Posted on 12-24-2016 11:10 AM
We have an issue where some machines had a non jamf MDM profile which would cause jamf quick add to fail on install. It'll still get added to jamf server but wont have full capability w/out jamf's mdm profile. I wrote a policy (script) to remove all policies, which works, but then I need the jamf policies to be added back, so:
Question: How can we have jamf re-add the JAMF profiles again? We tried to re-enroll (jamf enroll) but that caused user issues as it asks for auth (ie:prompt). I thought when jamf runs inventory again it'll see that is missing the profile and redownload/install them but it doesn't seem to be doing that. Is there a way to run a command to have jamf re-add the profiles back?
Any help would be appreciated.
Posted on 12-24-2016 01:04 PM
It would have been better if you could have used the existing MDM profile to install the quick add (you would have had to add the post install script you created).
But, seeing that they are already removed, you could use JAMF's Recon if the computers still have a local admin account (if you had that setup). Other than that, you could have the users do the enrollment via your JAMF Pro/Casper URL with /enroll -- this would allow them to install the quick add (which would bring the computer back under management). --
There is no way to really have JAMF re-add the JAMF Profiles back because the actual connection to the MDM Server is broken once the MDM Profile is removed.
Hope this helps!
Jared
Posted on 12-26-2016 06:56 PM
Jamf support recently provided me with this script, which will remove all existing config profiles and re-apaply the MDM framework, and ultimate all scoped profiles. We provide it to our help desk staff via Self Service when assisting users.
#!/bin/sh
jamf removeMDMProfile
rm -rf /var/db/ConfigurationProfiles
sleep 20
jamf mdm
sleep 20
jamf manage
Posted on 12-27-2016 08:06 AM
perfect - let me try this - thanks for posting it, @ooshnoo
Posted on 12-27-2016 08:40 AM
@ooshnoo running jamf removemdmprofile produced:
Error installing the computer level mdm profile: profiles install for file:'/Library/Application Support/JAMF/tmp/mdm.mobileconfig' and user:'root' returned 100 (Your computer is already enrolled with an MDM server. It can be enrolled with only one MDM server at a time.)
Problem installing MDM profile.
instead used:
sudo /usr/bin/profiles -D -f
then when I tried:
sudo jamf manage
The management framework will be enforced as soon as all policies are done executing.
then I ran sudo jamf recon which seemed to close it out neatly
not quite sure which one cleared it up. I'm leaning towards sudo /usr/bin/profiles -D -f
Posted on 12-27-2016 10:12 AM
@uliy Do you have an MDM profile from other than JAMF. . . that could be causing your issue.
Posted on 12-27-2016 04:08 PM
@jared_f yes that's what led to this issue (non jamf mdm). resolved now given script above and help from those on thread. Thanks, all!