Export (0) Print
Expand All

How to Create Mac Computer Configuration Items in Configuration Manager

Updated: August 1, 2013

Applies To: System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

noteNote
The information in this topic applies only to System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager.

You can use compliance settings in System Center 2012 Configuration Manager to monitor and remediate settings on Mac computers. The Mac OS X operating system uses property list (or plist) files to store application settings. Use compliance settings to evaluate and remediate the compliance of settings that are stored in a property list file. You can also manage Mac OS X settings by writing a Shell Script that returns a value that you can evaluate and remediate for compliance.

ImportantImportant
Configuration Manager does not support the deployment of configuration baselines for Mac computers to users.

Use the following required steps to create a configuration item for Mac computers by using the Create Configuration Item Wizard.

 

Step Details More information

Step 1: Start the Create Configuration Item Wizard

Start the wizard in the Assets and Compliance workspace in the Compliance Settings node.

See Step 1: Start the Create Configuration Item Wizard in this section.

Step 2: Provide General Information about the Configuration Item

Specify that you want to create a Mac OS X configuration item and provide general information.

See Step 2: Provide General Information about the Configuration Item in this section.

Step 3: Specify Supported Platforms for the Configuration Item

Supported platforms are the operating systems on which a configuration item is assessed for compliance.

See Step 3: Specify Supported Platforms for the Configuration Item in this section.

Step 4: Configure Settings for the Configuration Item

A setting represents the business or technical conditions to be used to assess compliance on client devices.

See Step 4: Configure Settings for the Configuration Item in this section.

Step 5: Configure Compliance Rules for the Configuration Item

Compliance rules specify the conditions that define the compliance of a configuration item.

See Step 5: Configure Compliance Rules for the Configuration Item in this section.

Step 6: Complete the wizard

Complete the wizard to create the new configuration item. The configuration item is displayed in the Configuration Items node of the Assets and Compliance workspace.

No additional information.

Step 7: Add the configuration item to a configuration baseline

Use the Create Configuration Baseline dialog box to add configuration items to a configuration baseline that you can then deploy to Mac computers.

See the topic How to Create Configuration Baselines for Compliance Settings in Configuration Manager.

Step 8: Deploy the configuration baseline to Mac computers

Use the Deploy Configuration Baselines dialog box to define configuration baseline deployments, which includes adding or removing configuration baselines from deployments in addition to specifying the evaluation schedule.

noteNote
If you want to build a collection containing only Mac computers, create a collection that uses a query rule and use the example WQL query in the Example WQL Queries section in the topic How to Create Queries in Configuration Manager.

See the topic How to Deploy Configuration Baselines in Configuration Manager.

Step 9: Monitor the configuration baseline for compliance

You can monitor the compliance of configuration baselines for Mac computers from the Configuration Manager console, by using reports, or by creating collections based on configuration baseline compliance.

See the topic How to Monitor for Compliance Settings in Configuration Manager.

Use the following information when the steps in the preceding table require supplemental procedures.

Use this procedure to start the Create Configuration Item Wizard.

  1. In the Configuration Manager console, click Assets and Compliance.

  2. In the Assets and Compliance workspace, expand Compliance Settings, and then click Configuration Items.

  3. On the Home tab, in the Create group, click Create Configuration Item.

Use this procedure to provide general information about the configuration item.

  1. On the General page of the Create Configuration Item Wizard, specify the following information:

    • Name: Enter a unique name for the configuration item. You can use a maximum of 256 characters.

    • Description: Provide a description that gives an overview of the configuration item and other relevant information that helps to identify it in the Configuration Manager console. You can use a maximum of 500 characters.

  2. In the Specify the type of configuration item that you want to create list, select Mac OS X.

On the Supported Platforms page of the Create Configuration Item Wizard, select the Mac operating systems on which the configuration item will be assessed for compliance, or click Select all.

Use this procedure to configure the settings in the configuration item.

  1. On the Settings page of the Create Configuration Item Wizard, click New.

  2. On the General tab of the Create Setting dialog box, provide the following information:

    • Name: Enter a unique name for the setting. You can use a maximum of 256 characters.

    • Description: Enter a description for the setting. You can use a maximum of 1000 characters.

    • Setting type: In the list, choose one of the following setting types to use for this setting:

       

      Setting type More information

      Mac OS X Preferences

      Configure the following for this setting type:

      • Application ID – Specify the application ID of the property list file from which you want to evaluate a key for compliance.

        For example, if you want to edit settings for the Safari Web browser, you might use com.apple.Safari.plist.

      • Key – Specify the name of the key that you want to evaluate for compliance on Mac computers. Use the following syntax: /<dictionary>/<keyname>.

