How to Create Mac Computer Configuration Items in Configuration Manager
Updated: May 14, 2015
Applies To: System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
Note
The information in this topic applies to System Center 2012 Configuration Manager SP1 or later, and System Center 2012 R2 Configuration Manager or later.
You can use compliance settings in System Center 2012 Configuration Manager to monitor and remediate settings on Mac computers. The Mac OS X operating system uses property list (or plist) files to store application settings. Use compliance settings to evaluate and remediate the compliance of settings that are stored in a property list file. You can also manage Mac OS X settings by writing a Shell Script that returns a value that you can evaluate and remediate for compliance.
Important
Configuration Manager does not support the deployment of configuration baselines for Mac computers to users.
Use the following required steps to create a configuration item for Mac computers by using the Create Configuration Item Wizard.
Step |
Details |
More information |
|---|---|---|
Step 1: Start the Create Configuration Item Wizard |
Start the wizard in the Assets and Compliance workspace in the Compliance Settings node. |
See Step 1: Start the Create Configuration Item Wizard in this section. |
Step 2: Provide General Information about the Configuration Item |
Specify that you want to create a Mac OS X configuration item and provide general information. |
See Step 2: Provide General Information about the Configuration Item in this section. |
Step 3: Specify Supported Platforms for the Configuration Item |
Supported platforms are the operating systems on which a configuration item is assessed for compliance. |
See Step 3: Specify Supported Platforms for the Configuration Item in this section. |
Step 4: Configure Settings for the Configuration Item |
A setting represents the business or technical conditions to be used to assess compliance on client devices. |
See Step 4: Configure Settings for the Configuration Item in this section. |
Step 5: Configure Compliance Rules for the Configuration Item |
Compliance rules specify the conditions that define the compliance of a configuration item. |
See Step 5: Configure Compliance Rules for the Configuration Item in this section. |
Step 6: Complete the wizard |
Complete the wizard to create the new configuration item. The configuration item is displayed in the Configuration Items node of the Assets and Compliance workspace. |
No additional information. |
Step 7: Add the configuration item to a configuration baseline |
Use the Create Configuration Baseline dialog box to add configuration items to a configuration baseline that you can then deploy to Mac computers. |
See the topic How to Create Configuration Baselines for Compliance Settings in Configuration Manager. |
Step 8: Deploy the configuration baseline to Mac computers |
Use the Deploy Configuration Baselines dialog box to define configuration baseline deployments, which includes adding or removing configuration baselines from deployments in addition to specifying the evaluation schedule. Note If you want to build a collection containing only Mac computers, create a collection that uses a query rule and use the example WQL query in the Example WQL Queries section in the topic How to Create Queries in Configuration Manager. |
See the topic How to Deploy Configuration Baselines in Configuration Manager. |
Step 9: Monitor the configuration baseline for compliance |
You can monitor the compliance of configuration baselines for Mac computers from the Configuration Manager console, by using reports, or by creating collections based on configuration baseline compliance. |
See the topic How to Monitor for Compliance Settings in Configuration Manager. |
Supplemental Procedures to Create a New Configuration Item for Client Computers
Use the following information when the steps in the preceding table require supplemental procedures.
Step 1: Start the Create Configuration Item Wizard
Use this procedure to start the Create Configuration Item Wizard.
To start the Create Configuration Item Wizard
-
In the Configuration Manager console, click Assets and Compliance.
-
In the Assets and Compliance workspace, expand Compliance Settings, and then click Configuration Items.
-
On the Home tab, in the Create group, click Create Configuration Item.
Step 2: Provide General Information about the Configuration Item
Use this procedure to provide general information about the configuration item.
To provide general information about the configuration item
-
On the General page of the Create Configuration Item Wizard, specify the following information:
- **Name:** Enter a unique name for the configuration item. You can use a maximum of 256 characters. - **Description:** Provide a description that gives an overview of the configuration item and other relevant information that helps to identify it in the Configuration Manager console. You can use a maximum of 500 characters. -
In the Specify the type of configuration item that you want to create list, select Mac OS X.
