Help

Re-enroll or re-manage systems

Go to solution
rkelegha1
New Contributor II

Posted on ‎06-14-2023 08:16 AM

Hi All,

looking for some guidance,

I have approx 200 systems that where removed from JAMF via script but still have a old MDM profile. I need to get these back into a working state with a valid mdm profile. 

Is the best way to fix = Wipe / Re-image -> DEP enrolment  or is there another way to fix it ? via script or local steps?

Thanks

Rob

0 Kudos
3 ACCEPTED SOLUTIONS

Go to solution
jamf-42
Valued Contributor II

Posted on ‎06-14-2023 08:27 AM

if you are going to re-deploy then really you want the a clean device (many reasons) ..  so wipe (updating to latest OS at the same time) then ABM - ADE deploy etc..

Yes depending on how they were enrolled and their state you could re-enrol via terminal, but that would be 'a bad idea' 

View solution in original post

0 Kudos

Go to solution
AJPinto
Honored Contributor III

Posted on ‎06-14-2023 10:33 AM

Your only option is to reinstall macOS. It is possible to remove the MDM profile with SIP disabled, but you will spend far more time doing this on each device then you would just reinstalling macOS. That and messing with macOS configuration profiles in this manner can break profiles in general preventing reenrollment in MDM without a reimage anyway.

View solution in original post

0 Kudos

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎06-14-2023 11:06 AM

@rkelegha1 I'm a fan of nuke and re-enroll for any device (and that's a requirement for my org where the use case is one user per Mac). For Apple Silicon Macs that's amazingly easy using Apple Configurator 2 to do a DFU Restore (see https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/ for a guide). For x86 Macs you can use Apple's rarely mentioned Mac Provisioner tool to boot into Recovery mode and do a clean install of macOS (see https://community.jamf.com/t5/jamf-pro/mac-provisioner/m-p/291848/highlight/true#M259743 for a link to the most recent release)

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
jamf-42
Valued Contributor II

Posted on ‎06-14-2023 08:27 AM

if you are going to re-deploy then really you want the a clean device (many reasons) ..  so wipe (updating to latest OS at the same time) then ABM - ADE deploy etc..

Yes depending on how they were enrolled and their state you could re-enrol via terminal, but that would be 'a bad idea' 

0 Kudos

Go to solution
AJPinto
Honored Contributor III

Posted on ‎06-14-2023 10:33 AM

Your only option is to reinstall macOS. It is possible to remove the MDM profile with SIP disabled, but you will spend far more time doing this on each device then you would just reinstalling macOS. That and messing with macOS configuration profiles in this manner can break profiles in general preventing reenrollment in MDM without a reimage anyway.

0 Kudos

Go to solution
sdagley
Esteemed Contributor II

Posted on ‎06-14-2023 11:06 AM

@rkelegha1 I'm a fan of nuke and re-enroll for any device (and that's a requirement for my org where the use case is one user per Mac). For Apple Silicon Macs that's amazingly easy using Apple Configurator 2 to do a DFU Restore (see https://mrmacintosh.com/restore-macos-firmware-on-an-apple-silicon-mac-boot-to-dfu-mode/ for a guide). For x86 Macs you can use Apple's rarely mentioned Mac Provisioner tool to boot into Recovery mode and do a clean install of macOS (see https://community.jamf.com/t5/jamf-pro/mac-provisioner/m-p/291848/highlight/true#M259743 for a link to the most recent release)

0 Kudos

Go to solution
rkelegha1
New Contributor II

Posted on ‎06-15-2023 04:43 AM

Cheers all..

Rk

0 Kudos