Sunday, August 3, 2014

Using Meraki Systems Manager to Distribute Management Profiles for OS X Over the Air



This article came out of my frustration with Apple's Profile Manager (APM).  I had been successfully running APM for about a year, but over the summer was cleaning up device groups. APM then went sideways.  Profile updates stopped being pushed out unless I rebooted the system and even then systems wouldn't update the profile information.

I have always been a big fan of Meraki's System Manager.  It is free, works in the cloud and for the most part is very reliable.  Before considering Meraki,  I had read some excellent articles (here  and here ) about how to use Apple Remote Desktop (ARD) to push out configuration profiles.  These articles show you how to use ARD to remove and install management profiles.

So, then I thought,  what about using Meraki as the delivery method?  You can create mobile profiles for OS X in APM,  and use Meraki to distribute them.

The following steps assume:

  • You have a functioning Meraki Systems Management setup.
  • You have installed the Meraki client on your OS X system.  You can install the client pkg through ARD,  so it's not too hard. 
  • You have Apple Profile Manager running to the extent you can create management profiles.
  • You have created an Apple MDM push certificate and uploaded it to your Meraki dashboard. (See MDM > Add devices > Apple profile setup and Apple push certificate status) 

  1. Create Mobile Profiles using Apple’s Profile Manager.
  2. Download those profiles, create a profile in Meraki System Manager (MDM > Profiles > Add New > Configuration > choose "Upload a custom iOS/OS X configuration), and upload the profile you created in Apple Profile Manager. (see figure 3)
  3. Remove any existing profiles and copy the desire mobile profiles using these steps:
    • Download your Meraki Mobile profile:  using any browser (except Safari) go to m.meraki.com and enter your network ID. (You can find your network ID by logging into your Systems Manager > MDM > Add Device > OS X
    • Create this ARD UNIX task to run as root: profiles -D -f | rm -R /var/db/ConfigurationProfiles/Setup/ | mkdir /var/db/ConfigurationProfiles/Setup/ (see figure 1)
    • Create an ARD task to run to copy the mobile profile you downloaded to /var/db/ConfigurationProfiles/Setup/  (Click the dropdown next to “Place items in” in the task and choose “Specify Full Path.”)(see figure 2)
    • Reboot the system.
    • Repeat steps 2-4 to add other systems to Meraki mobile management.
  4. Tag systems in Meraki for which you wish to assign your newly create profiles.
It takes sometimes several hours for the profiles to install, sometimes a matter of minutes.


Figure 1:

Figure 2:

Figure 3:





at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Update: distributing ERB Secure Browser on Mojave

Mojave introduces some security enhancements that mess up the distribution of the ERB secure browser (the "App").  First, than...