Manual Remove Jamf Components and Configs

gwhaley262
New Contributor III

Hi,

Are there best practices for manually removing JAMF from OS X? I have already attempted "sudo jamf -removeFramework". But it appears that the uninstall didn't complete cleanly. There are still left over components. If I attempt "sudo jamf -removeFramework" again it results in a "sudo: jamf: command not found". Anybody have any ideas? All are appreciated.

-Geoff

10 REPLIES 10

mm2270
Legendary Contributor III

So, how do you know it didn't do a clean uninstall? What's left that's making you think that?

slewis59
New Contributor

when using the "removeFramework" command i have found that a restart is required before it is effective in clearing settings

khurram
Contributor III
  • when we pass jamf removeFramework the prompt goes to the next blank line and sits there for ages.
  • If we type jamf recon same behaviour. when we pass jamf policy it says policy trigger is already running.
  • When we pass jamf manage it says management framework will be enforced as soon as all policies are done executing.

This keeps going on for days and we dont know how to manually remove jamf framework?

ryan_ball
Valued Contributor

The below code will attempt to remove all system level profiles manually, then do a jamf removeMdmProfile afterward. This will take care of profiles.

For the jamf binary itself, if you can't use the jamf commands, then the framework might not be there anyway. You may be able to install the framework using a QuickAdd package and modify the script to not enroll the device, then utilize the jamf removeFramework command after that.

#!/bin/bash

# Remove all system profiles
for identifier in $(/usr/bin/profiles -L | awk "/attribute/" | awk '{print $4}'); do
    /usr/bin/profiles -R -p "$identifier" >/dev/null 2>&1
done

# Remove all profiles installed by MDM
/usr/local/jamf/bin/jamf removeMdmProfile

exit 0

khurram
Contributor III

Before running the following snippet make a policy (using trigger) to install recon.app on the affected computer and then run the following script. So after the removal you can hook this Mac back to JAMF again.

The following is the script we are using and very much happy with it, I found some part of the script on jamfnation forums and some of it I have added in a chronological order to make sure most/ all of the JAMF framework is uninstalled including the profiles.

Chronological order means that the following snippets run in such a sequence that none of them fails due to unavailability of the prior snippet because it is deleted already.

#!/bin/bash

# Remove all system profiles
for identifier in $(/usr/bin/profiles -L | awk "/attribute/" | awk '{print $4}'); do
    /usr/bin/profiles -R -p "$identifier" >/dev/null 2>&1
done

echo “System Profiles Gone!”


# Remove all profiles installed by MDM
/usr/local/jamf/bin/jamf removeMdmProfile

echo "MDM Profile Gone!"

# Remove JAMF Framework
/usr/local/jamf/bin/jamf removeFramework
echo "jamf binary Gone!"

# Remove all Configuration Profiles
rm -rf /var/db/ConfigurationProfiles/
echo "Configuration Profiles folder Gone!"

# Remove all Profiles
/usr/bin/profiles -D -f -v
echo "Profiles Gone!"

exit 0

khurram
Contributor III

Sorry it is a duplication of the script above, delete this post if possible

#!/bin/bash

# Remove all system profiles
for identifier in $(/usr/bin/profiles -L | awk "/attribute/" | awk '{print $4}'); do
    /usr/bin/profiles -R -p "$identifier" >/dev/null 2>&1
done

echo “System Profiles Gone!”


# Remove all profiles installed by MDM
/usr/local/jamf/bin/jamf removeMdmProfile

echo "MDM Profile Gone!"

# Remove JAMF Framework
/usr/local/jamf/bin/jamf removeFramework
echo "jamf binery Gone!"

# Remove all Configuration Profiles
rm -rf /var/db/ConfigurationProfiles/
echo "Configuration Profiles folder Gone!"

# Remove all Profiles
/usr/bin/profiles -D -f -v
echo "Profiles Gone!"

exit 0

wifichallenges
Contributor II

Thank you for this. It didnt work, as i think becuase some of my profiles are done with DEP enrolled ones, it could not remove them all and threw errors. But it worked enough to give jamf a "fresh start" so to speak, and get my software deploying again.

To recover (put bacK) the machine into jamf, i ran the command:

profiles renew -type enrollment

also do note, that you wont be able to save that script on windows and run it on the mac. You get an error about the compiler not working. This is due to how windows and unix save text files, you need to save it in the unix way:

https://stackoverflow.com/questions/14219092/bash-script-and-bin-bashm-bad-interpreter-no-such-file-...

 

ambukg
New Contributor


#sudo jamf removeFramework

 

I have accidentally executed this and it removed the jamf from the MAC. how can I re-install again without MDM file? I am sorry as I am not from this background. 

 

profiles renew -type enrollment

AS i said, that should put it back and re enroll. If its DEP enabled, you cant fully remove the MDM, so you should still see some entries under profiles. 

rm10245
New Contributor

Just responding here as I had a similar issue where the jamf framework was removed without first entering the 'jamf removeMDMProfile' command which left behind config profiles, etc. The result was we could not join the computer back to JAMF and since the profiles was locked down (config profile / restrictions) we couldn't simply manually remove them. All attempts to rejoin the affected computer failed.

After contacting JAMF support and having the case escalated to an engineer I was basically told there was nothing I could do except reinstall which was frustrating to say the least.

Finding this post helped be resolve the issue by simply running the commands in the script above, of course excluding the removeFramework and removeMDMProfile since the jamf binary was already previously removed.

Afterwards I simply deleted the computer in JAMF and re-enrolled it.