- Jamf Nation Community
- Products
- Jamf Pro
- Re: How to remove all policies without wiping the ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to remove all policies without wiping the device
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-25-2019 07:40 AM
Hi everyone,
I'm in a bit of an odd situation. Hoping someone will have some ideas on what I can do.
I have a user with a Macbook who has been let go of the organization. Without getting into details, they are keeping their equipment. I want to be able to pull all of the policies/configurations out of the laptop and then remove it from Jamf and remove it from DEP. Unfortunately I wont be able to get my hands on the device as they are remote. We're not concerned with the user data on the laptop so it would be company specific applications and policies that we deployed.
Has anyone done this before? If so, I'd love to hear how you accomplished it. If not, then if you have any ideas, it would be appreciated.
Labels:
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-25-2019 07:43 AM
@gore.jperry If the device is still able to check in offsite then in theory it's straight forward. If it's not then you could make a simple pkg that runs some post install scripts to remove what you want removed and then just give it to the user to run?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-25-2019 10:20 AM
@allanp81 Yes it is still able to phone "home" and update. Is it as simple as just placing it in the exclusion list? I have another mac here I can try to replicate the procedure.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-25-2019 10:41 AM
This should be pretty easy. Make sure to release the computer in Business Manager or School Manager. Then get the unit to uninstall your corporate software and then run a jamf removeFramework command. In my case, I have to off-board students in the way you're describing (sans the DEP part). I have a policy that loads a script into the /tmp directory on top of removing each of our Institutionally owned software items. This script does a number of things to clean up after the various uninstallers. On top of that, when finished, it calls the removeFramework command and another connects to our JAMF server to remove its own computer record. Beyond that, the unit will either erase the script the next time it reboots, or you could force it to reboot which also clears out hat script if necessary.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2019 07:06 AM
Thanks @Chris_Hafner for the suggestion. Do you remove the self-serve via the script or will it remove once you have run the removeframework command?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2019 07:37 AM
I just ran removeframework from CLI
here is the results i see
Removing scheduled tasks...
Removing self service...
Removing JAMF Preference file...
Removing JAMF Daemon Log files...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-28-2019 09:40 AM
@gore.jperry As @tcandela mentions, Self-Service does get removed with this command. I do have a line in the script that quits self-service though.