Step 3: Specify Supported Platforms for the Configuration Item
On the Supported Platforms page of the Create Configuration Item Wizard, select the Mac operating systems on which the configuration item will be assessed for compliance, or click Select all.
Step 4: Configure Settings for the Configuration Item
Use this procedure to configure the settings in the configuration item.
To create a setting
-
On the Settings page of the Create Configuration Item Wizard, click New.
-
On the General tab of the Create Setting dialog box, provide the following information:
- **Name:** Enter a unique name for the setting. You can use a maximum of 256 characters. - **Description:** Enter a description for the setting. You can use a maximum of 1000 characters. - **Setting type:** In the list, choose one of the following setting types to use for this setting: <table> <colgroup> <col style="width: 50%" /> <col style="width: 50%" /> </colgroup> <thead> <tr class="header"> <th><p>Setting type</p></th> <th><p>More information</p></th> </tr> </thead> <tbody> <tr class="odd"> <td><p>Mac OS X Preferences</p></td> <td><p>Configure the following for this setting type:</p> <ul> <li><p><strong>Application ID</strong> – Specify the application ID of the property list file from which you want to evaluate a key for compliance.</p> <p>For example, if you want to edit settings for the Safari Web browser, you might use <strong>com.apple.Safari.plist</strong>.</p></li> <li><p><strong>Key</strong> – Specify the name of the key that you want to evaluate for compliance on Mac computers. Use the following syntax: <strong>/</strong><em><dictionary></em><strong>/</strong><em><keyname></em>.</p> <div class="alert"> > [!IMPORTANT] > <P>The key name is case sensitive and will not be evaluated if it differs from the key name on the Mac computer. Additionally, you cannot edit the key name once you have specified it. If you need to edit the key name, delete and then recreate the setting.</P> </div></li> </ul></td> </tr> <tr class="even"> <td><p>Script</p></td> <td><p>Configure the following for this setting type:</p> <ul> <li><p><strong>Discovery Script</strong> – Click <strong>Add Script</strong>, and then enter a shell script to assess settings on the Mac computer for compliance. Use the <strong>echo</strong> command in the shell script to return values to Configuration Manager for compliance. Configuration Manager uses the results returned in <strong>STDOUT</strong> to evaluate compliance.</p> <div class="alert"> > [!IMPORTANT] > <P>Do not include the <STRONG>reboot</STRONG> command in the discovery script. Because the discovery script runs each time the client restarts, this will cause the Mac computer to continually restart.</P> </div></li> <li><p><strong>Remediation script (optional)</strong> – Optionally, click <strong>Add Script</strong> and then enter a shell script that is used to remediate any noncompliance settings found on Mac client computers.</p></li> </ul> <div class="alert"> > [!WARNING] > <P>To ensure that you do not introduce formatting characters that the Mac computer cannot interpret, do not use copy and paste but type in the script.</P> </div></td> </tr> </tbody> </table> - **Data type:** In the list, choose the format in which the condition returns the data before it is used to assess the setting. <div class="alert"> > [!NOTE] > <P>The <STRONG>Floating point</STRONG> data type supports only 3 digits after the decimal point.</P> > <P>Configuration Manager does not support using the <STRONG>Boolean</STRONG> data type for Mac configuration item script settings. Instead, set the data type to <STRONG>Integer</STRONG> and ensure that the script returns an integer value.</P> </div> -
Click OK to save the setting and close the Create Setting dialog box.
Step 5: Configure Compliance Rules for the Configuration Item
Use the following procedure to configure compliance rules for the configuration item.
Compliance rules specify the conditions that define the compliance of a configuration item. Before a setting can be evaluated for compliance, it must have at least one compliance rule.
To create a compliance rule
-
On the Compliance Rules page of the Create Configuration Item Wizard, click New.
