建立和上傳 PLIST 或 .mobileconfig 檔案
Jamf Pro是一種MDM解決方案,管理者可用來配置Compliance Reporter設定並將Compliance Reporter部署到目標電腦。
您可以使用喜好的文字編輯器,在 PLIST 或 .mobileconfig 檔案中配置 Compliance Reporter 設定,然後將檔案上傳到 Jamf Pro 以便部署到目標電腦。
- 在 Jamf Pro 中,於側邊欄頂端按一下 電腦
。 - 按一下側邊欄中的 設定描述檔
。 - 按一下 新建
。 - 使用「一般」承載資料配置基本設定,包括要套用描述檔的層級和發佈方法。
只會顯示套用至所選取層級的描述檔承載資料和設定。
若要在使用電腦 PreStage 註冊進行註冊的過程中發佈描述檔,則務必要建立電腦層級的設定描述檔。
- 按一下 Application & Custom Settings (應用程式與自訂設定) 承載。
- 按一下Upload (上傳)。
- 按一下 + Add (+ 新增)。
- 執行下列其中一項操作:
-
要使用 PLIST,請在Preference Domain (偏好網域)欄位中輸入 com.jamf.compliancereporter,然後在Property List (屬性清單)欄位中輸入如下所示的 PLIST:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AuditLevel</key> <integer>1</integer> <key>LogFileMaxNumberBackups</key> <integer>10</integer> <key>LogFileLocation</key> <string>/var/log/JamfComplianceReporter.log</string> <key>LogFileMaxSizeMegaBytes</key> <integer>10</integer> <key>FileEventUseFuzzyMatch</key> <false/> <key>FileEventInclusionPaths</key> <array> <string>/Users/.*</string> </array> <key>FileEventExclusionPaths</key> <array> <string>/Users/.*/Library/.*</string> </array> <key>LogFilePermission</key> <string>640</string> <key>LogFileOwnership</key> <string>root:wheel</string> <key>AuditEventLogVerboseMessages</key> <false/> <key>AuditEventExcludedUsers</key> <array> <string>_spotlight</string> <string>_windowserver</string> </array> <key>AuditEventExcludedProcesses</key> <array> <string>/usr/bin/log</string> <string>/usr/sbin/syslogd</string> </array> <key>LogRemoteEndpointEnabled</key> <true/> <key>LogRemoteEndpointURL</key> <string>server.company.com:PORT</string> <key>LogRemoteEndpointType</key> <string></string> <key>LogRemoteEndpointKafka</key> <dict> <key>TLSServerCertificate</key> <string></string> <key>TLSClientPrivateKey</key> <string></string> <key>TLSClientCertificate</key> <string></string> <key>TopicName</key> <string>compliancereporter</string> </dict> <key>LogRemoteEndpointREST</key> <dict> <key>PublicKeyHash</key> <string>e838SOLK9Yu+brDTxM4s0HatE2UdoEmRSBtNDU=</string> </dict> <key>LogRemoteEndpointTLS</key> <dict> <key>TLSServerCertificate</key> <string></string> </dict> <key>SyslogFormatEnabled</key> <false/> </dict> </plist> -
要上傳包含 Compliance Reporter 設定的設定描述檔,請按一下Upload (上傳)以上傳 .mobileconfig 檔案,如下所示:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.jamf.compliancereporter</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>AuditEventExcludedProcesses</key> <array> <string>/usr/sbin/mDNSResponder</string> <string>/usr/sbin/syslogd</string> <string>/Applications/splunk/bin/splunk-optimize</string> </array> <key>AuditEventExcludedUsers</key> <array> <string>_spotlight</string> <string>_windowserver</string> </array> <key>AuditEventLogVerboseMessages</key> <false /> <key>AuditLevel</key> <integer>AUDIT_LEVEL</integer> <key>LicenseEmail</key> <string>LICENSE_EMAIL</string> <key>LicenseExpirationDate</key> <string>LICENSE_DATE</string> <key>LicenseKey</key> <string>LICENSE_KEY</string> <key>LicenseType</key> <string>LICENSE_TYPE</string> <key>LicenseVersion</key> <string>1</string> <key>LogFileMaxNumberBackups</key> <integer>10</integer> <key>LogFileMaxSizeMegaBytes</key> <string>50</string> <key>LogFileOwnership</key> <string>root:wheel</string> <key>LogFilePermission</key> <string>644</string> <key>LogRemoteEndpointAWSKinesis</key> <dict> <key>AccessKeyId</key> <string></string> <key>Region</key> <string>us-east-1</string> <key>SecretKey</key> <string></string> <key>StreamName</key> <string></string> </dict> <key>LogRemoteEndpointEnabled</key> <true /> <key>LogRemoteEndpointKafka</key> <dict> <key>TLSClientCertificate</key> <string>cert_common_name</string> <key>TLSClientPrivateKey</key> <string>cert PEM string</string> <key>TLSServerCertificate</key> <string>cert_common_name</string> <key>TopicName</key> <string>complianceReporter</string> </dict> <key>LogRemoteEndpointREST</key> <dict> <key>PublicKeyHash</key> <string></string> <key>Username</key> <string></string> <key>Password</key> <string></string> </dict> <key>LogRemoteEndpointSyslog</key> <dict> <key>TLSServerCertificate</key> <array> <string></string> </array> </dict> <key>LogRemoteEndpointTLS</key> <dict> <key>TLSServerCertificate</key> <array> <string>common_name</string> </array> </dict> <key>LogRemoteEndpointType</key> <string></string> <key>LogRemoteEndpointURL</key> <string></string> <key>UnifiedLogPredicates</key> <array> <string>(subsystem == "com.apple.AccountPolicy")</string> </array> <key>ProhibitedApps</key> <dict> <key>PAExecutableNames</key> <array> <string></string> </array> <key>PASigningIdentifiers</key> <array> <string>com.apple.Chess</string> </array> <key>PATeamIdentifiers</key> <array> <string></string> </array> </dict> <key>PlaintextLogCollectionPaths</key> <array> <string>/var/log/jamf.log</string> </array> </dict> </dict> </array> </dict> </dict> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Custom</string> <key>PayloadEnabled</key> <true /> <key>PayloadIdentifier</key> <string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string> <key>PayloadOrganization</key> <string>Jamf Compliance Reporter</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>ACE8C1E0-2CA9-47F9-95EA-092964CAB3EE</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string></string> <key>PayloadDisplayName</key> <string>Example Compliance Reporter Preferences</string> <key>PayloadEnabled</key> <true /> <key>PayloadIdentifier</key> <string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string> <key>PayloadOrganization</key> <string>Compliance Reporter inc</string> <key>PayloadRemovalDisallowed</key> <true /> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>8ECC25AC-0DAB-40D1-8E9F-2A7275315FDA</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>
-
- 按一下 Scope (範圍) 索引標籤並配置設定檔的範圍。
若要使用電腦「PreStage 註冊」在註冊期間發佈描述檔,請確保描述檔的範圍包含「PreStage 註冊」範圍中的電腦。
- 按一下 儲存
。