Posted on 03-17-2023 09:40 AM
I am trying to remove stale / inactive mobile acct from the workstations after a certain time period.
I tried a script but for some reason it also seems to delete the accts that are not in the time range ( e.g. set to delete acct after 14 day and the current user that logged in yesterday gets deleted also )
I am trying to use a Config Profile > Mobility > Account Expiry payload but whenever I save the CP, it reverts back to 0 Hours.
I've downloaded the .mobileconfig file and checked with a CP editor and it also shows 0 sec.
I've created an new .mobileconfig file with 604800 ( 7 days ) and upload to Jamf Pro. The uploaded CP shows up with the correct duration ( 7 days ) but when I click Save, it reverts back to 0 hours.
Solved! Go to Solution.
Posted on 03-21-2023 05:52 PM
@sgiesbrecht Do you have a signing certificate (e.g. on from an Apple developer account) Hancock can use to re-sign the mobileconfig? If not you can create a signing certificate using Jamf Pro's built-in CA by following this article: https://learn.jamf.com/en-US/bundle/technical-articles/page/Creating_a_Signing_Certificate_Using_Jam...
03-17-2023 10:01 PM - edited 03-17-2023 10:02 PM
@sgiesbrecht I'm seeing the same behavior in the Jamf Pro console GUI for the Mobility payload, and it doesn't appear that the iMazing Profile Editor supports the MobileAccount MCX payload. You could try exporting a .mobileconfig with the Mobility payload, un-signing it (the Hancock app is useful for that), editing the cachedaccounts.expiry.delete.disusedSeconds to the value you want, signing the edited .mobileconfig, then uploading that to Jamf Pro.
03-21-2023 02:10 PM - edited 03-21-2023 02:11 PM
I unsigned the mobileconfig file with Hancock.app and made the changes but could not resign it.
I imported the unsigned mobileconfig file but it reverted back to 0 hours
Posted on 03-21-2023 05:52 PM
@sgiesbrecht Do you have a signing certificate (e.g. on from an Apple developer account) Hancock can use to re-sign the mobileconfig? If not you can create a signing certificate using Jamf Pro's built-in CA by following this article: https://learn.jamf.com/en-US/bundle/technical-articles/page/Creating_a_Signing_Certificate_Using_Jam...
03-22-2023 01:22 PM - edited 03-22-2023 01:22 PM
exporting the mobileconfig file
manually ( didn't need to use Hancock.app as iMazing will sign it also ) updating the settings
uploading the new signed mobileconfig into Jamf Pro worked.
A painful, long way to do for my support team ( so it will be just me doing the signing )
Hopefully Jamf will fix