Parallels Mac Management for Microsoft SCCM 2012 Administrator's Guide v3.1 Copyright © 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved.
Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 632 0411 Fax: + 41 52 672 2010 www.parallels.com Copyright © 1999-2014 Parallels IP Holdings GmbH and its affiliates. All rights reserved. This product is protected by United States and international copyright laws. The product’s underlying technology, patents, and trademarks are listed at http://www.parallels.com/trademarks.
Contents Introduction ...............................................................................................................7 About This Guide .............................................................................................................. 7 About Parallels Mac Management for Microsoft SCCM 2012 ............................................ 7 Deploying Parallels Mac Management for Microsoft SCCM 2012 ..........................9 Parallels Mac Management Component Overview..............
Contents Configuring Configuration Manager Boundaries .............................................................. 36 Configuring Windows Firewall.......................................................................................... 37 Viewing Proxy Service Certificate Details ......................................................................... 37 Migrating Configuration Manager Proxy........................................................................... 38 Deploying Parallels Mac Client ..
Contents Preparing Mac Application for Configuration Manager ........................................................... 89 Creating Configuration Manager Application.......................................................................... 90 Configuring Deployment Type ............................................................................................... 91 Deploying Mac Application ....................................................................................................
Contents Send Problem Report Dialog ............................................................................................... 145 Problem Reports Dialog ...................................................................................................... 145 Appendices............................................................................................................147 Ports Used by Parallels Mac Management ....................................................................
CHAPTER 1 Introduction In This Chapter About This Guide ..................................................................................................... 7 About Parallels Mac Management for Microsoft SCCM 2012 ................................... 7 About This Guide This guide contains information about how to deploy and use Parallels Mac Management for Microsoft SCCM 2012. The guide is intended for IT administrators.
Introduction system administrator. Allows to configure Macs and enforce compliance Mac OS X configuration management via Configuration with SCCM Desired Configuration Management Profiles (p. 59) functionality. FileVault 2 Encryption Management (p. 66) Allows to use FileVault 2 to encrypt the contents of disk drives on managed Macs with the ability to set an institutional or a private recovery key. Parallels Desktop and Parallels virtual machine configuration management (p.
CHAPTER 2 Deploying Parallels Mac Management for Microsoft SCCM 2012 This chapter contains information about how to deploy Parallels Mac Management for Microsoft SCCM 2012 in an enterprise computing environment. In This Chapter Parallels Mac Management Component Overview .................................................... 9 Checking Installation Requirements .......................................................................... 10 Checking User Rights Requirements ....................................
Deploying Parallels Mac Management for Microsoft SCCM 2012 Supported SCCM Versions Parallels Mac Management supports Microsoft System Center Configuration Manager 2012 and 2012 R2. Please make sure that you have the latest service pack and critical updates installed. Supported Windows Versions Parallels Mac Management supports all versions of Windows that are supported by System Center Configuration Manager 2012 and 2012 R2.
Deploying Parallels Mac Management for Microsoft SCCM 2012 • The Distribution Point role is installed on this server. • The server is a PXE service point. • WDS is installed and running. If WDS and DHCP are both installed on this server, the Do not listen on port 67 option must be selected in the WDS service properties. • BITS 4.0 is installed. • Verify that the user configuring the NetBoot Server has sufficient privileges. See the following KB article: http://kb.parallels.
Deploying Parallels Mac Management for Microsoft SCCM 2012 5 Check that authorization is allowed to all users Verify that WebDAV is enabled In Windows Server 2008: 1 Click Start > Administrative tools > Internet Information Services (IIS) Manager. 2 Select the server name and expand Sites. 3 Click Default Web Site. 4 Double-click IIS > WebDAV Authoring Rules. If WebDAV is enabled, the Enable WebDAV action should not be available in the Actions pane.
Deploying Parallels Mac Management for Microsoft SCCM 2012 5 Right-click any of the available reports and check that the Run item is available in the pop-up menu. Check that the Report Viewer is installed Note: The Report Viewer is not required for Parallels Mac Management installation, but it is needed for viewing reports. On the computer running the Configuration Manager console: 1 Click Start > Control Panel > Programs and Features.
Deploying Parallels Mac Management for Microsoft SCCM 2012 Check the date and time synchronization Date and time must be synchronized between the servers running the Configuration Manager, Configuration Manager Proxy, Active Directory, Management Point, Distribution Point, and the Mac computers. If that's not done, the Parallels Mac Client registration and the Mac management operations (specifically, policy downloading and updating) may not work correctly.
Deploying Parallels Mac Management for Microsoft SCCM 2012 • Permissions to register and unregister Service Principal Names for the user account used to run the Parallels Configuration Manager Proxy service. • Administrative rights on the computer where the installation is performed. The following step-by-step instructions describe how to create a Windows user with the rights outlined above. Create a new domain user Note: You may skip this section if you want to use an existing domain user.
Deploying Parallels Mac Management for Microsoft SCCM 2012 6 Grant the user Full Write permissions. 7 Click OK to close the dialog. 8 Click OK to close the WMI Control Properties dialog. Grant the user administrative rights on the computer(s) where you’ll be installing Parallels Configuration Manager Proxy and NetBoot Server 1 Log in to a computer where you’ll be performing the installation of a given component. 2 Open Server Manager and navigate to Configuration / Local Users and Groups / Groups.
Deploying Parallels Mac Management for Microsoft SCCM 2012 3 Right-click CN=System and select New > Object... in the context menu. 4 In the Select a class list, select container and click Next. 5 In the value field, type "ParallelsServices" (without quotes) and click Next. 6 Click Finish. 7 In the ADSI Edit window, right-click CN=ParallelsServices and then select Properties in the context menu. 8 In the container properties dialog, select the Security tab.
Deploying Parallels Mac Management for Microsoft SCCM 2012 Please note that the user you select in this step must be the user that will be used to run the service, not the user installing it. If you’ll be using the same user to install and to run the Parallels Configuration Manager Proxy service, then select the domain user that you created in previous steps. 2 Right-click the user, select Properties in the context menu, and then click the Security tab in the user properties dialog.
Deploying Parallels Mac Management for Microsoft SCCM 2012 Create a New Domain User Note: You may skip this section if you want to use an existing domain user. 1 On the computer running Active Directory, click Start > Administrative Tools > Server Manager. 2 In the Server Manager window, navigate to Roles / Active Directory Domain Services / Active Directory Users and Computers / . 3 Right-click Users and select New > User in the context menu.
Deploying Parallels Mac Management for Microsoft SCCM 2012 5 Click the Add... button in the Assigned security roles section. 6 In the Available security roles list, select Full Administrator and click OK. 7 Click OK in the Add User or Group dialog. Grant the User Administrative Rights on the Local Computer 1 Log in to the computer where you'll be installing Parallels Configuration Manager Proxy. 2 Open Server Manager and navigate to Configuration / Local Users and Groups / Groups.