-
In the Create Rule dialog box, provide the following information:
- **Name:** Enter a name for the compliance rule. - **Description:** Enter a description for the compliance rule. - **Selected setting:** Click **Browse** to open the **Select Setting** dialog box. Select the setting that you want to define a rule for, or click **New Setting**. When you are finished, click **Select**. <div class="alert"> > [!NOTE] > <P>You can also click <STRONG>Properties</STRONG> to view information about the currently selected setting.</P> </div> - **Rule type**: Select the type of compliance rule that you want to use: - **Value** Create a rule that compares the value returned by the configuration item against a value that you specify. - **Existential** Create a rule that evaluates the setting depending on whether it exists on a client. - For a rule type of **Value**, specify the following information: - **The setting must comply with the following rule** – Select an operator and a value which is assessed for compliance with the selected setting. You can use the following operators: <table> <colgroup> <col style="width: 50%" /> <col style="width: 50%" /> </colgroup> <thead> <tr class="header"> <th><p>Operator</p></th> <th><p>More information</p></th> </tr> </thead> <tbody> <tr class="odd"> <td><p>Equals</p></td> <td><p>No additional information</p></td> </tr> <tr class="even"> <td><p>Not equal to</p></td> <td><p>No additional information</p></td> </tr> <tr class="odd"> <td><p>Greater than</p></td> <td><p>No additional information</p></td> </tr> <tr class="even"> <td><p>Less than</p></td> <td><p>No additional information</p></td> </tr> <tr class="odd"> <td><p>Between</p></td> <td><p>No additional information</p></td> </tr> <tr class="even"> <td><p>Greater than or equal to</p></td> <td><p>No additional information</p></td> </tr> <tr class="odd"> <td><p>Less than or equal to</p></td> <td><p>No additional information</p></td> </tr> <tr class="even"> <td><p>One of</p></td> <td><p>In the text box, specify one entry on each line.</p></td> </tr> <tr class="odd"> <td><p>None of</p></td> <td><p>In the text box, specify one entry on each line.</p></td> </tr> </tbody> </table> - **Remediate noncompliant rules when supported** – Select this option if you want Configuration Manager to automatically remediate noncompliant rules. <div class="alert"> > [!IMPORTANT] > <P>You can only remediate noncompliant rules when the rule operator is set to <STRONG>Equals</STRONG>.</P> </div> - **Report noncompliance if this setting instance is not found** – The configuration item reports noncompliance if this setting is not found on client computers. - **Noncompliance severity for reports:** Specify the severity level that is reported if this compliance rule fails. The available severity levels are the following: - **None** Computers that fail this compliance rule do not report a failure severity for Configuration Manager reports. - **Information** Computers that fail this compliance rule report a failure severity of **Information** for Configuration Manager reports. - **Warning** Computers that fail this compliance rule report a failure severity of **Warning** for Configuration Manager reports. - **Critical** Computers that fail this compliance rule report a failure severity of **Critical** for Configuration Manager reports. - **Critical with event** Computers that fail this compliance rule report a failure severity of **Critical** for Configuration Manager reports. This severity level is also be logged as a Windows event in the application event log. - For a rule type of **Existential**, specify the following information: <div class="alert"> > [!NOTE] > <P>The options shown might vary depending on the setting type you are configuring a rule for.</P> </div> - **The setting must exist on client devices** - **The setting must not exist on client devices** - **Noncompliance severity for reports:** Specify the severity level that is reported if this compliance rule fails. The available severity levels are the following: - **None** Computers that fail this compliance rule do not report a failure severity for Configuration Manager reports. - **Information** Computers that fail this compliance rule report a failure severity of **Information** for Configuration Manager reports. - **Warning** Computers that fail this compliance rule report a failure severity of **Warning** for Configuration Manager reports. - **Critical** Computers that fail this compliance rule report a failure severity of **Critical** for Configuration Manager reports. - **Critical with event** Computers that fail this compliance rule report a failure severity of **Critical** for Configuration Manager reports. This severity level is also be logged as a Windows event in the application event log. -
Click OK to close the Create Rule dialog box.