Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

  • Print
  • + Share This
  • 💬 Discuss

Managing User, Group, Device, and Device Group Accounts

You can create settings for four different types of accounts:

  • User—Usually relates to a specific person. This is the account that the person identifies himself or herself with when logging in to the machine. A user’s short name or UID number uniquely identifies the user on a system.
  • Group—Represents a group of users, a group of groups, or a mixture of both.
  • Device—Similar to a user account, it’s the singular entity that represents a given piece of hardware. Device accounts are uniquely identified by their Ethernet ID, serial number, IMEI, or MEID.
  • Device Group—Represents a group of computers or iOS devices, a group of device groups, or a mixture of both.

Which Preferences Can Be Managed?

In addition to various other settings for user, group, devices, and device group accounts, Profile Manager provides control over the preferences listed in Table 4.1. Table 4.2 describes the manageable preferences payloads for devices and device groups.

Table 4.1. Manageable Preferences Payloads for Users and Groups

Preference

OS X

iOS

Description

General

Profile distribution type, how the profile can be removed, organization, and description

Passcode

Define passcode requirements such as length, complexity, reuse, etc.

Email

Configure email settings such as servers, account name, etc.

Exchange

Configure Exchange ActiveSync settings

CardDAV

Configure access to CardDAV server

CalDAV

Configure access to CalDAV server

Network

Configure network setting on the device,including wireless and wired

VPN

Configure VPN settings: L2TP, PPTP, IPSec (Cisco), CiscoAnyConnect, Juniper SSL,and F5 SSL

Certificate

Allows the installation of PKCS1 and PKCS12 certificates

SCEP

Define connection to Simple Certificate Enrollment Protocol (SCEP) server

Web Clips

Display defined Web Clips as application icons

Restrictions

Define application and content restrictions (separate OS X and iOS versions)

Subscribed Calendars

Configure calendar subscriptions

APN

Configure carrier settings such as the Access Point Name (Advanced use only)

iChat

Configure connection to Jabber or AIM chat servers

Login Items

Specify applications, items and network mounts to launch at login

Mobility

Define mobility settings for OS X clients to allow cached credentials and portable home directories

Dock

Configure Dock behavior

Printing

Configure printing settings and access to printers or print queues

Parental Controls

Define settings for Parental Controls such as content filtering and time limits

Security and Privacy

Define whether or not to send diagnostic and usage data to Apple (might change in the future)

Custom Settings

Apply custom preferences for items not defined in other payloads. Similar to applying preference manifests in WGM

Directory

Configure binding to directory services

Login Window

Configure Login Window options, such as messages, appearance, access, and Login/LogoutHooks

Software Update

Define an Apple Software Update Server to be used by the computer

Energy Saver

Define Energy Saver policy such as sleeping,timed actions and, wake settings

Table 4.2 Manageable Preferences Payloads for Devices and Device Groups

Preference

OS X

iOS

Description

General

Profile distribution type, how the profile can be removed, organization, and description

Passcode

Define passcode requirements such as length, complexity, reuse, etc.

Email

Configure email settings such as servers, account name, etc.

Exchange

Configure Exchange ActiveSync settings

LDAP

Configure connection to LDAP server

CardDAV

Configure access to CardDAV server

CalDAV

Configure access to CalDAV server

Network

Configure network setting on the device including wireless and wired

VPN

Configure VPN settings: L2TP, PPTP, IPSec (Cisco), CiscoAnyConnect, Juniper SSL, and F5 SSL

Certificate

Allows the installation of PKCS1 and PKCS12 certificates

SCEP

Define connection to Simple Certificate Enrollment Protocol (SCEP) server

Web Clips

Display defined Web Clips as application icons

Restrictions

Define application and content restrictions (separate OS X and iOS versions)

Subscribed Calendars

Configure calendar subscriptions

APN

Configure carrier settings such as the Access Point Name (Advanced use only)

Login Items

Specify applications, items, and network mounts to launch at login

Mobility

Define mobility settings for OS X clients to allow cached credentials and portable home directories

Dock

Configure Dock behavior

Printing

Configure printing settings and access to printers or print queues

Parental Controls

Define settings for Parental Controls such as content filtering and time limits

Security and Privacy

Define whether or not to send diagnostic and usage data to Apple (might change in the future)

Custom Settings

Apply custom preferences for items not defined in other payloads (similar to applying preference manifests in WGM)

Directory

Configure binding to directory services

Login Window

Configure Login Window options, such as messages, appearance, access, and Login/ LogoutHooks

Software Update

Define an Apple Software Update Server to be used by the computer

Energy Saver

Define Energy Saver policy such as sleeping, timed actions and, wake settings

Managing Preferences for Users in a Group

Although you can set up preferences individually for users with network accounts, it’s more efficient to manage preferences for the groups to which they belong. Using groups allows you to manage users regardless of which devices they use.

Managing Device Group Accounts

A device group account is set up for a group of computers or iOS devices that have the same preference settings and are available to the same set of users and groups. You create and modify these device groups in Profile Manager.

When you set up a device group, make sure you have already determined how the devices are identified. Use descriptions that are logical and easy to remember (for instance, the description might be the computer name). This also makes it easier to find the devices to add them to the correct device group.

Creating a Device Account

There are two ways to set up a device account:

  • During device enrollment the device account is created automatically.
  • You can create a placeholder in Profile Manager, so when the user logs into the User Portal, predefined profiles are assigned to the device.

To manually create a placeholder in Profile Manager:

  1. Click Devices in the Profile Manager Library.
  2. Click the Add (+) button below the list of devices, and select Add Placeholder.

  3. Give the placeholder a name and choose how to identify the device by Ethernet ID, serial number, IMEI, or MEID.

  4. Click the Add button.
  5. From the placeholder entry, you can add profiles and management that will be applied automatically once the device is enrolled.

To import a list of placeholders in Profile Manager:

Lists of devices can be imported into Profile Manager via a comma separated value (CSV) file. The file needs to be structured as this:

name, serial number, UDID, IMEI, MEID

Leave a field empty if you’re not using that value.

  1. Click Devices in the Profile Manager Library.
  2. Click the Add (+) button below the list of devices, and select Import Placeholders.
  3. Choose the import file and upload.

Creating and Populating a Device Group

To create and populate a Device Group, Profile Manager is utilized:

  1. Click Device Groups in the Profile Manager Library.
  2. Click the Add (+) button below the list of device groups. This creates a new group that can be populated with the desired name.

  3. To add devices to the device group, click the Add (+) button under the device group pane.

  4. Click the device to add to the device group and then click Done.

  5. To add device groups to the device group, click the Add (+) button under the device group pane.
  6. Click the device group to add to the device group and then click Done.

  7. Click Save.
  • + Share This
  • 🔖 Save To Your Account

Discussions

comments powered by Disqus