Skip to main content
Question

Remove Individual OS X Configuration Profile via Command Line


Forum|alt.badge.img+7

Hoping to get some assistance from the knowledge of the JAMF Nation. I am struggling to remove an individual configuration profile, that was installed manually, via the command line. Testing on Mavericks 10.9.1 currently. Used the profiles man page and this: https://developer.apple.com/library/mac/documentation/darwin/Reference/ManPages/man1/profiles.1.html

Commands I've tried:

sudo profiles -R -F /tmp/profilename.mobileconfig
sudo profiles -R -p profileidentifier
sudo profiles -R -p profileidentifier -U username

No dice so far. Use case is that a profile is installed manually and it needs to be removed without removing all profiles. Any thoughts out there?

Thanks!
Ben

39 replies

Forum|alt.badge.img+18
  • Valued Contributor
  • 1007 replies
  • January 21, 2014

i use the profiles -R -p profileidentifier all the time
use profiles -P to get the identifier before hand, maybe you are using the wrong identifier.


Forum|alt.badge.img+4
  • New Contributor
  • 12 replies
  • January 23, 2014

We've had to do the same thing in our environment, and I found the uninstall has to be formatted like:

profiles -R -p com.apple.mdm.server.corp.company.com.123af456-78e9-112-123a-123a456789.alacarte

...and like @nessts said, you'll need to get that whole identifier string from the

```
profiles -P
``` command. If you have a password required to uninstall the profile, that'll still be necessary from the command line, like it would through the gui. Hope that helps!


Forum|alt.badge.img+12
  • Valued Contributor
  • 139 replies
  • September 3, 2014

Is there a way to remove user level MDMs from multiple users (Like SCEP or AD Certs)?


Forum|alt.badge.img+3
  • New Contributor
  • 7 replies
  • September 8, 2014

From what I have found out, apparently not. I am looking for the same thing myself. An woeful omittance on behalf of Apple i think.


scottb
Forum|alt.badge.img+18
  • Valued Contributor
  • 1285 replies
  • September 8, 2014

Has anyone read about changes in 10.10 that might make this more versatile? Just curious. No NDA breakage, just wondering if anyone has read anything about it?


Forum|alt.badge.img+10
  • Contributor
  • 194 replies
  • September 8, 2014

This is what I wrote to remove a MDM based on the name. Profile name being the fourth variable passed.

#!/bin/bash

## Get UUID of requested MDM Profile
MDMUUID=`profiles -Lv | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}'`

## Remove said profile, identified by UUID
if [[ $MDMUUID ]]; then
    profiles -R -p $MDMUUID
else
    echo "No Profile Found"
fi

sleep 5

Forum|alt.badge.img+16
  • Valued Contributor
  • 1002 replies
  • March 30, 2015

Just because I needed it today...
I have created a script to look for a profile name starting with MDM (which seems to be what our evnironment has), it then removes it and runs jamf manage to get it back again.
I have set this in Self Service as a way for people who for whatever reason weren't getting updated policies.
It's not particularly elegant and would probably remove the first profile starting with MDM, so if you have other policies so named it's probably not for you...

#!/bin/bash
echo

MDM_UUID=$(profiles -Lv | awk '/attribute: name: MDM/,/attribute: profileUUID:/' | awk '/attribute: profileUUID:/ {print $NF}')
echo $MDM_UUID
if [ -z "$MDM_UUID" ]
then
echo "-MDM profile NOT found. Attempting to manage-"
jamf manage
else
echo "-MDM profile found. Removing MDM before attempting to manage-"
profiles -R -p "$MDM_UUID"
sleep 5
jamf manage
fi

echo
exit 0

Forum|alt.badge.img+1
  • New Contributor
  • 2 replies
  • February 6, 2016

Even as a root/admin user the profiles cannot be removed. Any suggestions?

_computerlevel[1] attribute: profileIdentifier: 00000000-0000-0000-A000-3A414D460003
>>profiles -v -R -p 00000000-0000-0000-A000-3A414D460004
profiles: verbose mode ON
profiles uninstall for identifier:'00000000-0000-0000-A000-3A414D460004' and user:'root' returned -205 (Unable to locate configuration profile.)
profiles: returned error: -205


rqomsiya
Forum|alt.badge.img+12
  • Honored Contributor
  • 225 replies
  • February 27, 2016

@Jand99 I'm having the same issue. Running into error -205. Did you find a solution??

