HowTo import .mobileconfig files without MDM Server?

massoo

massoo

Joined
Jun 6, 2023
Messages
4
Reaction score
0
Hello All,

We do not have any external MDM tied to our MAC devices. We use CrowdStrike as antivirus which requires "Full Disk Access" and "Web Preferences" Extensions Enabled. These are granted while we install CrowdStrike manually.

We are trying to import the official CrowdStrike profile in our MAC M1 and later laptops with their OS being macOS Ventura 13.x , as detailed in https://supportportal.crowdstrike.com/s/article/ka16T000000wtMWQAY

The command that we are using to import is :
> open /System/Library/PreferencePanes/Profiles.prefPane ~/Desktop/MAC/Official-CS-Falcon-Profile-no-Kext.mobileconfig
- This opens up the Profiles utility, where user can accept the prompts and install the profile.
- This profile is not signed (meaning its unsigned)

However this fails with error:
Profile installation failed
The profile must originate from a user-approved MDM server
Click to expand...
I have also tried to install the profile with self-signed certificate, but the error is same

Is there a way to install / import a profile without an MDM Server ?

Please guide me
 
deliriouscat

deliriouscat

Joined
May 15, 2023
Messages
69
Reaction score
8
It sounds like you're dealing with a tricky situation there. I found a method that might help. After exporting your .mobileconfig file, you can create a package to deploy this file to a known location on your client systems, for example, /Library/myOrg. It's important to note that simply deploying the file to this location won't install it. Apple provides a command-line tool called 'profiles' which can be used as part of a post-install script included in the package that deploys the .mobileconfig file. You might find this guide useful for more details. Here's an example of what the post-install script could look like:

Code:
Code: 
#!/bin/bash

/usr/bin/profiles -I -F "/Library/MyOrganization/YourProfile.mobileconfig"

rm "/Library/MyOrganization/YourProfile.mobileconfig"

In this script, you should replace "/Library/MyOrganization/YourProfile.mobileconfig" with the quoted path to the .mobileconfig file deployed by the package.
 
massoo

massoo

Joined
Jun 6, 2023
Messages
4
Reaction score
0
The above method mentioned by @deliriouscat does not work, while running the shell file in the terminal prompt as:

sudo sh ~/Desktop/MAC/csprofile.sh

throws error as:
profile tool no longer supports installs. Use System Settings Profiles to add configuration profile
Click to expand...

The ~/Desktop/MAC/csprofile.sh is
#!/bin/bash

/usr/bin/profiles -I -F "/Library/MyOrganization/YourProfile.mobileconfig"
Click to expand...

Looks we are stuck for now and cannot import a configuration profile without MDM 😿
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Apple Mail on Mac doesn't import Exchange mail 0
Numerous imports of photos 1
Music App - playlist import error 3
Migrating from 1TB Mac to 256GB M1 without losing user files - howto put user on external crive 1
Music File Import for Catalina 3
Import of DV Tapes 3
Importing iphone photos. 5
Issue importing footage in iMovie 1

Top