Help

Jamf Compliance Editor - Unable to remove preference

mezrow
New Contributor

Posted on ‎01-16-2024 02:06 PM

I need some help fixing an issue.  During testing of Jamf Compliance Editor we applied a configuration for the login window to show username and password, versus the normal choice of being able to select the username.  However, we have one user, who was erroneously enrolled, and we deleted that policy instead of removing the MacBook from the scope (rendering the policy still applied but unable to be removed from scope).  Once the policy was deleted, we are unable to set the login screen back to defaults.  I have attempted to create the policy again in Jamf Compliance Editor and apply to the MacBook, and while the logs show it applied, removing it does not restore the ability for the login screen to show the users.  

Is there something else I should be doing to restore the login screen icons? Is there a terminal command that can be run?  Note that all of the other policies for Jamf Compliance have been removed successfully from the MacBook by removing the MacBook from the scope.

This is being done under Ventura.  Any help or insight is greatly appreciated.

0 Kudos
Reply
2 REPLIES 2

AJPinto
Honored Contributor III

Posted on ‎01-17-2024 04:45 AM

I believe the compliance editor deals mostly with Configuration Profiles, not policies. When you delete a Configuration Profile, it should automatically be removed from the device. You can check /Library/Managed Preferences and see if you see the plist for the Configuration Profile, also check System Settings > Profiles on the device. If it was a Policy, it was likely a script changing a plist setting. You would need to identify what that script did and undo it.

 

Updating to Sonoma may also fix the issue, as major OS updates knock a lot of unmanaged settings back to default. Ultimately, it may be totally possible macOS has to be reinstalled. There is a reason we don't test in production, and unfortunately sometimes we make mistakes. 

 

This is a quote I use a lot that Apple does not widely advertise. You should never run N-1 macOS builds as apple does not patch all known security vulnerabilities on them.

Note: Because of dependency on architecture and system changes to any current version of Apple operating systems (for example, macOS 14iOS 17, and so on), not all known security issues are addressed in previous versions (for example, macOS 13iOS 16, and so on).

About software updates for Apple devices - Apple Support

0 Kudos
Reply

obi-k
Valued Contributor III

Posted on ‎01-18-2024 04:54 AM

Was looking at the CIS Ventura guide. If you already removed the configuration profile, maybe try running the script in Terminal below, but this time set it to "false" instead of "true."

Or, what happens if you do it in the GUI?

Screenshot 2024-01-18 at 7.50.09 AM.png

 

0 Kudos
Reply