profiles |
[[-I | -R |
-i ] [-F
file_path_to_profile | -]]
[[-L ] [-U
username]] [[-r ]
[-p profile_id]
[-u uuid]
[-o output_file_path]
[-Y shortname]]
[-PHDdCchfvxVzYeN ] |
profiles
allows you to install, remove or
list configuration profiles, or to install provisioning profiles. Some
commands may only work with elevated privileges, or for the current
user.
-I
- Install a configuration profile for a particular user from a profile
file.
-i
- Install a provisioning profile from a profile file.
-V
- Verify a provisioning profile from a profile file.
-R
- Remove a configuration profile for a particular user from a profile
file.
-r
- Remove a provisioning profile given a identifier and uuid.
-L
- List configuration profile information for a particular user, or the
current user if no Username was specified.
-F
- Specify the file path to the profile file. Use '-' as the file path to
input the configuration profile (not provisioning profile) XML plist via
stdin.
-U
- Specify the short username. If installing or removing a profile as root
(or sudo), the designated user must be logged in.
-H
- Returns whether configuration profiles are installed.
-P
- List configuration profile information for everyone.
-C
- List configuration profile information for the computer.
-c
- List provisioning profile information.
-p
- A profile identifier used to locate the configuration or provisioning
profile.
-u
- A uuid identifier used to locate the provisioning profile. The uuid must
be in its canonical 36 character form.
-z
- The profile removal password. If not specified and the profile requires a
removal password, you will be prompted.
-o
- The output file path for profile information (-L, -P, -C, -c) as a plist
file. The path argument must be specified to use this option, Use 'stdout'
to send this informaton to the console. File output will be written as an
XML plist file, or you can use 'stdout-xml' to write XML to the console.
The toplevel key will contain the user name, or _computerLevel for device
or provisioning profile information.
-h
- Displays help information.
-v
- Enables verbose mode. A 'pass' or 'fail' indicator may also be displayed
based on the command return status to stdout.
-x
- Displays tool version number. The version is in the format x.yy, where x
will change if new or incompatible commands are added. The version
initially starts at 2.00
-f
- Automatically confirm any questions, or when used with -s, will retry
startup profiles at each startup until successfully installed.
-s
- Sets profile for startup. (Requires root privileges)
-S
- Sync up and remove any configuration profiles that aren't assigned to any
current local user. (Requires root privileges)
-Y
- Specify the shortname of a local user that will be enrolled with MDM if
the configuration profile being installed contains a MDM payload. Will
only be used if the profile is being installed as root.
-W
- Attempt to renew the certificates in an installed profile.
-e
- Print the Device Enrollment configuration, if any, for the computer. Can
be combined with the -o option to write output to a plist.
-N
- Re-enable the user notifications for DEP enrollment.
- profiles -I -F /testfile.configprofile
- Installs the profile file 'testfile.mobileconfig' into current user.
- profiles -R -F /profiles/testfile2.configprofile
- Removes the profile file '/profiles/testfile2.mobileconfig' into the
current user.
- profiles -H
- Returns whether or not configuration profiles are installed on the
system.
- profiles -P
- Displays information on all installed configuration profiles on the
system.
- profiles -L
- Displays information for installed profiles for the current user.
- profiles -L -o /outputfile
- Displays information for installed profiles for the current user and sends
the output as a dictionary to /outputfile.plist.
- profiles -Lv
- Displays extended information for installed configuration profiles for the
current user.
- profiles -R -p com.example.profile1 -z pass
- Removes any installed profiles with the identifier com.example.profile1 in
the current user and using a removal password of 'pass'.
- profiles -s -F /startupprofile.mobileconfig -f
- Sets up the profile as a startup profile to be triggered at the next
system startup time. If the profile can't be installed, it will try again
at next startup time.
- profiles -I -F - < /configprofile.mobileconfig
- Installs the configuration profile read in from stdin. The stdin data must
be a fully formed XML plist containing the configuration profile
information.
Certain configuration profiles may be marked as a device profile
(system) using the PayloadScope key. However, the profiles tool will ignore
the PayloadScope key and install the profile based on how the profile is
installed; either a user profile if installed from a user, or a device
profile if installed from root (or sudo). If you are installing a profile as
root, you may use the -U parameter to install or remove the profile for that
active user.
Specific payload dictionary information is not available since it
may contain sensitive information. Non-sensitive information can be viewed
using the System Report.
Because this command line tool was not designed to ask for missing
information, some profiles may fail to install properly. The only recourse
is to insert the missing information before installing the configuration
profile. The System Preferences Profiles pane is designed to handle the
querying of missing information.
Configuration profiles installed to the wrong user domain (user vs
system) may not behave in the way you expect since the information may not
be useful to that particular domain. For example, adding a Mail payload to
the system domain will not do anything since Mail payloads must have a user
account. Additionally, since profiles are stored by the user shortname and
only stored on the local client, care should be taken to not install a
profile that could be used by a same named local user.
The profiles tool should only be used from the /usr/bin folder
since certain operations are privileged and may fail if moved.