Manage profiles from the command line in OS X 10.9

You can export profiles from Apple Configurator or Profile Manager (or some of the third-party MDM tools). You can then install profiles just by opening and installing them. Once the profiles are installed on a Mac, mdmclient, a binary located in / usr / libexec will process changes such as cleaning up a system that has been FileVaulted (note that you need FileVault if you want to clean up an OS X Lion client computer). / System / Library / LaunchDaemons and / System / Library / LaunchAgents have a daemon and an mdmclient agent respectively that start it automatically.

For script profile deployment, administrators can add and remove configuration profiles using the new / usr / bin / profiles command. To see all the profiles, added, use the profiles command with only the -P option:

/ usr / bin / profiles -P

As with managed preferences (and managed preferences support for that matter), configuration profiles can be assigned to users or computers. To view only user profiles, use the -L option:

/ usr / bin / profiles -L

You can remove all profiles using -D:

/ usr / bin / profiles -D

The -I option installs profiles and the -R removes profiles. Use -p to indicate that the profile is from a server or -F to indicate that the source is a file. To delete a profile:

/ usr / bin / profiles -R -F /tmp/HawkeyesTrickshot.mobileconfig

To remove one from a server:

/ usr / bin / profiles -R -p com.WestCoastAvengers.HawkeyesTrickshot

The following installs HawkeyesTrickshot.mobileconfig from / tmp:

/ usr / bin / profiles -I -F /tmp/HawkeyesTrickshot.mobileconfig

If created in Profile Manager:

/ usr / bin / profiles -I -p com.WestCoastAvengers.HawkeyesTrickshot

There is a nifty new feature in the Profiles command in Mavericks, where you can configure profiles to install on the next boot, rather than immediately. Use -s to define a startup profile, and note that if it fails, the profile will try to install on each subsequent reboot until it is installed. To use the command, just add an -s, then the -F for the profile, and the -f for auto commit, as follows (and I like to add a -v usually just in case):

profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v

And that is. Nice and easy and now you have profiles that only activate when a computer starts. Starting with OS X Mavericks, the dscl command also has extensions for dealing with profiles. These include the available MCX profile extensions:

-profileimport -profiledelete -profilelist [optArgs]

-profileexport

-profilehelp

To list all the profiles in an Open Directory object, use â € ¨ -profilelist. To run, follow the dscl command with -u to specify a user, -P to specify the password for the user, then the OD server IP address (or the AD object name), then the profilelist verb, then the relative path . Assuming a diradmin username for the directory, a moonknight password, and then cedge user:

dscl -u diradmin -P moonknight 192.168.210.201 profile list /LDAPv3/127.0.0.1/Users/cedge

To remove that information for the given user, exchange the profile list extension with profiledelete:

dscl -u diradmin -P apple 192.168.210.201 profile list /LDAPv3/127.0.0.1/Users/cedge

If you prefer to export all the information to a directory called ProfileExports at the root of the drive:

dscl -u diradmin -P moonknight 192.168.210.201 profileexport. all -o / ProfileExports

Leave a Reply

Your email address will not be published. Required fields are marked *