Configuration Profile Layout

Configuration profiles are XML files in Apple’s property list (plist) format. Understanding the structure helps you troubleshoot profiles or make manual adjustments.

Tip

You don’t need to create profiles manually. The generate_guidance.py -p script creates them for you. This page explains what’s inside.

---

Profile Structure Overview

A configuration profile has two main parts:

Section	Description
Profile-level keys	Metadata about the profile itself (name, organization, UUID)
PayloadContent	Array of payloads containing the actual settings

---

Profile-Level Keys

These keys describe the profile:

Key	Description
PayloadDisplayName	Name shown in System Settings
PayloadDescription	Description of the profile’s purpose
PayloadIdentifier	Unique identifier for the profile
PayloadOrganization	Organization that created the profile
PayloadUUID	Unique UUID for this profile
PayloadVersion	Version number (usually 1)
PayloadType	Always Configuration for profiles
PayloadScope	System or User
ConsentText	Terms displayed before installation

---

PayloadContent

The PayloadContent array contains one or more payloads. Each payload configures a specific feature or preference domain.

Each payload includes:

Key	Description
PayloadType	The preference domain (e.g., com.apple.screensaver)
PayloadIdentifier	Unique identifier for this payload
PayloadUUID	Unique UUID for this payload
PayloadVersion	Version number
(settings)	Domain-specific keys and values

---

Example: Screensaver Payload

This payload configures screensaver settings:

Key	Value	Description
PayloadType	com.apple.screensaver	The preference domain
askForPassword	true	Require password to unlock
askForPasswordDelay	5	Seconds before password required
idleTime	1200	Seconds before screensaver starts

---

Complete Example

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>ConsentText</key>
    <dict>
        <key>default</key>
        <string>THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM, OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY, CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.</string>
    </dict>
    <key>PayloadContent</key>
    <array>
        <dict>
            <key>PayloadIdentifier</key>
            <string>alacarte.macOS.all_rules.4413990e-a57b-4e0e-8902-59f780718b1c</string>
            <key>PayloadType</key>
            <string>com.apple.screensaver</string>
            <key>PayloadUUID</key>
            <string>4413990e-a57b-4e0e-8902-59f780718b1c</string>
            <key>PayloadVersion</key>
            <integer>1</integer>
            <key>askForPassword</key>
            <true/>
            <key>askForPasswordDelay</key>
            <integer>5</integer>
            <key>idleTime</key>
            <integer>1200</integer>
            <key>loginWindowIdleTime</key>
            <integer>1200</integer>
            <key>moduleName</key>
            <string>Sequoia</string>
        </dict>
    </array>
    <key>PayloadDescription</key>
    <string>Created: 2025-07-23
Configuration settings for the com.apple.screensaver preference domain.</string>
    <key>PayloadDisplayName</key>
    <string>[all_rules] com.apple.screensaver settings</string>
    <key>PayloadIdentifier</key>
    <string>com.apple.screensaver.all_rules</string>
    <key>PayloadOrganization</key>
    <string>macOS Security Compliance Project</string>
    <key>PayloadScope</key>
    <string>System</string>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadUUID</key>
    <string>8e4caf27-a378-4fca-b753-a87d8123636b</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
</dict>
</plist>

---

Next Steps

• How to Generate Configuration Profiles - Create profiles from your baseline
• What Are Configuration Profiles? - Learn more about profiles