Jamf Deployed Legacy Managed Preferences. How to remove them?

McAwesome
Valued Contributor

We recently started deleting out old unused Sites in our Jamf instance as part of a routine cleanup. One of these sites happened to have set up some Managed Preference files back in the 10.9 days and deployed them to All Computers in the site. Once that site was deleted, the Managed Preferences Jamf stopped displaying 40 releases ago got dropped into the top level and kept its scope of "All Computers".

We've unscoped the Managed Preferences using the API, but it looks like they're still applying to end user's machines. Does anyone have a good method for forcibly removing Managed Preferences from machines without affecting Configuration Profiles? The best thing I can come up with is running

  • rm -rf /Library/Managed Preferences
  • dscl . -delete /Computers/localhost
  • dscl . -delete /Users/<<USERNAME HERE>> dsAttrTypeStandard:MCXSettings

and rebooting. This seems to work, but I'm not sure if this is the ideal way to handle this.  For one, it requires the end user to reboot to take full effect, and that may as well be pulling teeth.  Plus that last command needs to be done per-account, which means we'd have to script something up to iterate through each account on the machine.

Is there a good way to clear Managed Preference files from modern macOS releases?

1 ACCEPTED SOLUTION

McAwesome
Valued Contributor

The solution we were able to find was to run the command 

dscl . -mcxdelete /Computers/localhost

on all affected machines.  It looks like this command is no longer in the dscl documentation page, but it is still recognized by macOS 12.

View solution in original post

2 REPLIES 2

Waldroup151
New Contributor II

I sort of forgot about the PIA of user-approved MDM which is indeed a major factor in the process.

My challenge will be similar to your 'gotcha' - figuring out a way to scope the manually-enrolled Macs that won't interfere with DEP emrollments and legacy imaging workflows. www.myaarpmedicare.com Login

McAwesome
Valued Contributor

The solution we were able to find was to run the command 

dscl . -mcxdelete /Computers/localhost

on all affected machines.  It looks like this command is no longer in the dscl documentation page, but it is still recognized by macOS 12.