How to “For Realz” remotely install profile manager profiles silently with no MDM using Apple Remote Desktop

So I manage a network of about 400+ Mac’s and some windows machines. I use Profile Manager (PM) to control my Mac’s and let me tell you if anyone has used PM for any length of time you know that it can be a nightmare to deal with it. Seems to be more buggy than stable IMO. Anyways when I come across something cool I like to post it so here we go.

I recently had an issue where my certificate had expired in PM so I had to reissue a new one. Well the problem is when you do that you have to reconnect all your Macs to PM again and unless you have some sort of MDM you’re left with walking up to every machine and installing the profiles manually.

To do this and for the sake of learning if you didnt already know you can install the profiles 2 ways manually

  1. You can go to your Mac server running PM and go to the URL yourserver.domain.com/mydevices and install them that way from the computer you are trying to install them on.
  2. You can actually download the profiles manually so you can install them faster. Just double click them and they install.

The second option is what we are going to focus on first.

What you need to do this

  1. Mac running the Server app, you should already have this if you have Profile Manager
  2. Apple Remote Desktop
  3. Coffee

How to install the profiles remotely

Download your profiles

First thing you want to do is download your profile config files from Profile Manager. It can be confusing as to where they are so let me show you. There are two areas you have to navigate to find them.

After logging into PM you are going to want to download your trust profile first. Click on your name at the top right of the screen and click on Download Trust Profile

VERY IMPORTANT: For the sake of this article rename your first file to “first”. So the entire file with extension should be first.mobileconfig

The second file you want to download is your your enrollment profile which has all your settings for your Mac’s. On the left menu you should see under Enrollment Profiles your profile and whatever you called it. Click on that and then on the bottom right of the screen you will see a button called Download. Click that and download that file.

VERY IMPORTANT: For the sake of this article rename your second file to “second”. So the entire file with extension should be second.mobileconfig

Make sure you down the files somewhere on your Mac server where you have Apple Remote Desktop installed.

Apple Remote Desktop

If you are already using ARD and have your Macs connect then you are golden and can skip ahead. If you have never used it then I will give you quick run down.

Apple Remote Desktop allows you to do some cool things with your Macs on your network remotely. Some of these are

  • Observe one or all of your Macs screen at the same time
  • Install .pkg installer files remotely to all your Macs
  • Run UNIX commands remotely
  • Lock computers
  • Copy files to your Macs

In order for this to work you have to have already had your Macs connected to ARD and you can see them and have access to them. I am not going to go into detail how to do that you can see it for yourself.

Copy your mobileconfig files to your Macs using ARD

First thing is you are going to need fire up ARD to copy your mobileconfig files to your Macs. Make sure you copy exactly the settings in the image below

On the top of ARD select copy

Then once it opens

Make sure you choose your 2 config files, Set the path to copy as /Users/shared. Set under “If an item already exists” make it Replace the item. And finally make sure you have all the computers chosen that you want to send the files to at the bottom.

When all is good click on Copy and wait till they all succeed. If some don’t figure out why and try it again until they are all done.

Install profiles with UNIX

The next step involves some unix commands. Don’t worry ARD makes it easy. At the top of ARD click on the UNIX button

Then once it opens

You are going to want to run 2 commands

/usr/bin/profiles -I -F /Users/shared/first.mobileconfig
/usr/bin/profiles -I -F /Users/shared/second.mobileconfig

Then make sure that you are running as the user root.

Once your all set click on Send

Once completed all your Macs will begin to enroll themselves to your Profile Manager. You can confirm this by viewing your Activity in PM and you will see them.

That’s about it, if you know something I don’t let me know in the comments and I can add more to my article

Thanks