Installing
a Mac Client
Configuration Manager 2012 also
supports the management of Apple Mac computers as clients. The client for the
Mac operating system allows you to discover, retrieve inventory, manage settings,
and also deploy applications and security updates via Configuration Manager.
The management of Mac computers in
Configuration Manager 2012 requires the use of public key infrastructure (PKI)
certificates. Configuration Manager can utilize Microsoft Certificate Services
with an enterprise certification authority (CA), or you can request and install
computer certificates outside of Configuration Manager as long as the
certificate meets the requirements of Configuration Manager. It is worth noting
that Mac-based Configuration Manager clients always perform certificate
revocation checking and cannot be disabled. If Mac clients cannot confirm the
certificate revocation status via the certificate revocation list (CRL), they
will not be able to connect to the Configuration Manager site servers. Mac
devices will also require that the Configuration Manager enrollment point and
enrollment proxy point site system roles are installed and configured.
Mac computers are automatically
assigned to the Configuration Manager site that will manage them and are
installed as Internet-only clients, even if the Mac computer will communicate
only on an internal or intranet network. Thus, you will need to ensure that the
site systems in the assigned Configuration Manager site are configured to allow
client connections from the Internet.
The following is the process for
installing the Configuration Manager client on a Mac
computer:
1)
Ensure
that the proper certificates have been prepared and deployed. A web server certificate
must be deployed to the management point, distribution points, the enrollment point,
and the enrollment proxy point. Also, a client authentication certificate must be
deployed to the management point and distribution point. If you need guidance
on preparing a Configuration Manager site for supporting PKI and Internet-based
clients, refer to the definitive article “Step-by-Step Example Deployment of
the PKI Certificates for Configuration Manager: Windows Server 2008
Certification Authority” at http://
technet.microsoft.com/en-us/library/gg682023.aspx.
2)
Open
the Configuration Manager 2012 console and select the Administration workspace.
3)
In
the Administration workspace, choose Client Settings and then select Default
Client Settings. You must modify the default client settings in order to
configure the enrollment process. These settings cannot be applied via a custom
device settings group.
4)
Right-click
Default Client Settings and select Properties.
5)
Select
Enrollment and set Allow Users To Enroll Mobile Devices And Mac Computers to
Yes.
6)
Select
Enrollment Profile and click Set Profile.
7)
In
the Mobile Device Enrollment Profile window, click Create.
8)
In
the Create Enrollment Profile window, enter a name for the enrollment profile
and configure the site code for the Configuration Manager site that will manage
the Mac computers.
9)
Click
Add and in the Add Certification Authority For Mobile Devices window select the
certification authority that will issue certificates to Mac computers. Click
OK.
10) In the Create
Enrollment Profile window, select the Mac computer certificate template that
was previously created and click OK.
11) Click OK to
close the Enrollment Profile window, and click OK to apply the settings to the
default client settings.
12) Download the Mac
installation media client files and install the Mac client. The Mac client
applications are contained in a file named ConfigmgrMacClient.msi
and
can be obtained at http://www.microsoft.com/en-us/download/details.aspx?id=36212.
13) On a Windows
computer, run the ConfigmgrMacClient.msi file and extract
the files that are included in the MSI.
14) Copy the Macclient.dmg file from the extracted files to the Mac
computer.
15) Run the Macclient.dmg file on the Mac computer to extract the
Mac client installation files. This will create a Tools folder and will contain several Mac client tools and
files, including ccmsetup and cmclient.pkg.
16) For
Configuration Manager 2012 R2 you have two options for enrolling the Mac
client. You can use the CMEnroll tool that is included in the extracted media
from the previous step, or you can use the Mac Computer Enrollment Wizard.
Here are the
steps for the CMEnroll process:
a.
To use the CMEnroll process, open the folder where
the extracted files were stored and enter the following command line: Sudo
./ccmsetup. Wait for the Completed installation message to appear. Do not
restart the computer.
b. Open the folder
where the extracted files were stored and enter the following command line: Sudo
./CMEnroll -s <enrollment proxy server> -ignorecertchainvalidation -u
<user name>. The user name must match an active account in Active
Directory that has been granted Read and Enroll permissions on the Mac client
certificate template. Also, this command will prompt for the password for the
super user account first and then prompt for the password for the Active
Directory user account. Make sure you use the correct passwords.
c.
Wait for the message stating that the Mac client has
been successfully enrolled, and then restart the computer.
Here are the
steps for the Mac Computer Enrollment Wizard process:
Figure Mac Computer
Enrollment Wizard
b. Enter the
required information. The user name can be in domain\username format or username@domain.
c. The user name
and the password must match an Active Directory account that has been granted
Read and Enroll permissions on the Mac client certificate template.
d. Enter the
password that is associated with the specified user account.
e. For server name,
enter the name of the enrollment proxy point server.
f. Click
Next and complete the wizard.
Once
the client installation is complete, you can verify that the Mac computer
registered properly by viewing the
Devices node in the Assets and Compliance workspace in the Configuration
Manager 2012 console.
No comments:
Post a Comment