How to remove all policies without wiping the device

gore_jperry
New Contributor II

Hi everyone,

I'm in a bit of an odd situation. Hoping someone will have some ideas on what I can do.

I have a user with a Macbook who has been let go of the organization. Without getting into details, they are keeping their equipment. I want to be able to pull all of the policies/configurations out of the laptop and then remove it from Jamf and remove it from DEP. Unfortunately I wont be able to get my hands on the device as they are remote. We're not concerned with the user data on the laptop so it would be company specific applications and policies that we deployed.

Has anyone done this before? If so, I'd love to hear how you accomplished it. If not, then if you have any ideas, it would be appreciated.

6 REPLIES 6

allanp81
Valued Contributor

@gore.jperry If the device is still able to check in offsite then in theory it's straight forward. If it's not then you could make a simple pkg that runs some post install scripts to remove what you want removed and then just give it to the user to run?

gore_jperry
New Contributor II

@allanp81 Yes it is still able to phone "home" and update. Is it as simple as just placing it in the exclusion list? I have another mac here I can try to replicate the procedure.

Chris_Hafner
Valued Contributor II

This should be pretty easy. Make sure to release the computer in Business Manager or School Manager. Then get the unit to uninstall your corporate software and then run a jamf removeFramework command. In my case, I have to off-board students in the way you're describing (sans the DEP part). I have a policy that loads a script into the /tmp directory on top of removing each of our Institutionally owned software items. This script does a number of things to clean up after the various uninstallers. On top of that, when finished, it calls the removeFramework command and another connects to our JAMF server to remove its own computer record. Beyond that, the unit will either erase the script the next time it reboots, or you could force it to reboot which also clears out hat script if necessary.

gore_jperry
New Contributor II

Thanks @Chris_Hafner for the suggestion. Do you remove the self-serve via the script or will it remove once you have run the removeframework command?

tcandela
Valued Contributor II

I just ran removeframework from CLI

here is the results i see

Removing scheduled tasks...
Removing self service...
Removing JAMF Preference file...
Removing JAMF Daemon Log files...

Chris_Hafner
Valued Contributor II

@gore.jperry As @tcandela mentions, Self-Service does get removed with this command. I do have a line in the script that quits self-service though.