In this post, I’m going to talk about the process I took to package and deploy the Mac Endpoint Protection client using Configuration Manager 2012 SP1.
- CM12PS1.CONTOSO.LOCAL = Standalone Primary Site Server (HTTPS Only)
- Justins-MacBook-Pro.local = Mac OS X Client not domain joined
Steps to Take:
The first thing you will need to do is download the latest Endpoint Protection clients for Mac and Linux. This is available from the Volume Licensing website. This should either be an ISO or a self-extracting .EXE.
Once the files are extracted, you should put it on a network share that a Mac OS X client can access, because we will need to create a Configuration Manager application (.CMMAC file) using the CMAppUtil tool from the Mac OS X client installer(In the tools folder).
I’m actually using the RTM bits for Endpoint Protection, because I didn’t have access to the SP1 bits. I copied the Endpoint Protection Installer (ENU.scepMac.i386.dmg in my case) and the CMAppUtil tool to the desktop on my Mac.
Next you will need to open terminal cd to the location of the CMAppUtil and the DMG installer then run some commands to create a CMAPP installer file (My command was "sudo ./CMAppUtil -c ./ENU.scepMac.i386.dmg -o ./" yours may be different depending on your DMG Installer name)
There will be two packages within the DMG image. You will be prompted to choose what one you want to create a CMAPP file for. We want to choose option 1 (this should be the install.pkg)
Type 1 and click enter, it should begin the process of creating the CMMAC file. This file will be saved in the current path you are in within terminal.
Now we will need to copy our CMMAC file to our package source share so we can create an application within the Configuration Manager console
Now we will create an Application in the Console for the CMMAC file for Endpoint Protection
Once the Application is created, I distributed Content and created a required Deployment for the end point protection applicationto a collection containing my Mac Client. This is the notification that the end user should receive when the machine refreshes its policy.
Here’s the Client