Book Image

Instant Apple Configurator How-to

Book Image

Instant Apple Configurator How-to

Overview of this book

The Apple configurator is an incredible piece of software which grants full control in mobile device management, but on a larger scale. The popularity of people taking their own devices to work has grown tremendously. However, valued professional and personal information is at risk, through loss, theft, or hacking. Instant Apple Configurator How-to is a hands-on guide that eliminates any worries that are associated with the deployment and security of iOS devices. This book provides practical, quick win solutions to combat these issues, with clear, concise, and informative examples providing solutions to secure, remote wipe, and encrypt devices. The book will further explore how to personalize iOS devices for configuration and deployment. With the Instant Apple Configurator How-to, learn to build profiles with customised control settings, with examples on how to capture device information and use console logs for added protection. You will become skilled at tracking and installing provisional profiles for greater security. We will also explore developing workflows for successful deployment, installing software and applications whilst managing files on iOS devices, and how to deploy enrolment profiles for mobile device management solutions en masse. If you are looking for a complete guide that provides simple solutions to complex problems, look no further.
Table of Contents (7 chapters)

Understanding profiles (Become an expert)


A profile is an XML file, in the property list format. This is the same type of file most commonly associated with managing preferences in OS X. In iOS, a profile, which uses the .mobileconfig extension, manages preferences in iOS and also has the ability to lock preferences in place, by not allowing the profile to be removed. In this recipe, we'll take a .mobileconfig file and view it so that we can see what is going on in the file. Don't worry if you don't have any profiles from other applications, you can skip this recipe and come back to it after you're done with the section.

Getting ready

The only thing you need to have to complete this task is a profile exported into a .mobileconfig file and a copy of TextEdit, which comes with every copy of OS X. If you don't have a profile, create one without any settings or simply perform the rest of the tasks in this book and come back to this one when finished. Alternatively, read this section just to get an understanding of what's in a profile and come back to it.

How to do it...

If you have a profile, provided it isn't encrypted (an option available in iPhone Configuration Utility), you can view it in clear text using the TextEdit application, built into every copy of OS X.

If you double-click on a .mobileconfig file (which again is just a profile) in OS X, then the computer will attempt to install the profile by default. Therefore, to view a profile, follow the given steps:

  1. Open TextEdit.

  2. Navigate to File | Open to browse the file.

  3. Once you've browsed to the file, click on the file. Click on the Open button.

  4. When the file opens, you will see a standard XML structure, but with some strange characters at the top and the bottom of the file. The strange characters are the plain text representation of the signing that Apple Configurator does to the file. At the very bottom of the file, notice that Apple Configurator is referenced, followed by the MAC address of the computer that created the profile.

    Tip

    Scroll down. After the strange characters that make up the digital signature, you'll notice that the file has a standard property list header. This tells applications what's in the file and is in almost every property list. After that, there is a PayloadContent key that has an array of all of the different options that are enabled for the profile. If this profile had a Wi-Fi password on it, you'd see that in clear text.

The profile also has keys at the bottom for a name for the profile (usually the filename), whether the profile can be removed (the PayloadRemovalDisallowed key), a unique identifier (the information provided at the time the profile was created, followed by a generated ID to keep two profiles from accidentally occupying the same namespace), a version number, a UUID for the profile, and possibly other information if the profile requires it.

How it works...

No matter which tool is used to create a profile, they will all have the same structure and if the same information is put into them, it should also have a similar makeup. This is because the iOS device (or OS X computer as profiles can be used to configure preferences in OS X) has a built-in interpreter for the profile and expects them to follow certain rules.

Over the years there have been features that weren't supported in graphical interfaces but that were made available in property lists. As such, you can hand create these files, or even use custom scripts to create them. Doing so enables these hidden features, such as the ability to disable the home button before App Lock mode was introduced.

These days, there's very little reason to create a profile manually. You can create one using iPhone Configuration Utility, Apple Configurator, Profile Manager (built into Server.app in Lion and above), and a variety of third-party MDM utilities. Profiles, once created, can then be ported between systems using the .mobileconfig files and installed on devices. When installing .mobileconfig files, you can use a web server, e-mail, Apple Configurator, or even use an MDM server to enforce the policies without a static profile.

There's more...

For more information on what Apple Configurator is doing under the hood, check out http://krypted.com/iphone/talking-a-look-under-apple-configurators-hood.

Profiles and OS X

Many profiles can be installed on iOS or OS X. Installing a profile on an OS X computer is done by simply double-clicking on a profile. Once installed, you can then view what the profile does by clicking on the profile and viewing the details from the Profiles System Preference pane.

For example, the details of the profile we just looked at in this task can be seen in the following screenshot:

Viewing profiles from iOS

The contents of a profile can also be viewed in iOS. To do so, open the Settings app and then click on General and scroll down until you see Profile. Click on Profile and then on the specific profile whose contents you'd like to see. The following screenshot shows the payloads configured for the profile viewed previously in this task:

Provided the profile is removable, simply click on the Remove button to delete it. If there is no Remove button, then the profile cannot be removed.