K1000 and Mac Profiles: Best practices. Dual Directory, Golden/Magic Triangle or not?
I am doing some research into deploying and managing Macs on our network and I am pleased to see the latest update for the K1000 has support for deploying Profiles for OS X to El Capitan clients.
What's not clear to me is whether or not its necessary to bind Mac clients to an OS X Server's OD. From what I can ascertain OS X Server is only needed to create custom payloads that are then deployed via the K1000 rather than OS X Server. The K1000 can do all of the patching and management of OS X clients rather than OS X Server if I am understanding things correctly?
Can anyone please confirm or provide some advice?
Thanks in advance.
Please log in to answer
Posted by: chucksteel 6 years ago
You do not need to bind to a Mac OS Server in order to deploy profiles. While you can use the server app to create payloads I don't find that method intuitive. Instead I tend to use Tim Sutton's MCXtoProfile script found here:
There is a bug with the current profiles support on the K1000 that limits the size of mobileconfig files that can be uploaded. Hopefully that will be resolved soon. One gotcha with using MCXtoProfile is that it assigns a profile name that may not be completely descriptive. For instance if you create a profile based on the com.apple.dock.plist it sets the PayloadDisplayName key to MCXtoProfile: com.apple.dock. I recommend changing that value manually because once you upload the mobileconfig file to the K1000 you can't modify it and if you manage the same preference differently depending on location that will get confusing.
We use our K1000 for application and patch deployment for our MacOS environment of close to 1,000 computers. We don't tend to push out the large MacOS updates via KACE due to their size but other updates work fairly well. It isn't perfect but the flexibility of managed installs plus scripting can fill in many of the gaps.