FileWave Apple Profile Editor Explained

Description

Configuration of Apple devices largely relies upon Profiles.  Profiles contain Payloads: settings defined to control aspects of the Operating System and user experience.

FileWave has a built-in editor allowing the building of Profiles.  This editor is designed to ensure Profiles only contain Payload keys that meets Apple's definitions, which in turn provides peace of mind that Profiles will instal on devices when associated. 

Apple Definitions

Apple's developer pages list definitions of all payloads and as such, which keys are available within each payload; including, amongst other things, whether keys are required or optional.

Example: Lock Screen Message

https://developer.apple.com/documentation/devicemanagement/lockscreenmessage

Dict {
    PayloadDisplayName = Lock Screen Message
    PayloadScope = System
    PayloadType = Configuration
    PayloadRemovalDisallowed = false
    PayloadContent = Array {
        Dict {
            PayloadVersion = 1
            PayloadDisplayName = Lock Screen Message
            PayloadType = com.apple.shareddeviceconfiguration
            IfLostReturnToMessage = FileWave IT
            LockScreenFootnote = %custom_field.asset_tag%
            AssetTagInformation = %custom_field.asset_tag%
            PayloadEnabled = true
            PayloadIdentifier = ML1063.local.93367c30-cfe5-4c58-a2a0-83190666231b.com.apple.shareddeviceconfiguration.1b7de9ad-fc3d-4f97-9338-a26d7811f974
            PayloadUUID = 1b7de9ad-fc3d-4f97-9338-a26d7811f974
        }
    }
    ConsentText = Dict {
        default = 
    }
    PayloadIdentifier = ML1063.local.93367c30-cfe5-4c58-a2a0-83190666231b.Configuration.93367c30-cfe5-4c58-a2a0-83190666231b
    PayloadVersion = 1
    PayloadUUID = 93367c30-cfe5-4c58-a2a0-83190666231b
}

For the keen eyed, the values provided for two of the possible keys contain parameters from inventory.  This allows far more flexibility than fixed details.

Apple's guide shows there are 3 possible keys and their value types:

FileWave Mechanics

When creating a Profile in FileWave, any Payload included will automatically have ALL default values set within the Payload.  The editor is then used to customise chosen values.

macOS will react to all missing Payload Keys by applying default values

Below is an example for managing Finder:

Finder Payload for Desktop

Looking at the FileWave Profile Editor > Finder > Preferences Payload details, for Desktop, FileWave lists 3 items enabled by default:

image.png

It can be seen that this a direct representation of the default values defined in Apple's documentation:

https://developer.apple.com/documentation/devicemanagement/finder

ShowExternalHardDrivesOnDesktop -- boolean

If false, the system doesn’t show external hard drives on the Desktop.

Default: true

ShowRemovableMediaOnDesktop -- boolean

If false, the system doesn’t show removable media items on the Desktop.

Default: true

WarnOnEmptyTrash -- boolean

If false, the system doesn’t warn the user before emptying the trash.

Default: true

All other desktop values have a default of 'false'

Building Profiles in FileWave should ensure you always have correctly configured Payloads.

Custom Settings

Prior to Profile Payloads, Apple had a mechanism known as Managed Preferences (MCX).  These were either controlled using Apple Server or as with Profiles, could be installed locally on devices.

In many ways, they are essentially the same thing; an xml structured file containing configuration.  Despite Profiles taking over from MCX many years ago, MCX management still exists today in the latest macOS.  The FileWave Profile Editor is able to leverage these and they are managed with the Custom Settings Payload.

This means that not only can the OS be managed, but also provides a mechanism for controlling 3rd party Applications whose configuration is defined by this same implementation.

Example Google Chrome Custom Settings

Custom Settings define the Preference Domain (this is the name of the plist file which controls those settings) and then the Property List Values to be controlled: