Jamf Nation Community

Chuey · ‎12-23-2016

I'm currently running 9.9.6 and just spun up a test 10.12.2 machine. In my config profile I have this enabled:

Computer administrators may refresh or disable management

When I log into the computer holding down option/shift I select to disable all managed settings. When I open system preferences everything I have restricted is still greyed out for me despite "over riding" those settings.

Thoughts? Thanks in advance.

davidacland · ‎12-23-2016

I've never had much success with that option. I normally set certain users and/or groups to be excluded from the scope.

bentoms · ‎12-24-2016

This has been a long time member in the "known issues" of jamf releases, the below is taken from 9.97.<number vomit>... but has been in the known issues for a while.

[D-005882] The Computer administrators may refresh or disable management option in a Login Window payload of a macOS configuration profile is not applied at login.

RobertBasil · ‎12-27-2016

We have had the same issue. One thing I've found that works since all of our iMacs are on ethernet connections I just unplug the connection and then hold down the shift key while logging in as an admin.

millersc · ‎12-27-2016

This has been a PITA defect, but we found a work around that still is working. This may not be suited for your environment but is working for ours.

Settings -> Computer Management -> Check-in -> Login/Logout Hooks -> uncheck "Enable user-level Managed Preferences"

This setting and your setting in the profile has worked well for our 10.9 - 10.11.x devices, both mobile and desktops. Using the shift key seems to be the most consistent. Since we are pushing for more Profiles and less MCX, it's becoming less of an issue. Those still reliant on MCX will find issues doing this.

Jamf Nation Community

Cannot disable management as Admin