        ImportantImportant
        The key name is case sensitive and will not be evaluated if it differs from the key name on the Mac computer. Additionally, you cannot edit the key name once you have specified it. If you need to edit the key name, delete and then recreate the setting.

      Script

      Configure the following for this setting type:

      • Discovery Script – Click Add Script, and then enter a shell script to assess settings on the Mac computer for compliance. Use the echo command in the shell script to return values to Configuration Manager for compliance. Configuration Manager uses the results returned in STDOUT to evaluate compliance.

        ImportantImportant
        Do not include the reboot command in the discovery script. Because the discovery script runs each time the client restarts, this will cause the Mac computer to continually restart.

      • Remediation script (optional) – Optionally, click Add Script and then enter a shell script that is used to remediate any noncompliance settings found on Mac client computers.

      WarningWarning
      To ensure that you do not introduce formatting characters that the Mac computer cannot interpret, do not use copy and paste but type in the script.

    • Data type: In the list, choose the format in which the condition returns the data before it is used to assess the setting.

      noteNote
      The Floating point data type supports only 3 digits after the decimal point.

      Configuration Manager does not support using the Boolean data type for Mac configuration item script settings. Instead, set the data type to Integer and ensure that the script returns an integer value.

  3. Click OK to save the setting and close the Create Setting dialog box.

Use the following procedure to configure compliance rules for the configuration item.

Compliance rules specify the conditions that define the compliance of a configuration item. Before a setting can be evaluated for compliance, it must have at least one compliance rule.

  1. On the Compliance Rules page of the Create Configuration Item Wizard, click New.

  2. In the Create Rule dialog box, provide the following information:

    • Name: Enter a name for the compliance rule.

    • Description: Enter a description for the compliance rule.

    • Selected setting: Click Browse to open the Select Setting dialog box. Select the setting that you want to define a rule for, or click New Setting. When you are finished, click Select.

      noteNote
      You can also click Properties to view information about the currently selected setting.

    • Rule type: Select the type of compliance rule that you want to use:

      • Value Create a rule that compares the value returned by the configuration item against a value that you specify.

      • Existential Create a rule that evaluates the setting depending on whether it exists on a client.

    • For a rule type of Value, specify the following information:

      • The setting must comply with the following rule – Select an operator and a value which is assessed for compliance with the selected setting. You can use the following operators:

         

        Operator More information

        Equals

        No additional information

        Not equal to

        No additional information

        Greater than

        No additional information

        Less than

        No additional information

        Between

        No additional information

        Greater than or equal to

        No additional information

        Less than or equal to

        No additional information

        One of

        In the text box, specify one entry on each line.

        None of

        In the text box, specify one entry on each line.

      • Remediate noncompliant rules when supported – Select this option if you want Configuration Manager to automatically remediate noncompliant rules.

        ImportantImportant
        You can only remediate noncompliant rules when the rule operator is set to Equals.

    • Report noncompliance if this setting instance is not found – The configuration item reports noncompliance if this setting is not found on client computers.

    • Noncompliance severity for reports: Specify the severity level that is reported if this compliance rule fails. The available severity levels are the following:

      • None Computers that fail this compliance rule do not report a failure severity for Configuration Manager reports.

      • Information Computers that fail this compliance rule report a failure severity of Information for Configuration Manager reports.

      • Warning Computers that fail this compliance rule report a failure severity of Warning for Configuration Manager reports.

      • Critical Computers that fail this compliance rule report a failure severity of Critical for Configuration Manager reports.

      • Critical with event Computers that fail this compliance rule report a failure severity of Critical for Configuration Manager reports. This severity level is also be logged as a Windows event in the application event log.

    • For a rule type of Existential, specify the following information:

      noteNote
      The options shown might vary depending on the setting type you are configuring a rule for.

      • The setting must exist on client devices

      • The setting must not exist on client devices

    • Noncompliance severity for reports: Specify the severity level that is reported if this compliance rule fails. The available severity levels are the following:

      • None Computers that fail this compliance rule do not report a failure severity for Configuration Manager reports.

      • Information Computers that fail this compliance rule report a failure severity of Information for Configuration Manager reports.

      • Warning Computers that fail this compliance rule report a failure severity of Warning for Configuration Manager reports.

      • Critical Computers that fail this compliance rule report a failure severity of Critical for Configuration Manager reports.

      • Critical with event Computers that fail this compliance rule report a failure severity of Critical for Configuration Manager reports. This severity level is also be logged as a Windows event in the application event log.

  3. Click OK to close the Create Rule dialog box.

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft