Mobily Account Expiration Always reverts to 0 Hours After Save

sgiesbrecht
Contributor III

I am trying to remove stale / inactive mobile acct from the workstations after a certain time period.

I tried a script but for some reason it also seems to delete the accts that are not in the time range ( e.g. set to delete acct after 14 day and the current user that logged in yesterday gets deleted also )

I am trying to use a Config Profile > Mobility > Account Expiry payload but whenever I save the CP, it reverts back to 0 Hours.

I've downloaded the .mobileconfig file and checked with a CP editor and it also shows 0 sec.

I've created an new .mobileconfig file with 604800 ( 7 days ) and upload to Jamf Pro. The uploaded CP shows up with the correct duration ( 7 days ) but when I click Save, it reverts back to 0 hours.

1 ACCEPTED SOLUTION

sdagley
Esteemed Contributor II

@sgiesbrecht Do you have a signing certificate (e.g. on from an Apple developer account) Hancock can use to re-sign the mobileconfig? If not you can create a signing certificate using Jamf Pro's built-in CA by following this article: https://learn.jamf.com/en-US/bundle/technical-articles/page/Creating_a_Signing_Certificate_Using_Jam...

View solution in original post

4 REPLIES 4

sdagley
Esteemed Contributor II

@sgiesbrecht I'm seeing the same behavior in the Jamf Pro console GUI for the Mobility payload, and it doesn't appear that the iMazing Profile Editor supports the MobileAccount MCX payload. You could try exporting a .mobileconfig with the Mobility payload, un-signing it (the Hancock app is useful for that), editing the cachedaccounts.expiry.delete.disusedSeconds to the value you want, signing the edited .mobileconfig, then uploading that to Jamf Pro.

I unsigned the mobileconfig file with Hancock.app and made the changes but could not resign it.

I imported the unsigned mobileconfig file but it reverted back to 0 hours

sdagley
Esteemed Contributor II

@sgiesbrecht Do you have a signing certificate (e.g. on from an Apple developer account) Hancock can use to re-sign the mobileconfig? If not you can create a signing certificate using Jamf Pro's built-in CA by following this article: https://learn.jamf.com/en-US/bundle/technical-articles/page/Creating_a_Signing_Certificate_Using_Jam...

sgiesbrecht
Contributor III

exporting the mobileconfig file
manually ( didn't need to use Hancock.app as iMazing will sign it also ) updating the settings
uploading the new signed mobileconfig into Jamf Pro worked.  
A painful, long way to do for my support team ( so it will be just me doing the signing )
Hopefully Jamf will fix