Deploying Parallels Mac Management for Microsoft SCCM 2012 • SCCM 2012 SP1 • SCCM 2012 R2 Certificate Authority on the following versions of Windows is supported: • Windows Server 2003 • Windows Server 2008 • Windows Server 2008 R2 • Windows Server 2012 • Windows Server 2012 R2 Note: Integration is provided for Microsoft Certificate Services only.
Deploying Parallels Mac Management for Microsoft SCCM 2012 11 On the Confirm Installation Selections page, click Install and wait for the role installation to finish. 12 Review the info on the Installation Results page and click Close. Deploying Certificate to Web Server The Web Server certificate must be deployed to site systems that run IIS. This certificate is used to encrypt data and authenticate the server to clients.
Deploying Parallels Mac Management for Microsoft SCCM 2012 6 The Properties of New Template dialog opens. 7 On the General tab page, type the template name (e.g. ConfigMgr Web Server Certificate). 8 Click the Subject Name tab and make sure that the Supply in the request option is selected. 9 Click the Security tab and remove the Enroll permissions (i.e. both Allow and Deny checkboxes are un-selected) for the Domain Admins and Enterprise Admins groups.
Deploying Parallels Mac Management for Microsoft SCCM 2012 13 In the Alternative name / Value field, type FQDN values of the site system server (specified in site system properties in Configuration Manager) and click Add. For example: • If the site system will only accept client connections from the intranet, and the intranet FQDN of the site system server is server1.internal.contoso.com, you would enter "server1.internal.contoso.co" in the Value field and click Add.
Deploying Parallels Mac Management for Microsoft SCCM 2012 • The certificate is used to authenticate the distribution point to an HTTPS-enabled management point before the distribution point sends status messages. • When the Enable PXE support for clients distribution point option is selected, the certificate is sent to PXE boot servers so that they can connect to an HTTPS-enabled management point during the deployment of the operating system.
Deploying Parallels Mac Management for Microsoft SCCM 2012 Installing Custom Workstation Authentication Certificate This section describes how to request and install the custom client certificate on a member server that runs IIS (configured as distribution point): To accomplish this task: 1 Open Microsoft Management Console (run mmc.exe). 2 Click File > Add/Remove Snap-in… 3 In the Available Snap-ins list, select Certificates and lick Add.
Deploying Parallels Mac Management for Microsoft SCCM 2012 6 Make sure that the Personal Information Exchange - PKCS #12 (.PFX) option is selected and click Next. 7 On the Password page, choose and type the password and click Next. You will need to specify the password when you'll be importing the certificate later. 8 On the File to Export page, specify the name of the file to export to and click Next. 9 Click Finish.
Deploying Parallels Mac Management for Microsoft SCCM 2012 Completed validation of Certificate [Thumbprint 4ac41a85e45b805ae765422b18975f356b57de80] issued to 'sccm2012.PRL.LOCAL' >>> Selected Certificate [Thumbprint 4ac41a85e45b805ae765422b18975f356b57de80] issued to 'sccm2012.PRL.LOCAL' for HTTPS Client Authentication Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK … Successfully performed Management Point availability check against local computer.
Deploying Parallels Mac Management for Microsoft SCCM 2012 Creating a Certificate Template for Parallels Configuration Manager Proxy To create a certificate template: 1 In Windows, click Start > Administrative Tools > Certification Authority. 2 Expand the CA tree, right-click Certificate Templates and click Manage. 3 The Certificate Template Console opens. 4 In the template list, locate Web Server, right-click it and then click Duplicate Template in the context menu.
Deploying Parallels Mac Management for Microsoft SCCM 2012 4 In the template list, locate Workstation Authentication, right-click it and then click Duplicate Template in the context menu. 5 In the Duplicate Template dialog, choose Windows Server 2003 Enterprise and click OK. 6 The Properties of New Template dialog opens. 7 On the General page, choose and type the template name (e.g. PMM Client Certificate).
Deploying Parallels Mac Management for Microsoft SCCM 2012 Installing Parallels Mac Management for Microsoft SCCM 2012 The installation of Parallels Mac Management for Microsoft SCCM 2012 involves installing Parallels Configuration Manager Proxy, Configuration Manager Console Extension, and the optional NetBoot Server. All components are installed using the same installation wizard. If you are installing all of the components on the same computer, you need to run the wizard just once.
Deploying Parallels Mac Management for Microsoft SCCM 2012 If you are installing all of the components on the same server, select all of them. If you are installing them on separate computers, select the component(s) you wish to install. 4 Ready to Install the Program. Click the Install button to begin the Parallels Mac Management for Microsoft SCCM installation. 5 Installing Parallels Mac Management for Microsoft SCCM. Displays the progress bar. 6 Setup Completed.
Deploying Parallels Mac Management for Microsoft SCCM 2012 • First, select the protocol (HTTP or HTTPS) which the Parallels Proxy and Mac clients will use to communicate with management points and distribution points. To use PKI, select the HTTPS option. If you don't want to use PKI, select the HTTP option. If your distribution points and/or management points are configured to use HTTPS, then the HTTP option will not be available.
Deploying Parallels Mac Management for Microsoft SCCM 2012 • FileVault Key Administrator. This role provides read access rights to the Parallels Mac Management SQL Server database (p. 153). The database is installed by Parallels Mac Management on the primary SCCM site and is used to store FileVault 2 recovery information for Mac computers. Users and groups that have read access to the database will be able to retrieve and view the recovery keys for Macs in the Configuration Manager console.
Deploying Parallels Mac Management for Microsoft SCCM 2012 1 SMS Provider location. Use this page to specify the hostname or IP address of the server where the SMS Provider is installed. If the SMS Provider and the NetBoot server are installed on the same server (the server where you are running this wizard), select the Local server option. If the SMS Provider is installed on a different server, select the Remote server option and enter the server hostname or IP address.
Deploying Parallels Mac Management for Microsoft SCCM 2012 Upgrading Parallels Mac Management for Microsoft SCCM 2012 To upgrade Parallels Mac Management for Microsoft SCCM 2012 to a newer version, you need to uninstall the current version and then install a new one. To run the uninstaller, navigate to Start > Control Panel > Programs > Uninstall a program. Find Parallels Mac Management for Microsoft SCCM 2012 in the list of installed programs and uninstall it.
Deploying Parallels Mac Management for Microsoft SCCM 2012 3 On the General tab of the boundary group properties window type in the boundary name and an optional description. 4 Click the Add button and select a boundary from the list. Click OK. 5 On the References tab page, select the Use this boundary group for site assignment option. 6 Select your site in the Assigned site drop-down box.
Deploying Parallels Mac Management for Microsoft SCCM 2012 To view the certificate store permissions 1 Run regedit.exe on the computer where the Configuration Manager Proxy is installed. 2 Navigate to HKLM\Software\Microsoft\SystemCertificates. 3 Right-click SystemCertificates and select Permissions from the pop-up menu. 4 In the Permissions for SystemCertificates dialog, verify that the user that you use to run the Configuration Manager Proxy service has the Read permission selected.
Deploying Parallels Mac Management for Microsoft SCCM 2012 4 Install the Configuration Manager Proxy on the new server. The following describes how to export the existing certificate and import it on a new server. The Proxy uninstallation and installation should be performed normally, as described in Install Parallels Mac Management for Microsoft SCCM 2012 (p. 31). Exporting Certificate from Certificate Store To export a certificate: 1 In Windows, click Start > Run... 2 Type mmc in the Open box.
Deploying Parallels Mac Management for Microsoft SCCM 2012 Importing Certificate into Certificate Store To import a certificate: 1 In Windows, click Start > Run... 2 Type mmc in the Open box and click OK. This will open the Microsoft Management Console. 3 In the console, click File > Add/Remove Snap-in to open the Add or Remove Snap-ins dialog. 4 Click Certificates in the Available snap-ins list. 5 Click the Add button. Select the Computer account option and click Next.
CHAPTER 3 Deploying Parallels Mac Client After Parallels Mac Management for Microsoft SCCM 2012 has been installed and configured, you need to install the Parallels Mac Client software on Mac computers that you want to manage. The client software can be installed on Mac computers using one of the following methods: • Deploying via Network Discovery. This method scans your network for Mac computers and automatically adds them to the Configuration Manager site database.
Deploying Parallels Mac Client Configuring Network Discovery To configure network discovery: 1 In the Configuration Manager console, navigate to Administration / Overview / Parallels Mac Management / Discovery Methods. The list in the right pane will be populated with one or more "Parallels Network Discovery" entries according to the following: • If you don't have secondary sites, the list will contain just one Parallels Network Discovery entry.
Deploying Parallels Mac Client 5 Use the Boundaries tab page to specify Configuration Manager boundaries to search. You can use this search option together with the options on the Subnets tab page, but searching boundaries should be the primary method. If you haven't configured boundaries and boundary groups yet, you need to configure them before using this option (p. 36). The Boundaries tab page has the following elements: • Boundary Groups to search list — Lists boundary groups.
Deploying Parallels Mac Client 1 When discovery finds a Mac, it will try to connect to it over SSH using user accounts that you specified in the discovery configuration. The accounts will be used in the order listed. If you haven't specified any accounts (or if a connection with the Mac cannot be established for any reason), the Mac will be added to the Configuration Manager site as an unmanaged resource. In such a case, the rest of the steps in this list will not be performed.
Deploying Parallels Mac Client • If you don't have secondary sites, the list will contain just one "Mac Client Enrollment" entry. • If you have secondary sites but you've installed the Configuration Manager Proxy only on the primary site, the list will contain just one entry. • If you have secondary sites and installed the Configuration Manager Proxy on the primary and a secondary site, the list will contain an entry for each site where the Proxy is installed.
Deploying Parallels Mac Client If you close the wizard without completing the registration, it will run automatically at predefined intervals (5-10 minutes) and every time you restart the Mac. To stop this from happening, either resolve the problem and register the client with the Configuration Manager Proxy or uninstall it from the Mac (p. 49). If firewall is enabled in Mac OS X, a message box will open at the end of a successful registration asking you if pma_agent.
Deploying Parallels Mac Client Example: $ sudo ./InstallAgentUnattended.sh http://myhost.local:8761/files/pma_agent.dmg myname mypass mydomain If you receive the "Permission denied" error when executing the script, run the following command to set the file permissions and then execute the script again: $ chmod 755 InstallAgentUnattended.
Deploying Parallels Mac Client Verifying Mac Client Deployment To verify that the Parallels Mac Management deployment was successful, open the Configuration Manager console and navigate to Assets and Collections / Devices / All Mac OS X Systems. You should see some Mac computers in the list. If you ran Network Discovery to discover Macs, some of those Macs may not have Parallels Mac Client installed on them. The possible reasons for this are described in Deploying Mac Client via Network Discovery (p. 41).
Deploying Parallels Mac Client Upgrading Parallels Mac Client When you upgrade Parallels Mac Management for Microsoft SCCM, the Parallels Mac Client must also be upgraded on every Mac computer. This task can be accomplished by distributing the client installation package to Macs using the standard software distribution functionality of Configuration Manager.
Deploying Parallels Mac Client The Mac will remain in the Configuration Manager database, but its management will not be possible. You can reinstall the client on the Mac later to restore management functions.
CHAPTER 4 Managing Parallels Mac Client After you install Parallels Mac Client on a Mac and register it with Parallels Configuration Manager Proxy, you can begin managing the Mac in Configuration Manager. The Parallels Mac Client itself can also be managed on the Mac where it is installed. This chapter describes the common Parallels Mac Client management tasks. In This Chapter Viewing Parallels Mac Client Properties ....................................................................
Managing Parallels Mac Client When you click the Parallels Mac Management icon, the following dialog opens: The General box contains the Parallels Mac Client properties and their values: • Certificate expiration date. The date and time when the Mac client certificate expires. • Certificate subject name. A globally unique name identifying the Mac client for which the certificate was issued. • Connected to SCCM Proxy.
Managing Parallels Mac Client Initiating Policy Retrieval Parallels Mac Client downloads its policy from Configuration Manager automatically according to a schedule. There may be a need to download the latest policy before the scheduled download occurs. Parallels Mac Client provides this ability. Using Graphical User Interface to Initiate Policy Retrieval To initiate manual policy retrieval, open System Preferences, then click the Parallels Mac Management icon.
Managing Parallels Mac Client Using Command Line to Initiate Policy Retrieval To initiate policy retrieval from a command line, change directory to /Library/Parallels/pma_agent.app/Contents/MacOS and type the following command in Terminal: $ pmmctl get-policies On completion, the command returns one of the following XML documents depending on the result: Policy retrieval failed PAGE 55Managing Parallels Mac Client Sending Problem Reports From Mac Client If you are experiencing a problem with Parallels Mac Client, you can obtain a problem report and then send it to Parallels Support. To obtain a report, open System Preferences and then click the Parallels Mac Management icon. The following dialog opens: Click the Send Problem Report button to obtain a report. The Send Problem Report dialog opens and the report data gathering process begins.
Managing Parallels Mac Client This is the same dialog as the one that opens when you click the Send Problem Report button described above.
CHAPTER 5 Parallels Mac Management Features This chapter contains information about how to use Parallels Mac Management features. In This Chapter Using Configuration Manager 2012 Console............................................................. 57 Understanding Collections in Parallels Mac Management ......................................... 57 Hardware and Software Inventory............................................................................. 58 Desired Configuration Management................
Parallels Mac Management Features To see the All Mac OS X Systems collection, open the Configuration Manager 2012 console and navigate to Assets and Compliance / Overview / Device Collections / All Mac OS X Systems. The collection can contain both managed and unmanaged Macs. A Mac is added to a collection as an unmanaged resource if the client software is not installed on it or if it's not registered with the Configuration Manager Proxy.
Parallels Mac Management Features 5 In the Default Settings dialog, select Hardware Inventory in the left pane. 6 Use the controls in the right pane to enable and schedule hardware inventory. 7 To select the classes to be collected by hardware inventory, click the Set Classes button. Review the selected classes and make changes if needed.
Parallels Mac Management Features Parallels Mac Management provides two methods of defining an OS X configuration profile: • Using a custom configuration item dialog in the Configuration Manager Console to define a profile from scratch. • Creating a profile from an existing file containing the OS X profile data. Such a file can be created in advance using Mac OS X Server’s Profile Manager and then imported into the configuration item dialog designed for this purpose.
Parallels Mac Management Features The dialog mimics the interface of the Mac OS X Server’s Profile Manager. The left pane of the dialog contains the list of payloads that define groups of settings. The right pane contains the settings for a selected payload. When you select a payload for the first time, the right pane will only contain a short description and the Configure button. Clicking the Configure button will show the actual editable fields.
Parallels Mac Management Features Some of the items will be populated with the default values, some will be empty. If this is a new configuration profile, only the Configuration Item and the General payloads will show the editable fields. All others will contain just the Configure button. Specifying the values for a particular payload is optional.
Parallels Mac Management Features Payload Overview The first item in the payload list is Configuration Item. It is not really a payload and is used to specify the configuration item name and an optional description. This is the name that will appear in the Configuration Items list in the Configuration Manager console after you save the profile. The General payload (second in the list) specifies the Mac OS X configuration profile general information.
Parallels Mac Management Features 1 In the Configuration Manager console, navigate to Assets and Compliance / Overview / Compliance Settings. 2 Right-click Configuration Items and then point to Create Parallels Configuration Item and click Mac OS X Configuration Profile from File. 3 The Mac OS X Configuration Profile dialog opens. 4 Enter the desired configuration profile name and description. 5 Select the profile type from the following options: • User profile.
Parallels Mac Management Features 8 To edit the profile data after the configuration item has been saved, right-click the profile and select Edit Parallels Configuration Item from the pop-up menu. The Mac OS X Configuration Profile dialog will now have the Import from .mobileconfig and Export to .mobileconfig buttons. Using these two buttons, you can export the profile into a file, edit it in an external application (e.g. Profile Manager) and then import it back into the configuration item.
Parallels Mac Management Features • To use the interactive mode, enter the %user_interaction_required% tag into a field instead of the actual value. If a payload contains this tag in at least one field, the Mac user will be prompted to manually enter all of the missing settings. The interactive mode will be used even if none of the missing settings are actually required on the Mac OS X side. You can enter the %user_interaction_required% tag into any field that you want a user to set manually.
Parallels Mac Management Features • Personal. A personal recovery key is created automatically for each individual Mac during the encryption procedure and is saved in the database on the primary SCCM site (p. 153). If a Mac user forgets the password for unlocking the disk, the personal recovery key for the disk can be retrieved from the database and can be used to unlock the disk.
Parallels Mac Management Features 4 Choose the name and location for the new file. Make sure that the File Format field has "Certificate (.cer)" option selected. 5 Click Save to export the certificate. 6 Copy the exported .cer file to a location where it can be accessed from the computer running the Configuration Manager 2012 console. You will later add this file to a configuration item to be distributed to Macs.
Parallels Mac Management Features When a Mac is evaluated for compliance, an attempt will be made to enable FileVault 2 on it. The Mac user will be notified as follows: 1 A message box is displayed informing the user that the Mac is about to be encrypted. The dialog has two buttons: Encrypt and Postpone. 2 If the user clicks Postpone, the encryption operation will be postponed. The dialog will be displayed to the user again after a predefined period of time (five minutes).
Parallels Mac Management Features • Institutional — institutional recovery key. • Status — the current encryption status. The possible values are described in the table below. • Volume — the volume name. Viewing the FileVault 2 Disk Encryption Report 5 In the Configuration Manager console, navigate to Monitoring / Reporting / Reports. 6 Locate the FileVault 2 Disk Encryption report and double-click it. The FileVault 2 Disk Encryption dialog opens displaying the report.
Parallels Mac Management Features After the Macs have been encrypted, the best way for the system administrator to monitor the Mac encryption status is to configure the baseline containing the FileVault 2 configuration item to run as often as necessary (e.g. daily). If an unauthorized change have been made to the FileVault 2 encryption, the baseline run will fail and will report an error to Configuration Manager.
Parallels Mac Management Features Finding the Correct FileVaultMaster.keychain File If you have more than one FileVaultMaster.keychain file and you forgot which one is which, you can compare the SHA1 fingerprint of the certificate in the file to the fingerprint of the original certificate that Parallels Mac Management has saved in its database (p. 153).
Parallels Mac Management Features 3 In the FileVault 2 Encryption Information dialog, enter the Mac's serial number of hardware ID. Click Search. 4 If the Mac was previously encrypted through Parallels Mac Management, a dialog will open containing the FileVault 2 encryption properties for this Mac. 5 Use the value of the Institutional key property to compare it to the SHA1 fingerprint of the certificate in a FileVaultMaster.keychain file.
Parallels Mac Management Features Creating FileVault 2 Configuration Item To create a FileVault 2 configuration item using a personal recovery key: Note: If you want to use an institutional recovery key, jump to FileVault 2 Encryption with Institutional Recovery Key (p. 67). 1 In the Configuration Manager console, navigate to Assets and Compliance / Overview / Compliance Settings.
Parallels Mac Management Features 2 If the user clicks Postpone, the encryption operation will be postponed. The dialog will be displayed to the user again after a predefined period of time (five minutes). The user has the ability to keep postponing the encryption indefinitely. The time period after which the dialog is displayed again is doubled each time the user clicks Postpone, but never exceed one hour.
Parallels Mac Management Features Viewing the FileVault 2 Disk Encryption Report 5 In the Configuration Manager console, navigate to Monitoring / Reporting / Reports. 6 Locate the FileVault 2 Disk Encryption report and double-click it. The FileVault 2 Disk Encryption dialog opens displaying the report. 7 Each row in the report represents a corresponding Mac volume and contains the following columns: • Netbios Name — the Mac netbios name. • Volume — the volume name.
Parallels Mac Management Features Note: You should be aware of one scenario when the FileVault 2 encryption status may not be reported accurately in the Mac hardware inventory. This will happen when a Mac is removed from the Configuration Manager site, the Parallels Mac Client is uninstalled from it, and the Mac is then assigned to the site again. If the Mac was encrypted with FileVault 2 prior to removing it from the site, the encryption status will be reported as Encrypted by a 3rd party.
Parallels Mac Management Features 4 In the Properties dialog, click the FileVault 2 tab to view the FileVault 2 encryption information for the Mac. The properties are: • Hardware ID. Contains the Mac hardware ID. • Serial Number. Contains the Mac serial number. • Personal Key. Contains the personal recovery key (will be blank if an institutional key was used). • Institutional key. Contains the SHA1 fingerprint of the institutional key certificate (will be blank if a personal key was used). • LVGUUID.
Parallels Mac Management Features 3 Look for the UUID of a Logical Volume, usually the last in the list. Select and copy the UUID to be used in the next step. 4 Use the following command to unlock the encrypted disk. Be sure to insert the UUID from the previous step: $ diskutil cs unlockVolume UUID -passphrase recoverykey 5 When the command completes, the volume will be unlocked and mounted. You'll be able to back up data using Disk Utility, or by using a command line tool such as ditto.
Parallels Mac Management Features 2 Right-click Configuration Items, point to Create Parallels Configuration Item and click Parallels Desktop Configuration. The Parallels Desktop Configuration Profile dialog opens. The following list describes the organization of the Parallels Desktop Configuration Profile dialog: • Configuration Item. Specifies the name and description of the configuration profile. • Security.
Parallels Mac Management Features To evaluate Mac computers for compliance, you need to add the configuration item to a baseline and then deploy it to a Mac collection. See Deploying Configuration Baseline (p. 86) for more information. Enforcing Parallels Desktop VM Settings A Parallels Desktop virtual machine has numerous configuration options that can be customized on client Macs according to your organization requirements.
Parallels Mac Management Features 4 To include an option in the configuration profile and to specify its value click the ON/OFF switch to toggle it to "ON". To exclude an option, toggle the switch to "OFF". The excluded options will not be evaluated on managed Macs. 5 When finished, click the OK button to close the dialog. To modify the profile, right-click it and then click Edit Parallels Configuration Item in the pop-up menu.
Parallels Mac Management Features General Page Specify the general properties of the configuration item: 1 Specify the configuration item Name and an optional Description. 2 Select Mac OS X in the Specify the type of configuration item that you want to create list box. 3 Click Next. Supported Platforms Page Select the OS X versions to which this configuration item should be applicable. Please note that this selection will be ignored in the future releases of Parallels Mac Management.
Parallels Mac Management Features Compliance Rules Page The Compliance Rules page lists the compliance rules that you've created earlier. You can review and modify them if necessary. You can also create new rules here if needed. Click Next when ready. Summary, Progress, and Completion Pages Review the configuration item summary and click Next when ready. Wait for the configuration item to be created. Review the info on the Completion page and click Close to exit the wizard.
Parallels Mac Management Features You can type (or copy and paste) the script into the Script edit box. If you have the script saved in a file, click the Open button to browse for it. A remediation script is used to remediate noncompliant setting values found on a Mac. The noncompliant value is passed to the script as an input parameter after obtaining it with the discovery script and assessing it using the compliance rules. A remediation script should return 0 (zero) as a string via standard output.
Parallels Mac Management Features To create a rule, do the following in the Create Rule dialog: 1 Specify the rule Name and an optional Description. 2 Set the Rule type to Value. 3 Use the The setting must comply with the following rule section to specify the rule. 4 If you specified a remediation script for this configuration item setting, you may select the Run the specified remediation script when this setting is noncompliant option.
Parallels Mac Management Features 1 In the Configuration Manager console, right-click the baseline that you've created and click Deploy in the pop-up menu. 2 In the Deploy Configuration Baselines dialog, click the Browse button. 3 In the Select Collection dialog, select Device Collections in the drop-down list box and then select the All Mac OS X Systems collection in the list. Click OK.
Parallels Mac Management Features 3 Specify the report criteria using the provided options (computer name, configuration item name). 4 Click Display to view the report.
Parallels Mac Management Features Silent Installation If you configure the application to install silently, it will be delivered to a Mac and installed without giving the user any control over the installation process. The only operation that the user will be asked to confirm is restarting the Mac if it is required by a particular application. The options that must be set in order to perform a silent installation are highlighted in the corresponding topics describing the application deployment steps.
Parallels Mac Management Features 1 Download the ConfigmgrMacClient.msi file from the Microsoft Download Center. Use one of the following URLs depending on the SCCM version you are using: • SCCM 2012 R2: http://www.microsoft.com/en-us/download/details.aspx?id=39360 • SCCM 2012: http://www.microsoft.com/en-us/download/details.aspx?id=36212 2 Run the file on your Windows computer to extract the macclient.dmg file.
Parallels Mac Management Features 7 On the General Information page, specify the application name, and optionally publisher, and version. Click Next. 8 Review the application settings on the Summary page and click Next. 9 Wait until the application is created and then click Close to close the wizard. The new application will appear in the Applications list in the Configuration Manager console.
Parallels Mac Management Features To modify the properties of the deployment type: 1 Select the Deployment Types tab at the bottom of the Applications workspace. 2 Right-click the deployment type and click Properties in the context menu. 3 The - Mac OS X Properties dialog opens. Use the following instructions to modify the deployment type properties as needed.
Parallels Mac Management Features Specify Detection Method The Detection Method tab page allows to specify how Configuration Manager determines whether this deployment type is already present on a Mac. This information is automatically imported when you convert the OS X installation image to a .cmmac file.You can modify the imported information, if needed, by editing the existing clause or creating a new one.
Parallels Mac Management Features 3 In the Select Collection dialog, select Device Collection in the drop-down list, and then select the target collection (e.g. All Mac OS X Systems). Click OK. 4 Click Next. 5 On the Content page, click Add to add a Distribution Point that will host this content. Select a Distribution Point and click OK. 6 Click Next. 7 On the Deployment Settings page, in the Action drop-down list, select Install.
Parallels Mac Management Features • Display in Software Center and only show notifications for computer restarts — This option is similar to the Display in Software Center and show all notifications option (above) with one exception: the installer will run in the background, so the user will have no control over the installation process. The user will still be given a choice to install the application or to postpone the installation, and to restart or postpone restarting the Mac if it is required.
Parallels Mac Management Features • If the policy was downloaded after the deadline has passed, the effective deadline will be set to the time of the policy download plus 24 hours. • Install now — Clicking this button will close the dialog and will run the application installer.
Parallels Mac Management Features The Parallels Application Portal window has the following elements: • All Applications tab — Lists all application, including installed applications and applications that are available for installation. If at least one application was configured as "featured", the list will be split into two parts: Featured Applications and Other Applications. An application can be configured as "featured" on the Application Catalog tab page of the Properties dialog (p.
Parallels Mac Management Features The Package page 14 Specify the package name and an optional description, manufacturer, language, and version information. 15 Select the This package contains source files option and then click the Browse button to select the source folder. 16 Click Next. The Program Type page Select the Standard program option and click Next. The Standard Program page 1 Specify the program name.
Parallels Mac Management Features $ /usr/sbin/installer -pkg "packages/mysoft_v1.pkg" -target / The following example will similarly mount an .iso image file: :MySoft/MySoft-1.0.iso/packages/mysoft_v1.pkg:: 3 Specify whether you want to allow Mac users to interact with the program installation.
Parallels Mac Management Features 2 Select the program and click Properties on the toolbar. The program Properties dialog opens. 3 On the General tab, in the After running list, select the action that should be performed after the package installation finishes: • No action required. This is the default option. If selected, no additional action will be performed on a Mac after the package installation finishes. • Configuration Manager restarts computer.
Parallels Mac Management Features 2 On the General page, click the Browse button next to the Collection field and select the collection containing the desired Mac resources (e.g. All Mac OS X Systems). Click OK and then click Next. 3 On the Content page, verify the distribution point info and click Next. 4 Click Next on the Deployment Settings page. 5 On the Scheduling page, specify the schedule for this deployment. Click New to specify the assignment schedule. When done, click Next.
Parallels Mac Management Features Additionally, the Windows server running the Configuration Manager console must have the Windows Assessment and Deployment Kit (Windows ADK) installed. When installing ADK, make sure that the Deployment Tools option is selected. Step 2: Create a bootable Mac OS X USB drive You need a bootable Mac OS X USB drive to create a master and a slave partitions on a Mac to be imaged. To create a bootable USB drive: 1 On a Mac running Mac OS X, mount the ".
Parallels Mac Management Features 4 In the Network Disk field, choose and type in the name for the image (e.g. MyNetRestore). 5 Click Create and choose a location on the slave partition. A folder containing the image will be created (e.g. MyNetRestore.nbi). 6 Copy the folder to the Windows server running the Configuration Manager console.
Parallels Mac Management Features 3 On the new device record select Add selected items to new device collection to create new collection. Type the desired Collection Name and in Limiting Collection select All Systems. Step 7: Create a Task Sequence associated with the OS X image 1 In the Configuration Manager console, navigate to Software Library / Operating Systems / Task Sequences. 2 Right-click anywhere in the list and click Create Task Sequence for Macs in the pop-up menu.
Parallels Mac Management Features • If you have a single OS X image, you can hold the N key as a Mac boots to boot from it. • If you have multiple images, hold the Option key during the Mac startup. This will start the Mac in Startup Manager where you can select an image to boot from. Deploying Parallels Desktop and Virtual Machines on Macs Parallels Desktop for Mac is a virtualization software that allows to run Windows and other operating systems on a Mac computer alongside Mac OS X.
Parallels Mac Management Features Parallels Desktop and a source virtual machine can be configured before deployment in a number of ways according to your requirements. This includes the general virtual machine configuration parameters, such as the number of CPUs, available RAM, hard disk size, etc., as well as additional configuration options.
Parallels Mac Management Features Sending the Package to a Distribution Point To send a copy of the package to a distribution point, right-click the package of interest and click Distribute Content in the pop-up menu. Use the Distribute Content Wizard to specify a distribution point to which you want to send the package. Please make sure that the distribution point is properly configured as described in the Configuring a Distribution Point section.
Parallels Mac Management Features 1 Configure a distribution point. 2 Create a software distribution package (see below). 3 Create a program (see below). 4 Send the package to the distribution point. 5 Deploy the software. The rest of this section describes how to create a software distribution package and a program containing instructions to install the client software in Windows. Please follow the links in the list above for the information on how to perform the other steps.
Parallels Mac Management Features When the package is created, send it to a distribution point and specify the deployment settings. See Software Distribution (p. 97) for details. Managing Windows Virtual Machine After you install the Configuration Manager client agent in a Windows virtual machine, the machine can be managed from the Configuration Manager console. Please note that depending on the networking mode used by the virtual machine, some of the standard SCCM management functions may not work.
Parallels Mac Management Features • Connect via SSH. This option uses the Secure Shell (SSH) protocol to access a shell account on a remote Mac and execute commands in Mac OS X. Parallels Mac Management uses third-party VNC and SSH client utilities that are installed in Windows automatically when you install the Configuration Manager Console Extension component. A VNC server and an SSH server are included in every edition of Mac OS X and are installed on a Mac by default.
Parallels Mac Management Features When you select the Connect via SSH option in the Configuration Manager console, the SSH client application starts and asks you to enter the Mac user ID and password. If the credentials are valid, an SSH window opens where you can type and execute commands in Mac OS X.
Parallels Mac Management Features Sending Problem Reports Using Windows Reporting Utility In addition to the Configuration Manager Console Extension reporting feature, Parallels Mac Management provides a standalone reporting utility for Windows, which is installed when you install the Configuration Manager Proxy or the Configuration Manager Console Extension components.
Parallels Mac Management Features Click Cancel to close the dialog without sending the report. If the utility is run on the computer where the Configuration Manager Proxy is installed, the report file will be forwarded to Configuration Manager Proxy, which will notify the Problem Monitor about it. You can then use the Problem Monitor to view the report summary and to send it to Parallels Support. For the information about Problem Monitor, see Using Problem Monitoring Utility (p. 113).
Parallels Mac Management Features Starting and Stopping the Problem Monitor The monitor starts automatically after you complete the Parallels Mac Management installation. It also starts automatically when the computer is rebooted and a user logs in to Windows. If the user is not authorized to access the computer where the Configuration Manager Proxy is running, a dialog is displayed asking the user to enter a user name and password.
Parallels Mac Management Features Viewing the Problem Report List To view the problem report list, click the balloon to open the Problem Reports dialog. If the balloon is not currently displayed, right-click the problem monitor icon and select Show Problem Reports from the pop-up menu (or you can simply click the icon). Each row in the list contains information about an individual report and has the following columns: • Created — contains the date and time when the report was created.
Parallels Mac Management Features Viewing the Problem Report Activity Log The problem monitor maintains an activity log, which contains the information about the operations that were performed on the reports. To view the problem report activity log, right-click the problem monitor icon in the notification area and select Problem Reports Log from the pop-up menu. The Problem Report Operations Log dialog opens. Each entry in the log describes an individual operation that was performed on a report.
Parallels Mac Management Features • Status — Apple warranty status. • Expiration Date — Apple warranty expiration date. • Last Update — the date on which the warranty information was last updated.
CHAPTER 6 Technical Reference This chapter provides the resources to help you use the Parallels Mac Management user interface components. In This Chapter Wizard Pages ........................................................................................................... 118 Property Pages ........................................................................................................ 129 Dialog Pages ..............................................................................................
Technical Reference SMS Provider Location Page The SMS Provider location page is used to specify the IP address or hostname of the server where the SMS Provider is installed. The page contains the following elements: Local Server Select this option if the SMS Provider is installed on the server where you are running this wizard. Remote server (enter the server hostname or IP address) Select this option if the SMS Provider is running on a remote server.
Technical Reference Note: The Configuration Manager Proxy service account must have read/write access to the SMS Provider. The page contains the following elements: Local System account Specifies that the predefined LocalSystem account should be used to run the Configuration Manager Proxy service. This account Specifies a user account name. This can be a local or a domain user account. Enter the account name into the text field provided.
Technical Reference The page has the following elements: SCCM site code Specifies the Configuration Manager site code. Select the site code that you want to use from the list. Security Settings Page The Security settings page is used to configure the Configuration Manager Proxy role-based access control. The roles are created during the Parallels Mac Management installation and include the following: • Administrator.
Technical Reference The roles are listed in the Roles list. You can select a role and see the default users and groups for it. Depending on your requirements, you can remove a default group and/or add a new group or a user. To remove a group, select it and click the "-" button. To add a group or a user click the "+" button and use the standard Select Users, Computers, Service Accounts, or Groups dialog to specify a user or a group.
Technical Reference Configuration Manager Proxy Communication Ports Page The Configuration Manager Proxy communication ports page can be used to change the default communication ports. The page contains the following elements: Use custom ports Select this option to override the default communication ports. Ports for incoming connections to SCCM Proxy Displays the default port used by SCCM Proxy for incoming connections.
Technical Reference Parallels NetBoot Server Configuration Wizard SMS Provider Location Page The SMS Provider location page is used to specify the IP address or hostname of the server where the SMS Provider is installed. The page contains the following elements: Local Server Select this option if the SMS Provider is installed on the server where you are running this wizard. Remote server (enter the server hostname or IP address) Select this option if the SMS Provider is running on a remote server.
Technical Reference Note: The account must have read/write access to the SMS Provider. The page contains the following elements: Local System account Specifies that the predefined LocalSystem account should be used to run the Configuration Manager Proxy service. This account Specifies a user account name. This can be a local or a domain user account. Enter the account name into the text field provided.
Technical Reference NetBoot Image Path Page The NetBoot image path page is used to specify a folder where the NetBoot server will store .dmg images. The page contains the following elements: Path Specifies the image path.
Technical Reference Enable Unknown Macs Support Page The Enable unknown macs support page allows you to specify whether the NetBoot server is allowed to work with Macs not assigned to the SCCM site. A Mac assigned to the site can be fully managed via SCCM. An unknown Mac is recognized on the network, but has not joined the SCCM site and therefore cannot be managed. You can enable the NetBoot server functionality for unknown Macs, so you can deploy Mac OS X images on them.
Technical Reference Software Distribution Wizards Create Package and Program Wizard The Create Package and Program Wizard is used to create a software distribution package and a program. Please note that some options that can be set using the wizard are not used and will be ignored. The following describes which options are supported and which are not. General page Option Supported Description Name Yes Package name. Description Yes Package description. Version Yes Package version.
Technical Reference All other fields on the Requirements page are ignored. The Summary, Progress, and Completion pages don't have user editable fields. Property Pages Parallels Discovery Properties The Parallels Discovery Properties dialog displays information about discovery and provides controls to modify discovery properties. The discovery configuration is done through the individual tabs in this dialog.
Technical Reference The General tab contains the following elements. Enable network discovery Enables or disables network discovery. Nmap scan settings: Specify the TCP ports to scan Specifies the ports to scan. You can enter multiple ports separated by a comma, space, or semicolon. Nmap scan settings: Nmap timing policy Specifies the Nmap timing policy.
Technical Reference Client Push Installation Accounts list Contains the names of user accounts that discovery will use to log in to remote Mac computers. The following options are available to manage user accounts: • New icon: Opens the Mac OS X User dialog to add a Mac account. • Delete icon: Deletes the selected account from the list. • Move Up icon: Moves the selected account up one position on the displayed user list.
Technical Reference The following options are available for managing the subnets searched during a Network Discovery run: • New icon: Opens the New Subnet Properties dialog to add subnet information to the discovery polling list and to initially enable the specific subnet search. Note: Specifying a subnet does not guarantee that it will be searched, as this is influenced by the number of router hops selected.
Technical Reference Allows to specify a filter for the Boundaries to search lists. You can type any part of the text that might appear in the boundary's name, type, or description. Check All Selects all boundaries in the list. Uncheck All Clears all boundaries in the list. Parallels Discovery Properties: Schedule Tab Use the Schedule tab of the Parallels Discovery Properties dialog to set the Network Discovery schedule. Each schedule runs Network Discovery as currently configured.
Technical Reference The following options are available to manage Network Discovery schedules: • New icon: Opens the Custom Schedule dialog to add a new schedule to the schedule list. This schedule may be for a one-time only run, or be a recurring schedule. • Properties icon: Opens the Custom Schedule dialog to modify a selected schedule from the schedule list as needed. • Delete icon: Deletes the selected schedule from the schedule list.
Technical Reference OK button Saves the configuration item. Cancel Closes the dialog without saving the configuration item. Help Displays this help topic. Mac OS X Configuration Profile (from file) Dialog Use this dialog to create a Mac OS X configuration item from an existing Mac OS X Configuration Profile file. Mac computers will be evaluated for compliance using the configuration contained in the specified file. The dialog contains the following elements: Name User-defined configuration item name.
Technical Reference Select this option if you want to install the configuration profile using the current user's security context. Note that the System Policy Control payload (designated by specifying com.apple.systempolicy.control as the PayloadType) must only exist in a device profile. If the payload is present in a user profile, an error will be generated during installation and the profile will fail to install. System profile Use this option when you want to install the configuration profile as root.
Technical Reference The dialog contains the following elements: Name Specifies the configuration item name. Description Specifies the configuration item description. Key type: Personal If this option is selected, a personal key will be used to encrypt each Mac. Key type: Institutional If this option is selected, an institutional key will be used to encrypt all Macs to which this configuration item will be applied. Browse The button is enabled when the Key type: Institutional option is selected.
Technical Reference Parallels Desktop Configuration Profile Dialog Use this dialog to create a Parallels Desktop configuration profile. Parallels Desktop on Mac computers will be evaluated for compliance using the configuration that you specify here. The configuration options in the dialog are grouped by functionality. To make modifications: 1 Select an item in the left pane. 2 The right pane is populated with the corresponding configuration options.
Technical Reference License Specifies Parallels Desktop license information. USB Specifies USB settings. Updates Specifies Parallels Desktop automatic update options. Network Specify networking settings. Miscellaneous Specifies miscellaneous configuration options. OK button Saves the configuration item. Cancel button Cancels the changes and closes the dialog. Help button Opens this help topic.
