Help

MacOS update blocked even after removing jamf

Go to solution
luiscabrera
New Contributor

Posted on ‎11-12-2020 12:41 PM

Departing employees have the option to buy their computer equipment at a fraction of the cost. Our offboarding process includes removing JAMF and leaving a user account as an admin. We recently got a message stating that the user cannot upgrade their OS (the message shown is an old version of ours). It appears as if the restriction is kept in a local cache and not removed upon removal of JAMF. Any ideas on what are we missing during offboarding? 7a6792e1b3c14733a386425a11d9da1e

Labels:
0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
luiscabrera
New Contributor

Posted on ‎11-14-2020 05:36 AM

Thank you all. Yes, wiping is allways best and that´s the "regular" process. In this particular instance, it appears that only the profile was removed, which left the framework behind. We´ve asked the end-user to open Terminal and run "sudo jamf -removeFramework". The restriction is no longer appearing and problem has been solved. Thanks again.

View solution in original post

0 Kudos
Reply
5 REPLIES 5

Go to solution
sdamiano
Contributor II

Posted on ‎11-12-2020 01:00 PM

Honestly, you should be wiping the machine instead of removing the framework.

Letting the employee walk away with their user account is letting company property walk out the door. You should do a wipe command first before they take the machine.

Reply

Go to solution
mm2270
Legendary Contributor III

Posted on ‎11-12-2020 01:11 PM

Wiping is indeed best, since it ensures that the device is cleaned of anything that might have been on the device that is company related, including things like security software, productivity apps and so on. That being said, I don't actually see anything in the OP that says they are leaving the user account in place. It just states "Our offboarding process includes removing JAMF and leaving a user account as an admin."

"a user account as an admin" does not necessarily mean the same user account the person was using while an employee. It could be a new account.

Still, wiping is the best approach here, even though it can be a little more time consuming. I know there are some admins here on JN that have processes for off boarding that don't do a full wipe though, so there's no one right way really.

All that said, are you sure you ran a proper removeFramework command on the machine? As far as I know, the Restricted Software blacklist lives in a place that would get removed when doing a remove framework call, so it shouldn't still be popping up, unless you manually removed items and didn't use the command.

Reply

Go to solution
MLBZ521
Contributor III

Posted on ‎11-12-2020 05:41 PM

Yeah, the question here is how are you "removing JAMF"?

Are you sending a "Remove MDM Profile" MDM Command? That only removes the MDM Framework component. It does not remove the jamf binary and the local management Framework.

Reply

Go to solution
tkimpton
Valued Contributor II

Posted on ‎11-12-2020 10:32 PM

@MLBZ521 we wipe using erase and install, there is no way we remove the framework and give a machine away like that.

Reply

Go to solution
luiscabrera
New Contributor

Posted on ‎11-14-2020 05:36 AM

Thank you all. Yes, wiping is allways best and that´s the "regular" process. In this particular instance, it appears that only the profile was removed, which left the framework behind. We´ve asked the end-user to open Terminal and run "sudo jamf -removeFramework". The restriction is no longer appearing and problem has been solved. Thanks again.

0 Kudos
Reply