"Computer administrators may refresh or disable management" - Setting in Login Window -> Options

david_edgar
New Contributor III

Just for anyone else who happens to stumble across this in 2023 and is like, "What does this do?" The answer is NOTHING and DOES NOT WORK. Quote from a ticket earlier that address this very question.

 

"Thank you for reaching out to Jamf Technical Support!

To summarize, the feature “Computer administrators may refresh or disable management” is not working.

Unfortunately, after some investigation, Jamf created a Ticket with Apple, but this appears this feature is not going to work. We tested on our end, and it is also not working.

At this point, we will be marking this case as inactive. If there are any additional questions or concerns, let us know, and reference this case number to allow for us to continue working from where we left off."

 

 

6 REPLIES 6

AJPinto
Esteemed Contributor

JAMF has tech debt? No, tell me its not so.

david_edgar
New Contributor III

That is not necessarily the point, but regardless, for anyone who is stumbling into these "settings" in 2023 and can't find a productive post...here you go. Productive post acquired.

Thank you!  

 

howie_isaacks
Valued Contributor II

I have never felt a need to use this but reading it, I wonder why anyone would want an administrator to "refresh or disable management". I assume it means local admins on the computer. What made you want to use or try this setting? I'm curious because I'm always finding reasons to start using settings I have not previously used before.

Think of it like this; you have a device with a lousy cert with the jamf MDM (very rare, but familiar with some Mojave macOS devices due to a defect that has been noted), and you limit profiles not to be altered. Well, now you are in a position where your MDM can't communicate with the device, and your admins can't remove the profiles affecting it negatively. Hence, you want to refresh or remove the MDM profiles and certs. The next step is wiping the device to get a good certificate back on the device and allow it to communicate properly.

Thanks for the context. That all makes perfect sense.