5 Replies Latest reply: Nov 21, 2012 12:32 PM by iToaster
Asys Level 1 Level 1 (0 points)



We just bought a bundle of 30 ipads 2 for use in a school enviroment.

I already install OS X server for manage them with profile manager (All working).


My question is: How can we have total control of the ipads, to prevent pupils from changing the settings?


I disallow in the ipads profile all the features that profile manager allow me, but this isn't enough. Disallow the proxy is as easy as go to the settings and delete it. And is the same with the enrollment certificates, they only have to tap in "remove".


Kind Regards,


iPad 2, iOS 6
  • 1. Re: Ipad in Education
    varjak paw Level 10 Level 10 (169,765 points)

    Those settings are all you can control, unless the current Configurator application has some settings controls that Profile Manager hasn't caught up to yet. There is no way to block students from changing other settings. What most schools seem to do is just accept that students may change settings and get used to re-setting them back to the desired configuration from time to time. Others here who do this regularly can probably describe their policies and suggest best practices.



  • 2. Re: Ipad in Education
    iToaster Level 3 Level 3 (670 points)

    Unfortunately  PM does not allow total control, which maybe due to apples philosophy of user owned devices opt in style of management. currently you'd have to look elsewhere for higher level of control


    What you can do is include the wireless config in the profile your pushing out

    So if users delete the profile they are cut off from the network

    Think about how deleting a profile would effect security

    Try to consolidate your profiles as much as you can without compromising functionality

    So that you end up with the minimum amount of profiles

    Taking your example of proxy setting, if that was included in the same profile as wifi ldap VPN

    Deleting the profile to try and get round the proxy would cut them off from the network

    Deleting enrolment certs should remove everything if I remember correctly

    End result cut off and have to return device to IT to get back on

    Quick check by IT ....Profiles deleted!


    Cue lecture from admin about not fiddling about and breaking company policy, warnings, followed by excuses blaming it on the dog etc etc


    You can enable restrictions manually on the devices but that soon becomes a pain on a large deployment

  • 3. Re: Ipad in Education
    gyrhead Level 3 Level 3 (785 points)

    With configurator you can set profiles that cannot be deleted without authorization. 

    You can also set up profiles using an MDM such as Meraki (free) and the MDM will autosend you an email if a device profile is deleted.

  • 4. Re: Ipad in Education
    Asys Level 1 Level 1 (0 points)

    Thank you for your help and advice.


    Profile Manager is not working 100%, as soon as you change something sometimes work and sometimes doesnt.

    Also the ipads are getting the apple push notification radomly, and it is not reliable. Sadly I'm loosing confident in apple products.


    I really dont understand why apple is not keeping thinks smart and simple anymore.




  • 5. Re: Ipad in Education
    iToaster Level 3 Level 3 (670 points)

    I couldn't get PM push to work reliably without 433 open and forward to the mdm server

    I vaguely remember something to do with device check in


    there are lots of reasons pushed settings getting to devices randomly

    not that I think PM all that great

    device loosing IP address on DHCP not renewing till "woken"

    devices out side of lan, unless you open ports

    devices turned off.

    flat batteries

    wireless turned off


    I had quite few devices with push settings randomly succeeding

    when it all worked fine before I let the users have them

    and worked fine when i got the devices back.

    I noticed it was always on the same devices

    turns out I had a few users who treated ipads like laptops

    and kept turning them off when not in use

    after a bit of investigation and education - push failure sorted !



    pushing smtp settings is still hit and miss

    sometimes correct sometimes results in duplicate smtp servers

    deleting mail settings seems to leave  smtp behind