Posted on 07-10-2017 06:13 AM
Afternoon all - so, a bit stumped here.
I created a config profile that had settings such as external disks disabled, no airdrop etc, no access to Users & Accounts and applied to all at computer level (mistake..)
Realised I had made a mistake when I then tried to plug in a new machine to image and I couldn't read the disk on my own iMac. So I created a smart group with some Macs I wanted to exclude from the profile, applied it to the Config, and tried again - nothing.
Turns out the modifications I was making to the profile did not affect my Mac. I then did a stupid thing and deleted the config - thinking it may remove it from the Macs after a restart and policy update - nothing.
I now have about a hundred Macs (inc several used for admin purposes) for which I would like to be able to access certain (now) blocked categories of Sys preferences, and certain Macs I would like to build from using thunderbolts - however they all have my default security profile on there, with seemingly no way to remove it without doing something like sudo jamf removeFramework (which would remove all of the jamf framework, profiles and all) or using sudo mv to move the profiles folder...which would remove profiles I want to keep
Is there any way around this? I've seen a lot of scripts that don't seem to make sense. And I've tried navigating to /var/db/Configuration Profiles using terminal and the ls command, but none of the profiles on the machine are listed there...
Any help appreciated, I would like to not tear down all the Macs in my inventory to solve this
Edit - Update
To make things worse - the previously deleted Security Profile still seems to be perpetuating...I plugged a Mac in that did not have it ...checked that I could access Users & Groups and mount an external disk...it worked fine, then 5 minutes later, I'm unable to do either and my 'Default Security' profile has appeared on the machine
What the hell can I do!
I've tried removing (what I think) is the profile via terminal via the profile identifier....I get a message saying the profile is unable to be removed
Posted on 07-10-2017 12:28 PM
You can try "sudo jamf removeMdmProfile" which should remove any managed preferences without removing the framework. This also may help with stuck profiles that won't go away. You can add the MDM profile back in which will enable management again with "sudo jamf mdm"
Another thing you can try (if you enabled it) is to hold down "Shift" as you login as an administrator to disable the management settings. That should let you in to the Sys Prefs and do other work as needed, at least as a work around.
Good luck!
-Dan