Currently Being ModeratedDec 12, 2012 2:51 PM (in response to mdstorm)
in OD create a profile manger group add the users to the group who you want to access Profile manager my devices login
choose: for selected services below
choose profile manager
add the PM group you created earlier
Currently Being ModeratedDec 12, 2012 3:29 PM (in response to iToaster)
I created the group, and added a test user, and then gave that group access to profile manager. It let me login, and displays everything properly, but when a random active directory user logs into the mydevices section, they are authenticated in from the AD server, but it gives them the option to download the "Default Profile". I need to shut that off or block their access from even being able to login, or it logs in and says that they do not have access to this page.
Currently Being ModeratedDec 12, 2012 4:27 PM (in response to mdstorm)
I also already unchecked the ability to enroll devices from the Everyone group in Profile Manager 2.
Currently Being ModeratedDec 13, 2012 12:57 PM (in response to mdstorm)
i think your only option maybe not to use settings for everyone
by it's very nature it's for everyone
or only enable setting in settings for everyone that aren't a risk to your network
I think if your restricting access to profile manager via server admin access
unauthorized users won't be able to enroll devices but will be able to download
whatever you've enabled in settings for everyone
if you want users to have a self service portal you could change or create
a new profile that's downloadable instead of pushed
Currently Being ModeratedDec 14, 2012 6:01 AM (in response to iToaster)
I have this so far, to where the AD users can authenticate in and they get this screen, but enrolling devices is disabled. I believe the default profile is tied to the Everyone group. Since it has no settings the user can download it, and its a blank profile. I wonder if there is a way to not even display that default profile..?
Currently Being ModeratedDec 17, 2012 10:28 AM (in response to mdstorm)
I found the problem was in Active Directory. The computer Member Of group belonged to every user, instead I have created a security group, and used that as the primary group for the computer entry. I can then add and remove who I want to have access to the portal.