- Jamf Nation Community
- Products
- Jamf Pro
- Edit Existing Configuration Profiles
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2019 09:55 AM
So I have existing Config Profiles that were created before my time as the JAMF admin. They are outdated and need to be changed and renamed. If I update them will JAMF simply overwrite the existing or will it add a new one? If I delete a Profile does it remove it from the Mac? If it adds a new one what is the best way to remove the old ones?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2019 11:00 AM
@mattw421 Apple will enforce the most restrictive setting if you happen to have two profiles with the same preference domain. So if you run into timing issues where you may not want to remove/unscope the original profile yet, you can always just push out the new one (depending on your needs).
Example: If an existing profile allows Touch ID to unlock the Mac, and you push a second profile that disables Touch ID, then it's disabled. If an existing profile allows iCloud and a new profile is scoped (that also allows iCloud), then nothing changes.
Reply
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2019 10:12 AM
I am in the same boat, old Config Profiles and no documentation as to why they were created in the first place. What I am doing with a couple of test computers is excluding them from scope to then test functionality. Outdated Config Profiles will then be completely un-scoped which does remove them from the Macs. Because I was not here when the bulk of our JSS was configured, I want a safety net so I don't delete anything that I can't find an answer for... yet.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2019 10:16 AM
@tomhastings So if I un-scope the configuration profile then it removes it? That does help. I could in turn then create the one I want and un-scope the rest potentially giving me the same affect.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2019 10:31 AM
Yes, un-scope will remove it from at inventory check-in.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2019 10:56 AM
Un-scoping a machine level Configuration Profile can remove it much sooner than an inventory check-in as it's the Apple Push Notification Service that does the removal, not the Jamf binary
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-15-2019 11:00 AM
@mattw421 Apple will enforce the most restrictive setting if you happen to have two profiles with the same preference domain. So if you run into timing issues where you may not want to remove/unscope the original profile yet, you can always just push out the new one (depending on your needs).
Example: If an existing profile allows Touch ID to unlock the Mac, and you push a second profile that disables Touch ID, then it's disabled. If an existing profile allows iCloud and a new profile is scoped (that also allows iCloud), then nothing changes.
Reply
