Netbooks, PDA and Phones Thread, Profile Manager set up, what next? in Technical; So finally got a mac mini with mountain lion serverr and profile manager set up, i've succesfully enrolled an Ipad ...
11th October 2012, 09:58 AM #1
Profile Manager set up, what next?
So finally got a mac mini with mountain lion serverr and profile manager set up, i've succesfully enrolled an Ipad and i can play about (I've added some test restrictions and they pushed out ok).
Question is so what exactly can I do with it?, its not the magic bullet I thought it would be.
Do I still have to manually enrol each Ipad before dishing it out? (I thought I could bulk add the devices)
Do I still need to manually add each exchange server settings per device? (exchange profile needs a user name)
I can see this taking up a lot of our time, or am I missing something?
11th October 2012, 03:17 PM #2
You need to bind the server to Active Directory. This will let your users login to the /mydevices enrollment link with their AD credentials. That then allows you to use %short_name% for the user name within the Exchange payload, and %email% within the Email Address field, so when the profile is pushed out after they've enrolled it'll auto set all those from AD and just prompt them for their email password.
The way we do it, each iPad is unboxed and configured for our network (we use static IPs etc). Once that's done, I install the trust profile direct from profile manager and add a link to /mydevices on the homescreen. When staff collect their iPad, they simply tap the /mydevices link, and tap enroll.
If working with DHCP, then you can use the Apple Configurator to provide the WLAN key, drop on the trust profile, /mydevices Web Clip and batch name them... just plug each one in on USB and let Configurator do it's stuff, then users do as above - tap the /mydevices link, login with AD credentials, enrol, and let it configure itself.
Last edited by Marci; 11th October 2012 at 03:19 PM.
Thanks to Marci from:
caffrey (11th October 2012)
11th October 2012, 03:49 PM #3
Cheers for that, sounds like what we need, *except* the mac mini and all apple stuff is on a seperate vlan and we don't want them anywhere near the main domain network - so I guess its manual all the way :/
The wifi is automatic (guest open network) with no key so thats ok.
All I can do is deploy per department and assign email settings per ipad.
11th October 2012, 04:02 PM #4
Connect the MacMini to your Domain network via WiFi, and to the mobiledevices vlan by ethernet (or vice versa, or grab a USB NIC and connect to both by wire)... That way the Mac can bind to AD and access everything it needs to without the risk of the iPads or any other devices on the guest network being able to do so. The server won't allow routing through unless you tell it to, and there really is bugger all risk involved.
Last edited by Marci; 11th October 2012 at 04:03 PM.
11th October 2012, 04:15 PM #5
Great suggestion, I wasn't sure you could do that - the mac mini is connected via wifi on the vlan, so sounds easier - i'll give it a go.
The mac isn't going to kill anything is it? (heh)
11th October 2012, 05:59 PM #6
Your only issue may be if you use the macmini to provide dhcp on the guest vlan, but I'm presuming you don't. It won't kill anything. You need to set it's time server to your domain dc, and set up a DHCP reservation on your domain network for it, and give it a DNS entry also. Just makes life easier. Then bind it to AD. Back in Server on the mac, create some user groups (students, staff, ictsupport) and then add the relevant AD groups to those (rather than individual users). Voila. You can now use AD credentials to authenticate on /mydevices and populate payloads with content from AD fields.
Thanks to Marci from:
caffrey (12th October 2012)
12th October 2012, 06:23 AM #7
Great, thanks for the advice - been really helpful, one last thing is a self signed cert ok for the trust profile ?
12th October 2012, 01:13 PM #8
It should generate it's own when you set profile manager up iirc.
12th October 2012, 02:02 PM #9
Yes it did, just wondering if I need a commercial one, all i need to do now is fix the AD binding !
13th October 2012, 01:42 PM #10
Forgot about this: you could just head to "manage virtual interfaces" in network setup, and connect to both vlans on a single wired connection (also assuming the switch port is configured correctly to allow this)
16th October 2012, 01:28 PM #11
Trying that now, however the virtual interface isn't listed in the server.app ?
I'm considering throwing the ipads at the staff now ;p
By witch in forum Virtual Learning Platforms
Last Post: 1st September 2009, 07:23 PM
By IT_Man_Dan in forum MIS Systems
Last Post: 18th July 2009, 01:28 PM
Last Post: 14th October 2008, 05:41 AM
By Grommit in forum Windows
Last Post: 7th July 2008, 04:40 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)