iPad LockDown – .MobileConfig

It is possible to put an iPad or iPhone into ‘Store Demo’ mode so that the home button and swipe to home gesture is disabled. If you have seen the iPads in the Apple Store running the smart sign apps then you will know what I mean.

It is actually pretty trivial to make this work, all you need to do is install a correctly formatted mobile config plist over the air from a web server.

To deliver your config from the web all you have to do is direct the iPhone to a url containing the profile. Just open the link to your .mobileconfig file in safari. If you don’t have web space you can just use dropbox public folder URLs or switch on your mac webserver.

This config file will not load in the iPhone Configuration Utility as it uses keys that IPCU doesn’t know about. You can combine this with whatever other enterprise configuration profiles you have in play.

IPCU is not required to remove the profile. However note that to get your device back to normal you would need to do the following:

  1. Reboot
  2. Open the settings app FIRST – don’t open anything else or you will need to reboot again
  3. Settings->General->Profiles->[your profile] remove it.
  4. Reboot

you should be back to normal.

I have included an example plist that will disable the home button and lock your device into the app.

BEWARE

Once this profile is installed the first app that is launched when the device is rebooted will be the only app that will run until you reboot the device again. This completely disables the ability to return to the home screen (unless your app crashes) including accessibility assistive touch.

Note that after installing the profile you must reboot the device (power off, power on) for it to take effect. To remove the profile plug the device into IPCU and delete it then reboot the device. Everything will be back to normal.

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”&gt;
<plist version=”1.0″>
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>Disables home</string>
<key>PayloadDisplayName</key>
<string>Home Button Lock</string>
<key>PayloadIdentifier</key>
<string>com.hbkill.kiosk</string>
<key>PayloadOrganization</key>
<string>My Org</string>
<key>PayloadType</key>
<string>com.apple.defaults.managed</string>
<key>PayloadUUID</key>
<string>B2D02E2D-BAC5-431B-8A29-4B91F71C9FC1</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadContent</key>
<array>
<dict>
<key>DefaultsDomainName</key>
<string>com.apple.springboard</string>
<key>DefaultsData</key>
<dict>
<key>SBStoreDemoAppLock</key>
<true/>
</dict>
</dict>
</array>
</dict>
</array>
<key>PayloadDescription</key>
<string>Disables Home Button</string>
<key>PayloadDisplayName</key>
<string>Home Button Lock</string>
<key>PayloadIdentifier</key>
<string>com.hbkill</string>
<key>PayloadOrganization</key>
<string>My Org</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>614D1FE3-F80D-4643-AF6B-D10C4CC8737A</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

Advertisements

Questions about MDT 2012 Driver Setup

So I’ve had a lot of questions about my MDT 2012 Driver setup and hopefully this post will explain a little bit about it.  Let me know if you have any questions

Personally I have a folder on my server called _Source_Drivers.  I keep all my drivers here and import them into MDT but keep the original.  Here is what my file structure of this folder looks like.

MDT Source Drivers Structure

Once I have my structure setup I then begin to setup the structure on my MDT Deployment Share.  Here is how I currently have it setup as.

MDT Deployment Share Structure

I import the drivers into the specific folders by right clicking the folder in the Deployment Share and import drivers.  I select the folder for that model and import all but select copy the drivers.

Here is what one of the driver sub folders look like in my deployment share

MDT Driver Import Screenshot

 

Don’t forget to add your DriverGroup001 variable set with %make%\%model% right before the Inject Drivers sequence in your Deployment Task Sequence

https://msadministrator.wordpress.com/2012/12/21/mdt-2012-deployment-guide-step-by-step-9-of-11/