Skip to main content

Hi

I have a bunch of Lab Macs that were running with a Configuration Profile with Restrctions set up on them.

Up until now everything worked just fine.

Now however, There is nothing I can do. The profile is set to be excluded for my Administrator account, but it doesnt get excluded. I have set the profile to be un-assigned from the Macs, and it is still there. I have tried adding a different profile and this too fails. As the profile is for Lab Macs, there is a restriction in it for System preferences, so I cant access the Profiles pane to bin them from there.

Any suggestions for getting access back to the Mac without erasing it?

Try sending a blank push to the device under Computer > Management and check the logs to ensure that APNS communication is occurring in Event Logs.

 

If its more than one device not functioning with APNS then it could be a certificates issue.

Try sending a blank push to the device under Computer > Management and check the logs to ensure that APNS communication is occurring in Event Logs.

 

If its more than one device not functioning with APNS then it could be a certificates issue.


I suspect you are right, but which cert is wrong I am not sure. Apple Push cert was due in May so I have renewed it now. Not sure where any others might be to be able to check on them.

I suspect you are right, but which cert is wrong I am not sure. Apple Push cert was due in May so I have renewed it now. Not sure where any others might be to be able to check on them.


I have experienced a similar situation myself and the certs/chain of trust was somehow broken & once the APNS certs were renewed, it started communicating again.

You'll want to go into Settings > 'Push Certificates' and renew the main 'MDM Push Notification Certificate' - theres a little back and forth with Jamf & Apples portals but if its all devices not receiving/removing profiles, thats the first place to check.

I hide the profiles preference pane but I don't completely restrict access to it.  That has been effective for us. You can still get to it using the search function in System Preferences. I created a configuration profile with an Application & Custom Settings payload. Here's the plist text below:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>HiddenPreferencePanes</key> <array> <string>com.apple.preferences.configurationprofiles</string> </array> </dict> </plist>

Using this method you can hide any preference pane.

Terms & ConditionsCookie settingsAccessibility statement