I have an iMac that we need removed from our inventory and want to remove it from DEP. I have "Disowned" in deply.apple.com however the MDM prompt is still coming up on this machine. Are there other steps we need to take to prevent this from happening? I should not that this machine has never been in Casper nor does casper have any record of it's serial number. Do we need to reformat after removing from DEP?
Hi, I thought DEP only kicks in when the device goes through the initial setup assistant. Wiping it after disowning in DEP should be enough if thats the case.
When are you seeing the MDM prompt?
@davidacland The new owner of this machine is seeing this prompt while using the machine (after being logged in) via "Notifications". @CasperSally Yes, I have refreshed in DEP in JSS, however I should note that this machine has never been enrolled in our JSS before. In fact, this machine is from 2011, 2 years before we even implemented DEP. I'll suggest reformatting as this may be what is needed perhaps... Thanks for the input
If anyone has figured out how to stop DEP enrollment prompts from appearing on Macs whose serial numbers have been removed from DEP, without reformatting the Mac, please share. I thought at first that forcing Apple Setup Assistant to rerun, by deleting /var/db/.AppleSetupDone and restarting, was getting the job done. This method seemed to be working on Yosemite, but with El Cap I've seen the DEP prompt appear even after removing from DEP and rerunning Apple Setup Assistant.
Following up on post earlier today: Removing local user account(s) that were present on the Mac at the time of DEP enrollment seems to have finally gotten rid of the messages on El Capitan, without reformatting.
This worked for us but do keep in mind that you must disable or workaround SIP in order to move or work with these files. Run..
sudo launchctl unload -w /System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist
If those files are not in /System/Library/LaunchAgents/ or /System/Library/LaunchDaemons/ respectively, then it cannot load it.
alternatively you can also move these files:
to /Library/LaunchAgentsDisabled and /Library/LaunchDaemonsDisabled
To check that the notification will not popup anymore, you want to run the following command:
launchctl list | grep enroll
If it returns nothing, then you're golden.