This document will step through the process of creating a basic policy for PortBlocker deployment. 

Note: the following policy setup is a very basic example that installs PortBlocker for macOS. Settings in your environment may be different.

  • Enable Apple Configurator Enrollment Static URL:

    • In your Jamf portal go to Settings > Device Management > Apple Configurator Enrollment

Screenshot 2022-12-15 at 3.47.09 PM.png

  • Then check Enable Apple Configurator Enrollment via Static URL

  • Check User-Initiated Enrollment:

    • Once the Static URL has been enabled go to Settings > Global > User-Initiated Enrollment

    • Then uncheck Skip certificate installation during enrollment

Screenshot 2022-12-15 at 3.52.37 PM.png

  • Enable Computer Check-In Settings:

    • Next go to Settings > Computer Management > Check-In

    • Then check all checkboxes in Login Events section

      • Create login events

        • Log Computer Usage information at login

        • Check for policies triggered by login

                                        Screenshot 2022-12-15 at 3.56.00 PM.png

  • Upload a custom enrollment profile:

    • Go to Computers > Configuration Profiles and select Upload in the top right

    • Locate the signed PBInstaller.mobileconfig file and continue to upload (located at the bottom of this document)

Screenshot 2022-12-16 at 9.01.38 AM.png

  • Select Scope and add the appropriate Deployment Targets 

  • Save the New macOS Configuration Profile at the bottom right

Screenshot 2022-12-16 at 9.53.20 AM.png

  • Upload the PortBlocker PKG:

    • Go to Settings > Computer Management > Packages

    • Then click New in the top right

    • Click Choose File to upload the PortBlocker.pkg file and the Display Name will autofill

    • Save the installer package settings and wait for the upload to complete

Screenshot 2022-12-16 at 9.08.35 AM.png

  • Create Mass Deployment Defaults setting script:

    • Go to Settings > Computer Management > Scripts

    • Click the New in the top right

    • Enter the Display Name and a description in the Information field

Screenshot 2022-12-16 at 9.15.40 AM.png

  • Then select the Script tab and leave the default settings

  • Edit the script to set the default mass deployment settings 

  • Save the script

Example Script for basic PortBlocker Deploymen with JAMF

  • “url” = SafeConsole Connection Token

  • “eula” = Auto-accept EULA

#!/usr/bin/env bash

defaults write com.safeconsole.massdeploy '{

    "url" = "";

    "eula" = true;


  • Create PortBlocker Deployment Policy:

    • Go to Computers > Policies

    • Click New in the top right and create a name for your policy

    • Then check the events that can trigger the policy in the Trigger section 

      • Login

      • Recurring Check-In

      • Custom

        • Enter a custom event name to allow Administrators to manually trigger the policy if it not triggered by system events

Screenshot 2022-12-16 at 9.33.25 AM.png

  • Select Packages from the left pane and add your PortBlocker package to the Policy

Screenshot 2022-12-16 at 9.39.49 AM.png

  • Then select Scripts from the left pane and add the Mass Deployment script to the policy.

  • Ensure that the Priority is set to before so the Mass Deployment settings are enabled before the installer is ran.

Screenshot 2022-12-16 at 9.40.46 AM.png

  • Next, select the User Interaction tab from the top and create the messages you would like the user to see when PortBlocker is being deployed to their machine

Screenshot 2022-12-16 at 12.49.38 PM.png

  • Lastly, select Scope and add the appropriate Deployment Targets

  • Save the Policy

Screenshot 2022-12-16 at 9.51.07 AM.png

Use ‘sudo jamf flushpolicyhistory’ and ‘sudo jamf policy’ to clear the old policy and download the latest that includes the Full Disk Access config profile, otherwise wait for the policy to refresh and check the machine in fifteen minutes for PortBlocker.