ConfigMgr, apps and OSX

ConfigMgr offers limited support to manage an OSX-device, however you can extend the capabilities using third-party tooling such as Parallels Mac Management for SCCM.

Parallels Mac Management for SCCM primarily offers something similar to Software Center – namely an interface called Parallels Application Portal that will allow available applications (not the classic package) to be installed or removed through a user interface. Unlike the Windows-applications and their respective deployment types for an application the ability to configure the deployment is rather peculiar.

Some basics

You will need access to an instance of OSX where you can generate the package. As previously described on howto deploy Symantec Endpoint Protection there is a small tool to generate a ConfigMgr compatible package from various different formats available for OSX to install applications.

Once the package is generated it will contain the binary pieces of the application, aswell as a basic command-line to install the application and (optional, but enabled by default) a detection method to verify that the application is installed.

Command-line

Most likely the command-line will look something like this

/usr/sbin/installer -pkg "Parallels Desktop.pkg"  -target "/" –verboseR

As Parallels Mac Management for SCCM has the ability to also uninstall applications there is a need to specify the command-line for actually removing the application. Using the “:” you can provide the two commands on the same command-line.

Uninstall command-line (more about rm on Mac Developer Library)

rm -rf "/Applications/Parallels Desktop.app"

Combined command-line (notice the : at the start, the middle and the end of the command-line):

:/usr/sbin/installer -pkg "Parallels Desktop.pkg"  -target "/" -verboseR:rm -rf "/Applications/Parallels Desktop.app":

Detection Method

Detection Method will be determined by default (you will need to specify the –c option to avoid having it generated within the ConfigMgr package) when a package is created.

image

The Package ID can be reviewed within OSX using the pkgutil.

Sample command-line to review if a package is installed or not within OSX

$ pkgutil --pkg-info com.parallels.package

Sample output

$ pkgutil --pkg-info com.apple.pkg.BaseSystem
package-id: com.apple.pkg.BaseSystem
version: 10.6.0.1.1.1249367152
volume: /
location: /
install-time: 1306707387
groups: com.apple.snowleopard-repair-permissions.pkg-group com.apple.FindSystemFiles.pkg-group
$ date -r 1306707387
Sun May 29 15:16:27 PDT 2011

As you can see we request information if a specific package is installed. To list all packages on a volume you can use the following command

$ pkgutil --packages –volume /

Additional command-line

During the uninstall command we technically only remove the application, however the information which we base the detection on is left behind. To remove the package information the following command-line can be used

$ pkgutil --forget com.parallels.package

Using && (and) we can combine our multiple commands for uninstall – both removing the Parallels Desktop.app and the package information.

:/usr/sbin/installer -pkg "Parallels Desktop.pkg"  -target "/" -verboseR:rm -rf "/Applications/Parallels Desktop.app" && pkgutil --forget com.parallels.package:

Summary

Unlike the Windows-applications where the install / uninstall scenario are split into two separate command-lines there is a single-command line to handle for OSX. One needs to be familiar with OSX tools to manage applications and the terminal capabilities to successfully manage a successful installation and uninstall of an application.

Symantec Endpoint Protection 12.X on OSX

If you are using ConfigMgr 2012 (or one of the plugins hi-jacking the infrastructure – such as Parallels) to manage the Mac OSX devices there are some caveats to the ordinary guide of both from Symantec on howto install the Symantec Endpoint Protection aswell as the Microsoft guide “How to Create and Deploy Applications for Mac Computers in Configuration Manager”.

First of all you need access to the Symantec Endpoint Protection media and to actually start the installation. Once its started you can immediately headover to Symantecs guide on howto Deploy (keyword deploy) SEP with Apple Remote Desktop or Casper.

The guide states that once the installation is fired up (and you acknowledge that its OK if this requires you to restart the computer) you can access the Tools-menu

image

Clicking the “Create remote deployment package” will immediately fire off a new menu that will allow you to choose a file-name and a place where the new package can be saved.

image

Once the deployment package is created you you will receive a helpful note about only deploying this with a deployment system, and remembering to restart afterwards.

image

As per the ConfigMgr article on howto deploy applications for Mac there is a need to convert the generic PKG-format to the ConfigMgr compatible (and unique) CMMAC format.

This specific package does unfortunately not provide any detection mechanism, so the command-line to convert this package is.

./CMApputil –c SEPRemote.pkg –o /volumes/usbstick/ -s

-c points the utility to our original package

-o points to the where we want to place our final package (named SEPRemote.cmmac)

-s will omit the creation of the detection rules