|
Exchange |
• |
Configure Exchange ActiveSync settings |
|
LDAP |
• |
Configure connection to LDAP server |
|
CardDAV |
• |
Configure access to CardDAV server |
|
CalDAV |
• |
Configure access to CalDAV server |
|
Network |
• |
• |
Configure network setting on the device including wireless and wired |
VPN |
• |
• |
Configure VPN settings: L2TP, PPTP, IPSec (Cisco), CiscoAnyConnect, Juniper SSL, and F5 SSL |
Certificate |
• |
• |
Allows the installation of PKCS1 and PKCS12 certificates |
SCEP |
• |
• |
Define connection to Simple Certificate Enrollment Protocol (SCEP) server |
Web Clips |
• |
Display defined Web Clips as application icons |
|
Restrictions |
• |
• |
Define application and content restrictions (separate OS X and iOS versions) |
Subscribed Calendars |
• |
Configure calendar subscriptions |
|
APN |
• |
Configure carrier settings such as the Access Point Name (Advanced use only) |
|
Login Items |
• |
Specify applications, items, and network mounts to launch at login |
|
Mobility |
• |
Define mobility settings for OS X clients to allow cached credentials and portable home directories |
|
Dock |
• |
Configure Dock behavior |
|
Printing |
• |
Configure printing settings and access to printers or print queues |
|
Parental Controls |
• |
Define settings for Parental Controls such as content filtering and time limits |
|
Security and Privacy |
• |
Define whether or not to send diagnostic and usage data to Apple (might change in the future) |
|
Custom Settings |
• |
Apply custom preferences for items not defined in other payloads (similar to applying preference manifests in WGM) |
|
Directory |
⋆ |
Configure binding to directory services |
|
Login Window |
⋆ |
Configure Login Window options, such as messages, appearance, access, and Login/ LogoutHooks |
|
Software Update |
• |
Define an Apple Software Update Server to be used by the computer |
|
Energy Saver |
• |
Define Energy Saver policy such as sleeping, timed actions and, wake settings |
Managing Preferences for Users in a Group
Although you can set up preferences individually for users with network accounts, it’s more efficient to manage preferences for the groups to which they belong. Using groups allows you to manage users regardless of which devices they use.
Managing Device Group Accounts
A device group account is set up for a group of computers or iOS devices that have the same preference settings and are available to the same set of users and groups. You create and modify these device groups in Profile Manager.
When you set up a device group, make sure you have already determined how the devices are identified. Use descriptions that are logical and easy to remember (for instance, the description might be the computer name). This also makes it easier to find the devices to add them to the correct device group.
Creating a Device Account
There are two ways to set up a device account:
- During device enrollment the device account is created automatically.
- You can create a placeholder in Profile Manager, so when the user logs into the User Portal, predefined profiles are assigned to the device.
To manually create a placeholder in Profile Manager:
- Click Devices in the Profile Manager Library.
Click the Add (+) button below the list of devices, and select Add Placeholder.
Give the placeholder a name and choose how to identify the device by Ethernet ID, serial number, IMEI, or MEID.
- Click the Add button.
- From the placeholder entry, you can add profiles and management that will be applied automatically once the device is enrolled.
To import a list of placeholders in Profile Manager:
Lists of devices can be imported into Profile Manager via a comma separated value (CSV) file. The file needs to be structured as this:
name, serial number, UDID, IMEI, MEID
Leave a field empty if you’re not using that value.
- Click Devices in the Profile Manager Library.
- Click the Add (+) button below the list of devices, and select Import Placeholders.
- Choose the import file and upload.
Creating and Populating a Device Group
To create and populate a Device Group, Profile Manager is utilized:
- Click Device Groups in the Profile Manager Library.
Click the Add (+) button below the list of device groups. This creates a new group that can be populated with the desired name.
To add devices to the device group, click the Add (+) button under the device group pane.
Click the device to add to the device group and then click Done.
- To add device groups to the device group, click the Add (+) button under the device group pane.
Click the device group to add to the device group and then click Done.
- Click Save.