Help

Can macOS Admin users bypass Jamf Configuration Profiles?

connorb
New Contributor

2 weeks ago

When testing an app uninstallation, I deleted a PLIST containing the app's Managed Settings that were originally pushed down by a Configuration Profile.

The profile pushed down after the next Inventory Update, but the Managed Settings did not take effect again until I rebooted my computer.

My main question is, can other Configuration Profile types be bypassed by similar means? Restrictions, Managed Login Items, Passcode settings, etc?

0 Kudos
3 REPLIES 3

jamf-42
Valued Contributor II

2 weeks ago - last edited 2 weeks ago

no, ish.. a local admin can effect some config in the current session, but config profiles from JAMF are immutable. More details on what and where you uninstalled the app would be useful.

0 Kudos

easyedc
Valued Contributor II
In response to jamf-42

2 weeks ago

No, ish is a fair statement.  There are some ways that you can bypass configuration profiles by deleting the directory that the profiles are stored in. Changes can then be made, though upon any reboot would get reverted back to whatever setting is pushed down from Jamf.  That doesn't prevent users from doing some decent damage while things are in limbo.  There's also the classic remove Jamf outright.

AJPinto
Honored Contributor II

2 weeks ago

You can have MDM Configured to allow Admins to remove Configuration Profiles in your Prestage. Aside of that, no, Configuration Profiles are protected by System Integrity Protection and cannot be tampered with.

0 Kudos