sign in

Device Re-enrollment

Creation date: 7/20/2021 11:33 AM    Updated: 8/13/2024 10:53 AM    csrutil disable enrollment error jamf not enrolled removable mdm profile
Print...
sudo profiles renew -type enrollment


If you run into an error with resetting the enrollment: 

Non-removable MDM profiles cannot be officially removed without doing a full system wipe. This is a problem when you restore a system from Time Machine after you enroll it into the MDM, as the MDM will break, leaving you unable to re-enroll the machine.

Here's how to remove a non-removable MDM profile

  1. Boot the Mac into Recovery Mode (hold down the power button)
  2. Go to the Utilities menu and open Terminal and type: csrutil disable.
    This will disable SIP (System Integrity Protection).
  3. Reboot into the OS.
  4. Open terminal and type:

sudo rm -rf /var/db/ConfigurationProfiles/*
sudo mkdir /var/db/ConfigurationProfiles/Settings
sudo touch /var/db/ConfigurationProfiles/Settings/.profilesAreInstalled

  1. Reboot.
  2. Boot the Mac into Recovery Mode (hold down command+R during startup).
  3. Go to the Utilities menu and open Terminal and type: csrutil enable. This will re-enable SIP.
  4. Reboot into the OS.

The profile will be now removed and you will be able to re-enroll the Mac to your MDM.

Source : https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe

Get help for this page Powered by Jitbit HelpDesk