Deploying OS X Configuration Profiles Without MDM

mobileconfigI was recently in a conversation with someone who needed to deploy configuration profiles to OS X clients, but they did not have the ability or authority within their organization to open the network ports required to implement a Mobile Device Management (MDM) solution.  This post describes how to install configuration profiles with an installer package.

The first step is to create and export your configuration profile as a .mobileconfig file.  These files can be created on a computer running OS X Server, using Profile Manager.  For more details on creating and downloading configuration profiles, see Apple’s Profile Manager Help documentation.

Once you have the .mobileconfig file, you’ll want to create a package that will deploy this file to a known location on your client systems.  I recommend a folder in the root Library named for your organization such as…

/Library/myOrg

For instructions on creating packages, refer to the documentation for your favorite package building tool.  My favorite is Composer.

Simply deploying the .mobileconfig file to this location won’t install it.  Apple provides a command line tool called profiles.  The profiles command can be used as part of a postinstall script included in the package that deploys the .mobileconfig file.  Below, find the two lines to include in this script…

#!/bin/bash
/usr/bin/profiles -I -F "/Library/MyOrganization/Company Wi-Fi.mobileconfig"

 

If the .mobileconfig profile should be deleted once installed, the following command can be added to a third line in the script…

rm "/Library/MyOrganization/Company Wi-Fi.mobileconfig"

 

Of course, “/Library/MyOrganization/Company Wi-Fi.mobileconfig”  should be replaced in each command with the quoted path to the .mobileconfig file deployed by the package.

I hope this is helpful.

3 thoughts on “Deploying OS X Configuration Profiles Without MDM”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s