- Jamf Nation Community
- Products
- Jamf Pro
- Re: Preventing removal of MDM Profile?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Preventing removal of MDM Profile?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2017 06:55 AM
Is there any way to prevent the removal of the MDM/management profile from a Mac, if the user is an admin? We usually lock the "Profiles" pref pane using a Config Profile, but I'm wondering if there's a way to keep the user from deleting the management profile if we unlock that pref pane? In my testing, I've not been able to stop an admin-level user from deleting whatever profiles they want.
Labels:
- Labels:
-
Settings and Security Management
Reply
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2017 07:01 AM
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2017 07:10 AM
Ah, yes...I should have known - is there anything that man doesn't know? :)
Thank you - I'll check out that post.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2017 07:18 AM
Okay, I've looked it over, and it looks as though it works only for manually installed config profiles. Is there a way to make this change to pre-existing profiles, such as the one that gets installed during JSS enrollment?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2017 09:08 AM
Try a smart group looking for MDM Enrollment Not Enrolled, and then scope a policy to run jamf manage to pull it back down.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-29-2017 11:44 AM
@dpertschi I'll give that a try - thank you!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-27-2018 07:20 AM
@jkarpenske did you ever get this working for pre-existing profiles? We're trying to get Jamf set up for our faculty, and password-protecting that profile sure would be nice...
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-14-2019 03:40 AM
I just found this thread and have a (maybe stupid) question:
from my understanding you have to add the code
<dict>
<key>Description</key>
<string>Enter the password in the RemovalPassword key to remove this profile</string>
<key>PayloadType</key>
<string>com.apple.profileRemovalPassword</string>
<key>PayloadUUID</key>
<string>CA7AE3B9-9A50-4596-A2F5-EFDE48AD4431</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>RemovalPassword</key>
<string>PasswordGoesHere!</string>
</dict>into the MDM profile so it can't be removed, right?
How am I doing this? I can't edit it in JAMF afaik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-24-2022 11:59 AM
Hello, I'm new to the JAMF world. Where can I find this script to modify?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-23-2024 05:56 AM
+1
Reply
