- Jamf Nation Community
- Products
- Jamf Pro
- Remove User Level Configuration Profile
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 05:49 AM
Hello, everyone,
we added our existing MacBooks to jamf via UIE. The devices still have manually installed user profiles under System Settings - Profiles. Certificates were distributed with the configuration profile. Is there a way to uninstall this profile via jamf?
Cheers
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-02-2021 06:24 AM
i think we got it. this script in a policy removed the profile
#!/bin/sh
username=$( scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}' )
loggedInUID=$(id -u "$username")
/bin/launchctl asuser $loggedInUID sudo -iu $username profiles -R -p CompanyCertificates -z password
exit
19 REPLIES 19
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 06:19 AM
Hi, can you explain what you mean by "manually installed config profiles"?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 06:24 AM
Before we had jamf we installed a configuration profile on every mac by double click the profile and insert the admin credentials for the installation.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 06:31 AM
Ah I see, thank you for clarifying. Then yeah if it was manually installed then you have to manually uninstall the profiles.
You can try the script route to search for the config profile UUID and then remove it.
You might have to use the command sudo profiles -R -p profileidentifier
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 06:44 AM
I'm getting the error:
profiles remove for identifier:'xxx' and user:'root' returned -205 (The operation couldn't be completed. (CPProfileManager error -205.))
To uninstall the profile a pasccode is required. Could this be a problem?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 06:49 AM
How did you obtain the profile identifier?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 07:09 AM
sudo profiles list -all
then I get the user and the certificate as output:
givenname.surname[1] attribute: profileIdentifier: CompanyCertificates
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 07:50 AM
Sorry for the delay, I got busy. Hmmm, that is correct. Did you run the removal as a script or just in the terminal to test it out?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 08:07 AM
just in terminal to test it out. if i delete the configuration profile in system preferences i must insert a passcode and it's gone. But i don't want to connect to every mac and insert the passcode to delete it
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 12:09 PM
@BookMac wrote:just in terminal to test it out. if i delete the configuration profile in system preferences i must insert a passcode and it's gone. But i don't want to connect to every mac and insert the passcode to delete it
I'm not understanding this. Don't you have Jamf Pro? That's a perfect scenario for using Jamf since it runs scripts and commands as root. If you put that into a script and deploy it it should not require you entering any passwords.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-01-2021 12:45 AM
yes, we have jamf pro. i've tried a policy with "Files and Processes" and the execute command "sudo profiles -R -p CompanyCertificates
The result of the policy is the same like in terminal:
Result of command:
profiles remove for identifier:'CompanyCertificates' and user:'root' returned -205 (The operation couldnβt be completed. (CPProfileManager error -205.))
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-01-2021 08:27 AM
When you run sudo profiles -R -p in the terminal with the profile ID does it ask for a password?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-02-2021 12:17 AM
exactly. this is what it looks in terminal:
username@devicename ~ % profiles -R -p CompanyCertificates
Enter the profile removal password:
After the password the profile is gone. the user is no admin user.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-02-2021 04:14 AM
Ok, I see whatβs going on here. Your profile has a removal password applied to it. Meaning the password is something separate from an admin password.
if this is the case, the only way I believe you can automate this would be with an expect script. I donβt think the βprofilesβ command has a flag for using a removal password, not that Iβm aware of anyway. You can look thru the man page for it to see.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-02-2021 05:32 AM
In the man pages for Profiles there is a flag to pass a password which is -password.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-02-2021 06:21 AM
Ah, Ok. I didn't know it had that. So in that case you may be able to script removing this by passing the actual profile password after that flag. I would give that a try. It seems to me that's the reason why you haven't been able to remove it in your policy. It's looking for that removal password.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-02-2021 06:24 AM
i think we got it. this script in a policy removed the profile
#!/bin/sh
username=$( scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}' )
loggedInUID=$(id -u "$username")
/bin/launchctl asuser $loggedInUID sudo -iu $username profiles -R -p CompanyCertificates -z password
exit
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 08:14 AM
Passcode or password?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β12-01-2021 12:46 AM
password
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Posted on β11-30-2021 11:40 AM
Password, sorry