Technical Reference Virtual Machine Configuration Profile Dialog Use this dialog to create a configuration item containing Parallels virtual machine configuration settings. Virtual machines on client Macs will be evaluated against the configuration settings that you specify here. The configurations options in the dialog are grouped by functionality. To make modifications: 1 Select an item in the left pane. 2 The right pane is populated with the corresponding configuration options.
Technical Reference Resources Specifies the CPU, RAM, video memory, and boot settings. Startup / Shutdown Specifies virtual machine startup and shutdown settings. Optimization Specifies performance, power, and free space optimization settings. Security Specifies virtual machine security settings, including password-protecting virtual machine actions and blocking the Mac user from modifying a virtual machine configuration. Backup Specifies virtual machine backup settings.
Technical Reference New Subnet Assignment Dialog Use this dialog to specify a subnet to be searched by Network Discovery. The dialog contains the following elements: Subnet A subnet number in IP format (for example, 131.24.10.0) to be searched by Network Discovery. Mask The subnet mask for the subnet number (for example, 255.255.255.0). Enable subnet search Enables Network Discovery in the specified subnet.
Technical Reference Custom Schedule Dialog Use this dialog to schedule the start, recurrence pattern, and duration of an operation. The dialog contains the following elements: Time Specifies the Start date and time or Duration of the operation. Recurrence Pattern Specifies how often this operation recurs. The following options are available for setting a recurrence pattern: • None: Specifies that the operation does not recur. • Weekly: Specifies that the operation recurs every N weeks.
Technical Reference Days: Values from 1 to 31 days, inclusive. Max OS X User Account Dialog Use this dialog to specify a Mac OS X user account that Network Discovery should use to connect to remote Mac computers. The user account must have administrative rights on the Mac. The dialog contains the following elements: User Name Specifies the Mac OS X user account name. Password Specifies the Mac OS X user account password. Confirm Password Specifies the Mac OS X user account password for confirmation.
Technical Reference Click the Send Report button to collect the report data and send it to Parallels Support. A progress bar will be displayed informing you of the data collection progress. Close button Click the Close button to close the dialog. Send Problem Report Dialog Use this dialog to send a problem report to Parallels Support. The dialog contains the following elements: Report file location: The name and path of the file containing the report. This is a temporary location.
Technical Reference • Description — specifies whether the report was generated automatically or manually by a user. Send Report button Sends the selected problem report to Parallels Support and removes the report from the list. The report is also deleted from the server on which it resides. Delete button Removes the reports from the list and from the server on which it resides. Close button Closes the dialog.
CHAPTER 7 Appendices In This Chapter Ports Used by Parallels Mac Management ............................................................... 147 Log Files in Parallels Mac Management for Microsoft SCCM .................................... 148 Changing Log File Rotation Limits ............................................................................ 151 Parallels Mac Management Database.......................................................................
Appendices Mac client 8000 Mac Required Required for Parallels Mac Client to accept incoming connection from Parallels Configuration Manager Proxy. In addition, RPC ports need to be open in order to allow WMI/RPC traffic to pass through. RPC ports can be opened by enabling a Group Policy firewall exception. Open the Group Policy Object Editor snap-in (gpedit.msc) to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.
Appendices SCCM Console Extension pma_isv_proxy_service.log This is the main SCCM Proxy log file. It is updated as needed while the SCCM Proxy service is running. It contains information related to the SCCM Proxy operations such as starting/stopping the service, reading various system properties, starting or stopping Mac management utilities and others. pma_discovery.log This log file is updated every time a network discovery (manual or scheduled) is run.
Appendices The following table describes the Site Server log files which are located in the \LOGS folder. The files may contain information about the SCCM Proxy component. Log file Log file description Colleval.log Records activities when collections are created, changed, and deleted by the Collection Evaluator. Dataldr.log Processes Management Information Format (MIF) files and hardware inventory in the Configuration Manager database. Ddm.
Appendices MP_Status.log Converts XML.svf status message files from clients and copies them to the site server. The following table describes the Admin UI log files, which are located in the \AdminUI\AdminUILog directory. The files may contain information about the Configuration Manager Console Extension component. Log file Log file description ResourceExplorer.log Records errors, warnings, and information about running the Resource Explorer. SMSAdminUI.
Appendices pma_discovery Windows %Windir%\Logs\pma_discovery.log pma_problem_monitor Windows %Windir%\Logs\pma_problem_monitor.log Windows %Windir%\Logs\pma_report_tool.log Mac OS X /Users//Library/Logs pma_agent Mac OS X /Library/Logs/pma_agent.log pma_agent_ui Mac OS X /Library/Logs/pma_agent_ui.log pma_report_tool A log file is populated with data when an executable is running and performing its tasks.
Appendices • To set the maximum number of files in a rotation set, modify the value of the “MaxNumberOfSavedLogs” parameter. On Mac OS X computers, the log rotation limits are stored in the /Library/Preferences/com.parallels.pma.agent.plist file. To modify the limits: • Open the com.parallels.pma.agent.plist file in a text editor. • To set the log file size limit, modify the value of the "LogFileSizeLimit" parameter. The size is specified in bytes.
Index Index A About Parallels Mac Management for Microsoft SCCM 2012 - 7 About This Guide - 7 Appendices - 148 Application Management - 89 C Certificate Authority and PKI Integration Overview - 20 Changing Log File Rotation Limits - 152 Checking Installation Requirements - 10 Checking User Rights Requirements - 14 Choosing Installation Type - 89 Configuration Manager Proxy Communication Ports Page - 124 Configuration Manager Proxy Service Account Page - 120 Configuration Progress Page - 128 Configuration
Index Exporting Client Certificate for Distribution Point - 26 F FileVault 2 Configuration Item Dialog - 137 FileVault 2 Encryption with Institutional Recovery Key - 68 FileVault 2 Encryption with Personal Recovery Key - 74 H Hardware and Software Inventory - 58 I Initiating Policy Retrieval - 53 Installing Active Directory Certificate Services Role - 21 Installing Application on a Mac - 96 Installing Custom Workstation Authentication Certificate - 26 Installing Mac Client Using Installation Script 46 In
Index Sending Package to Distribution Point - 101 Sending Problem Reports from Mac Client 114 Sending Problem Reports From Mac Client 55 Sending Problem Reports Using Configuration Manager Console - 112 Sending Problem Reports Using Windows Reporting Utility - 113 SMS Provider Location Page - 120, 125 Software Distribution - 98 Software Distribution Wizards - 129 Specifying Script Interpreter - 86 Switching SCCM Roles from HTTP to HTTPS - 27 T Technical Reference - 119 Tracking Apple Warranty Status of Mac
