Apple DEP device removal process

rickwhois
Contributor

I have an iMac that we need removed from our inventory and want to remove it from DEP. I have "Disowned" in deply.apple.com however the MDM prompt is still coming up on this machine. Are there other steps we need to take to prevent this from happening? I should not that this machine has never been in Casper nor does casper have any record of it's serial number. Do we need to reformat after removing from DEP?

9 REPLIES 9

CasperSally
Valued Contributor II

did you try a refresh in the JSS DEP settings?

davidacland
Honored Contributor II
Honored Contributor II

Hi, I thought DEP only kicks in when the device goes through the initial setup assistant. Wiping it after disowning in DEP should be enough if thats the case.

When are you seeing the MDM prompt?

rickwhois
Contributor

@davidacland The new owner of this machine is seeing this prompt while using the machine (after being logged in) via "Notifications". @CasperSally Yes, I have refreshed in DEP in JSS, however I should note that this machine has never been enrolled in our JSS before. In fact, this machine is from 2011, 2 years before we even implemented DEP. I'll suggest reformatting as this may be what is needed perhaps... Thanks for the input

chris_miller
Contributor

I've actually had this happen with multiple iPads. We are refreshing about 9000 iPad 2s. Many of the ones I've disowned from DEP and removed from JSS are still having that issue.

egoff
New Contributor II

If anyone has figured out how to stop DEP enrollment prompts from appearing on Macs whose serial numbers have been removed from DEP, without reformatting the Mac, please share. I thought at first that forcing Apple Setup Assistant to rerun, by deleting /var/db/.AppleSetupDone and restarting, was getting the job done. This method seemed to be working on Yosemite, but with El Cap I've seen the DEP prompt appear even after removing from DEP and rerunning Apple Setup Assistant.

egoff
New Contributor II

Following up on post earlier today: Removing local user account(s) that were present on the Mac at the time of DEP enrollment seems to have finally gotten rid of the messages on El Capitan, without reformatting.

Juan_Taveras2
New Contributor

does not work for me on sierra.
REmoved the account and created a new one.. moved all the docs over..
The only solution seems to back it up and format the mac after DEP removal from apple

szt
New Contributor II

This worked for us but do keep in mind that you must disable or workaround SIP in order to move or work with these files. Run..

sudo launchctl unload -w /System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist

If those files are not in /System/Library/LaunchAgents/ or /System/Library/LaunchDaemons/ respectively, then it cannot load it.

alternatively you can also move these files:
/System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist
/System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist

to /Library/LaunchAgentsDisabled and /Library/LaunchDaemonsDisabled

To check that the notification will not popup anymore, you want to run the following command:
launchctl list | grep enroll

If it returns nothing, then you're golden.

rguerrerog
New Contributor

Hi guys, what exactly do this?
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist

I try both but only second one works.