Jamf Now profile not removable

Philsto
New Contributor II

We are in the process of ramping up a new instance of Jamf Pro. We have some laptops which were previously enrolled in an older version of Jamf Now. The issue is that these laptops have been removed from the older Jamf Now, and the MDM profile still exists on the machines, and doesn't seem to be removable.

Jamf Now does not use the binary, so remove MDM profile or framework is not an option in terminal.

I have tried the profiles remove -forced -all command to no avail.

This is a development machine, and flashing and re-imaging is absolutely a last resort.

Anyone have any ideas or solutions?

5 REPLIES 5

larry_barrett
Valued Contributor

Can you try to re-enroll?

jamf enroll -prompt.

Interested to know the answer.

Philsto
New Contributor II

@larry_barrett Jamf now does not use the binary, no terminal commands....

mainelysteve
Valued Contributor II

@Philsto See this. The only difference I would make is don't nuke the entire ConfigurationProfiles directory instead remove anything under the Store folder so it would be rm -rf /var/db/ConfigurationProfiles/Store in that instance. If you're booted into the recovery partition make sure you're pointing to the correct volume i.e. it should be rm -rf /Volumes/Macintosh HD/var/db/ConfigurationProfiles/Store

Philsto
New Contributor II

@mainelysteve The weird thing is that there is no "Store" directory. All I see is:

-rw-r--r-- 1 root wheel 0 Jun 24 14:53 .profilesAreInstalled
drwxr-xr-x@ 9 root wheel 288 Jul 23 15:45 Settings
drwx------ 3 root wheel 96 Aug 2 10:25 Setup

Philsto
New Contributor II

OK, spoke too soon, wasn't seeing it as SIP was not disabled yet, duh. It worked after that on a test machine, but still have to try it on the affected machine, which is remote....