Help

JAMF unenroll -verbose?

Lou_Boncek
New Contributor

Posted on ‎02-20-2013 08:59 AM

I need to unenroll about 200 computers. Other than clicking on the "unenroll" icon on each one individually from invnetory, there must be a simple command I just can not locate. I want everything else to stay as it is, just unenroll.
Lou Boncek
Liverpool Central School District

0 Kudos
Reply
5 REPLIES 5

mm2270
Legendary Contributor III

Posted on ‎02-20-2013 09:47 AM

I don't think there's an exact way to do what you want, although, are you just trying to 'un-manage' all those Macs from the JSS? its an odd request, but if all you want is for them to not be managed, you can try it from the inventory page. Pull up all the Macs you want to do this to using an Advanced Search, and at the bottom under the "Take Action on Results" menu, choose "Edit Management Accounts" In the view that comes up, try entering blank values for the username and password fields. If it even allows that to happen, doing that may cause them to become unmanaged, but I'm really not sure. Worth a shot though.

Edit: There is also a 'removeFramework' flag for the jamf binary you can use as well. But that actually gets rid of all local pieces of the JAMF product, like the /Library/Application Support/JAMF directory, the jamf binary, etc, which all combined help manage the Mac. It will, in essence, un-enroll the Mac but leave the inventory record intact on the JSS. Would that help you?

0 Kudos
Reply

Chris_Hafner
Valued Contributor II

Posted on ‎02-20-2013 01:17 PM

We've got a few processes dedicated to this, but I'm interested to see what you are trying to accomplish specifically. Are you running those systems out of the JSS completely or partially?

0 Kudos
Reply

kstrick
Contributor III

Posted on ‎02-25-2013 02:54 PM

How about the below?
(You could push out 'jamf enroll -noManage' as a command via policy, or create a script and push... )

$ sudo jamf help enroll
Usage: jamf enroll [-prompt | -invitation] [-noRecon] [-noManage]

-prompt Prompts for JSS and SSH credentials.

-invitation Uses an invitation ID for credentials instead of a user name and password.

-noRecon Stops enroll from acquiring inventory.

-noManage Stops enroll from enforcing the management framework.

you could also do

"jamf removeFramework' which removes the binary, daemons, etc... (mm2270 mentioned above)

0 Kudos
Reply

ktappe
New Contributor III

Posted on ‎01-17-2014 03:19 PM

I know I'm late to this party but I also needed to unenroll Macs. The reason is that we have two JSS's, one for Development/Testing and one for Production. We want to be able to swap our test Macs back & forth as needed. So I wrote a script to do that.

For unenrollment, basically you should do these steps:
1) Copy/preserve /Library/Preferences/com.jamfsoftware.jamf.plist
2) Copy/preserve /usr/sbin/jamf
3) Run "sudo jamf removeFramework"
4) Restore the files you saved in steps 1 & 2.

You're unenrolled. You should be able to re-enroll at any time as long as you are not requiring a certificate to enroll. Just in case you have that option checked, run this command to turn it off:

defaults write /Library/Preferences/com.jamfsoftware.jamf allowInvalidCertificate -boolean true

You can take it further as I did and use the defaults write command to change the URL of your JSS, so you can swap back and forth. Ping me if you need the whole script, or maybe I'll just post it on my blog.

Hope this helps,
-Kurt

0 Kudos
Reply

aalberty
New Contributor III

Posted on ‎01-05-2018 06:28 AM

If you could share the full script, I would appreciate it. Thanks!

0 Kudos
Reply