profiles(1) BSD General Commands Manual profiles(1)NAMEprofiles — Profiles Tool
SYNOPSISprofiles [[-I | -R | -i] [-F file_path_to_profile]] [[-L] [-U username]]
[[-r] [-p profile_id] [-u uuid] [-o output_file_path]]
[-PHDdCchfvxVz]
DESCRIPTIONprofiles allows you to install, remove or list configuration profiles, or
to install provisioning profiles. Some commands may only work with ele‐
vated privileges, or for the current user.
-I Install a configuration profile for a particular user from a profile
file.
-i Install a provisioning profile from a profile file.
-V Verify a provisioning profile from a profile file.
-R Remove a configuration profile for a particular user from a profile
file.
-r Remove a provisioning profile given a identifier and uuid.
-L List configuration profile information for a particular user, or the
current user if no Username was specified.
-F Specify the file path to the profile file.
-U Specify the short username. Since you can only install profiles for
the current user, this is only useful for validation.
-H Returns whether configuration profiles are installed.
-P List configuration profile information for everyone.
-C List configuration profile information for the computer.
-c List provisioning profile information.
-p A profile identifier used to locate the configuration or provisioning
profile.
-u A uuid identifier used to locate the provisioning profile. The uuid
must be in its canonical 36 character form.
-z The profile removal password. If not specified and the profile
requires a removal password, you will be prompted.
-o The output file path for profile information (-L, -P, -C, -c) as a
plist file. The path argument must be specified to use this option,
Use 'stdout' to send this informaton to the console. File output
will be written as an XML plist file. The toplevel key will contain
the user name, or _computerLevel for device or provisioning profile
information.
-h Displays help information.
-v Enables verbose mode. A 'pass' or 'fail' indicator may also be dis‐
played based on the command return status to stdout.
-x Displays tool version number. The version is in the format x.yy,
where x will change if new or incompatible commands are added. The
version initially starts at 2.00
-f Automatically confirm any questions, or when used with -s, will retry
startup profiles at each startup until successfully installed.
-D Deletes all existing configuration profiles. It will not update any
existing managed preferences. (Requires root privileges)
-d Deletes all existing provisioning profiles. (Requires root privi‐
leges)
-s Sets profile for startup. (Requires root privileges)
EXAMPLESprofiles-I -F /testfile.configprofile
Installs the profile file 'testfile.mobileconfig' into current
user.
profiles-R -F /profiles/testfile2.configprofile
Removes the profile file '/profiles/testfile2.mobileconfig' into
the current user.
profiles-H
Returns whether or not configuration profiles are installed on
the system.
profiles-P
Displays information on all installed configuration profiles on
the system.
profiles-L
Displays information for installed profiles for the current
user.
profiles-L -o /outputfile
Displays information for installed profiles for the current user
and sends the output as a dictionary to /outputfile.plist.
profiles-Lv
Displays extended information for installed configuration pro‐
files for the current user.
profiles-D
Removes all configuration profile inforamtion on the system.
(see important caveat below)
profiles-R -p com.example.profile1 -z pass
Removes any installed profiles with the identifier com.exam‐
ple.profile1 in the current user and using a removal password of
'pass'.
profiles-s -F /startupprofile.mobileconfig -f
Sets up the profile as a startup profile to be triggered at the
next system startup time. If the profile can't be installed,
it will try again at next startup time.
CAVEATS
Certain configuration profiles may be marked as a device profile (system)
using the PayloadScope key. However, the profiles tool will ignore the
PayloadScope key and install the profile based on how the profile is
installed; either a user profile if installed from a user, or a device
profile if installed from root (or sudo).
Specific payload dictionary information is not available since it may
contain sensitive information. Non-sensitive information can be viewed
using the System Profiler report.
Because this command line tool was not designed to ask for missing infor‐
mation, some profiles may fail to install properly. The only recourse is
to insert the missing information before installing the configuration
profile. The System Preferences application's Profiles pane is designed
to handle the querying of missing information.
Configuration profiles installed to the wrong user domain (user vs sys‐
tem) may not behave in the way you expect since the information may not
be useful to that particular domain. For example, adding a Mail payload
to the system domain will not do anything since Mail payloads must have a
user account. Additionally, since profiles are stored by the user
shortname and only stored on the local client, care should be taken to
not install a profile that could be used by a same named local user.
The profiles tool should only be used from the /usr/bin folder since cer‐
tain operations are privileged and may fail if moved.
The -D command removes all configuration profile information without
regards for any services it may have set up. This may leave your system
in a state that requires you to manually clean up any service (account)
information the profile(s) had installed - for all users on that system.
You should not use this command without considering its consequences.
There is no way to undo this command. You will be prompted to confirm
this command before it will execute.
MacOSX March 04, 2013 MacOSX