Thanks,
R


Forum|alt.badge.img+1
  • New Contributor
  • 2 replies
  • February 29, 2016

Solution is simple if you have admin rights.
Assuming that "sudo jamf removeFramework" did not work you can try this:
Start terminal and type:
sudo -i
cd /var/db/
mv ConfigurationProfiles ConfigurationProfilesOLD

then reboot. A new empty ConfigurationProfiles folder will be created automatically.

NOTE: If you need to keep some special configuration profiles in that folder it may be better to only delete the file in /var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist file.


rqomsiya
Forum|alt.badge.img+12
  • Honored Contributor
  • 225 replies
  • February 29, 2016

Well i actually have a config profile that is for wi-fi access. We manually packaged it and installed via script. However, i can't remove it. I keep getting the -205 error. I'm running the simple command

#!/bin/sh

profiles -R -p UUID (of the file in question)

Forum|alt.badge.img+13
  • Valued Contributor
  • 277 replies
  • April 7, 2016

passcode protected?


Forum|alt.badge.img+19
  • Valued Contributor
  • 567 replies
  • August 25, 2016

Related question: When a configuration profile has been removed from a JAMF Managed Mac manaully (command or script), will the profile get reinstalled automatically via MDM at some point (assuming the target Mac is still scoped for that particular profile etc)?


donmontalvo
Forum|alt.badge.img+36
  • Legendary Contributor
  • 4293 replies
  • August 25, 2016

@dstranathan will until out of scope


Forum|alt.badge.img+8
  • Contributor
  • 30 replies
  • December 6, 2016

@Jand99 You're a genius, that was the answer I was looking for. I ran your commands after doing -removeFramework and then re-enrolled with a QuickAdd and WIN!

Thanks a bunch.


Forum|alt.badge.img+2
  • New Contributor
  • 4 replies
  • December 22, 2016

+1 for @Bauer from way-back-when, had a manually- (not JAMF-) distributed config profile which just wouldn't go away. Syntax is everything!


Chris_Hafner
Forum|alt.badge.img+23
  • Jamf Heroes
  • 1716 replies
  • January 3, 2017

Just to clear up a question I had when reading this post all this time later. For those using secured, manually installed profiles. Removal of such a profile using a command:

sudo profiles -R -F /tmp/profilename.mobileconfig

requires the profilename.mobileconfig to be loaded into /tmp/ again. For most of you, this is totally obvious as the command calls for it. This means if your original install policy copied the "profilename.mobileconfig" to the /tmp/ directory to install it, you will need to again copy the "profilename.mobileconfig" to the /tmp/ directory before you can uninstall it.

Just to help future newbies!


Forum|alt.badge.img+4
  • Contributor
  • 15 replies
  • April 22, 2017

Hey everyone,

I need to remove a specific Configuration Profile that was installed via the server on my 10.11.6 machines. I need to remove it via command line in a script for a very particular purpose. Since the Config Profile was installed via the JSS, the simple [ /usr/bin/profiles -R -F] will not work. Does anyone know how to remove a server installed Config Profile via terminal?

Thanks!


mm2270
Forum|alt.badge.img+16
  • Legendary Contributor
  • 7880 replies
  • April 23, 2017

@cdenoia Have you tried using sudo profiles -R -p UUID as shown in some of the posts above? The UUID is the identifier string that you can get by running sudo profiles -P in Terminal.


Forum|alt.badge.img+4
  • Contributor
  • 15 replies
  • April 24, 2017

Hey @mm2270 ,

Yes, I attempted to issue command: /usr/bin/profiles -R -p <UUID>
Error = "return 101 (profile is not removable)"

Any other ideas??


Forum|alt.badge.img+7

Try adding -U "creatorofprofile" at the end of the command

sudo profiles -R -p UUID -U magicname

That worked for me.


rqomsiya
Forum|alt.badge.img+12
  • Honored Contributor
  • 225 replies
  • May 28, 2017

What do you mean by creator of profile?


Forum|alt.badge.img+7

Sorry for delay, If a profile was installed under a particular username when you run profile -P you should see the username at the start of the string, if you take that username and add it to the end of your command it should remove the profile so if the username was ted your command would look like this

sudo profiles -R -p UUID -U ted


Forum|alt.badge.img+12
  • Contributor
  • 288 replies
  • June 14, 2017

Just to confirm, @alexmcclements command works.

To put it in a script, you just need to grab the logged in user's username from /dev/console for ex.

user=stat -f "%Su" /dev/console
profiles -R -p "UUID HERE" -U $user


Forum|alt.badge.img+1
  • New Contributor
  • 6 replies
  • May 15, 2019

Remove All Profiles
sudo /usr/bin/profiles -D

Remove a Single Profile
sudo /usr/bin/profiles -R -p com.eugene.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings