Previous 1 2 Next 19 Replies Latest reply: Oct 3, 2013 1:53 PM by niteowl
Scotch_Brawth Level 3 (820 points)

OK, I'm a noob.  I'll admit it.  I thought having some experience with iPhone Configuration Utility would stand me in good stead with Profile Manager, but it's not.  I have some questions:


1) What does it mean to assign a device to a user?  I can think of no purpose to this.

2) What is the purpose of the "Apps" tab when you select a user?  At the moment it's completely blank, and offers no guidance as to its purpose.  If it were available under the Devices section, I'd guess it allowed you to push applications out, but under Users? *baffled*

3) How do I automate user creation, and associated preferences, using Profile Manager?

4) What, in fact, do "Users" and "Groups" have to do with Profile Management at all?  I can see no purpose to these in relation to device management.  At least, not how it's presented in Profile Manager.


Sorry if these are atrociously simple questions, but Apple's (lack of) documentation has killed any desire to keep on searching for answers in their official places.


Someone, please help.

Mac Pro, OS X Mountain Lion (10.8)
  • Scotch_Brawth Level 3 (820 points)

    Ah, wait, I think I've managed to work something out.  When configuring profiles for devices, you can assign users and groups under Login Window > Access.  Would I be right in thinking that applying a profile with users assigned access will create those users and apply their settings automatically?  If a user or group already exists, it'll presumably just apply those settings?

  • Mark23 Level 3 (975 points)

    1) Assigning a device to a user is simply telling mobile device management (MDM) that the device is linked to a person. The advantage is managing the different devices a user has gotten, for instance if you make a profile with all settings that are relevant to that user and the user has a MacBook Air, iPhone and iPad assigned to him or her, the profile will be automatically distributed to all three devices, while the administrator only has to set up one profile.

    2) At the apps tab you can drag apps in *.ics format to the input window as long as they are free or custom built.

    3) You can user Presets:


    Creating a Preset for User Accounts

    You can create presets to use when creating user accounts in a directory domain.

    Presets are stored in the directory domain you’re currently viewing. If you change directory domains, the presets you created in the other directory domain are not available.

    To create a preset for user accounts:


    1. In Workgroup Manager, click Accounts.
    2. Click the globe icon and choose the domain where the user’s account resides.
    3. To authenticate, click the lock and enter the name and password of a directory administrator.
    4. To create a preset using data in an existing user account, open the account; to create a preset from scratch, create a user account.
    5. If you’re basing the preset on an existing account, fill in the fields with values you want new user accounts to inherit and then delete values you don’t want to specify in advance.The following attributes can be defined in a user-account preset: simultaneous login, default shell, comment, primary group ID, group membership list, home folder settings, disk quota, mail settings, and print settings.
    6. Click Preferences.
    7. Configure settings you want the preset to define and then click Accounts.After configuring preference settings for a preset, you return to the Accounts settings to save the preset.
    8. From the Presets pop-up menu, choose Save Preset, enter a name for the preset, and click OK.The preset is saved to the current directory domain.

    4) You can not mage users in profile manager, you need to do that on the server running Profile Manager or at the master when you are running on a replica.

  • Mark23 Level 3 (975 points)

    You can set up Open Directory so you just have to create the user once on a server and never again on a client Profiles do not create users.


    p.s. you don't have to apologize for asking, nobody was born knowing anything of Apple computers, although Apple is much easier than any of the competition.

  • Scotch_Brawth Level 3 (820 points)

    Aha, there's that Workgroup Manager again.  I'd read it might be necessary, despite being deprecated.


    Okay, I'll let this sink in, and work on it again tomorrow.  10.8.2 is still at least a few days away anyway…

  • Mark23 Level 3 (975 points)

    It's not depricated.

    Depricated would mean Apple disapproves, but they've made Workgroup manager 10.8 which is very useful.

  • Scotch_Brawth Level 3 (820 points)

    My mistake.  I was mis-remembering a comment from this thread:

    we fear that MCX is in the process of being deprecated

    Where MCX seems to be the files WGM uses to distribute settings to clients.


    I don't suppose you could save me the wear on the keyboard by linking to a good set of documentation for WGM?  I haven't a clue about what it does.

  • Mark23 Level 3 (975 points)

    I agree with the consensus that Profile Manager is not even near finished.


    Workgroup Manager may very well be deprecated in the (near?) future in favor of Profile Manager, but I don't think Apple will until there is a great enhancement of Profile Manager and at that point I'm sure there will be no more objections we can render. Maybe MCX is then integrated into Profile Manager or the concept of MCX has been replaced by another mechanism.

  • Mark23 Level 3 (975 points)

    The best help for Workgroup manager is to be found in the application itself (Help menu item --> Workgroup manager help)

  • Mark23 Level 3 (975 points)

    The added bonus of WGM is, in short, that you can manage client preferences on OS X:

    Look here for more info:

  • Scotch_Brawth Level 3 (820 points)

    I've managed to request "Mac OS X Lion server bible" by Richard Wentk at my local library.  Looks like I'll have to learn all about Open Directory and WGM, and not just Profile Manager if I want to get this working.  Just to make sure: this isn't about creating network accounts, right?  This will actually create local accounts that can be used without _any_ access to OS X Server once done?

  • Mark23 Level 3 (975 points)

    This is about creating network accounts. Do you have anything agains using network accounts? Network account do let you use the laptop when unplugged from the network, you just need to log in once and I beleive it remembers 5 users' credentials.

  • Scotch_Brawth Level 3 (820 points)

    From what I'm reading, this isn't what I'm looking for.  It's probably important to tell you that the Mac Pro that OS X Server is running on is not actually going to be functioning as a server, per se.  In fact, it's only going to be switched on as and when necessary, which is perhaps once or twice a week at the moment, and even then not for long.


    All I want to do is automate the creation of the initial user accounts because I'm basically sick and tired of doing fresh installs all the time.  There are a huge number of things that I have to set manually every time Apple provides a new iteration of OS X, or when I set up a fresh install of the current OS for whatever reason, and I'd really rather not have to go through that again and again and again…  For this very reason I'm now intending on sticking with Mountain Lion for quite some time, regardless of updates.


    From what I had read, Profile Manager seemed like the tool I was looking for, but now I think I was either wrong, or the tool isn't yet up to scratch.


    Network Accounts are an entirely different beast, and if I were to use those all user data would actually be stored on the server, and loaded over the network as necessary.  Yes, I could use mobile accounts, but once again we're adding yet another level of complexity.  The whole point of this process was to make things simpler.


    There're more important things in life than computer management, and I'd like to get back to them.

  • Mark23 Level 3 (975 points)

    Why didn't you say so before?


    Backup and Restore Open Directory:

    sudo slapconfig -backupdb <archive-path>

    Creates an archive containing the LDAP, Password Server and Kerberos data-bases. It also contains Certificate Authority related data.

    sudo slapconfig -restoredb <archive-path>

    Restores a directory to the backed-up state.

  • Mark23 Level 3 (975 points)

    You could just clone the server and re-apply the clone when you like but for other versions of the OS it would be better if you just use the OD backup.

Previous 1 2 Next