Posted on 04-01-2019 02:36 AM
I would like to submit a small challenge. Thank you not to laugh :)
Macs are installed in DEP mode, MDM profile mandatory, user can not remove MDM profile.
I create a configuration profile with a proxy setting.
I activate "Enable Automatic Proxy Configuration" and in the "Automatic Proxy Configuration URL" (because it's required) I enter the URL but I make a mistake. This URL does not exist. I send the configuration profile to a Mac group (because I've not seen my mistake :)
These Macs end up with a bad proxy configuration and no longer have network access. (Proxy settings are enabled on all network interfaces.)
As a result, these Macs can no longer receive Apple Push notifications and can no longer update or delete this configuration profile. We can not delete the MDM profile ...
Is there a solution other than making a complete wipe of all these Macs?
Posted on 04-01-2019 03:34 PM
Can you create a "C" name entry in your DNS to point to the correct proxy?
Posted on 04-02-2019 04:38 AM
Tried but doesn't seems to work, no network...
Is there a way to bypass or delete enforced Proxies Configuration Profile? or maybe another way to access to network?
Posted on 04-02-2019 04:40 AM
I make it clear that it is not an April Fool... :o))
Posted on 04-02-2019 07:21 PM
Can you manually add another network? Say either a wired or wireless one with direct access.
It doesn't sound like the proxy is the only problem, can you ping the proxy using the "C" name from one of the faulty machines? If you cant access it (most times ping will tell you) you cant read it.
Posted on 04-03-2019 04:54 AM
Yes, I can add network interface, but the proxy setting seems to be applied to all interface, also new one. I've also tried to connect to an iPhone with shared connexion, nothing happens.
Yes it's the proxies configuration profile, I've tried on a lab machine, this cut all network access. The only way on that machine was to remove MDM profile and reinstall it. But I cannot remove it the others. I think the only way is to wipe the mac.
I cannot ping the proxy because the proxy URL doesn't exist. It was an error.
I'm a little bit affraid because if there is any network error like this happens from an enforced configuration profile, without possibility of removing the MDM profile, and applied to all your device... it will be a disaster.
So in my case it's only some mac in lab. But I have reconsidered the possibility to authorize MDM profile to be removed :)
Thank you Graeme.