mm2270 wrote:
Ah, Ok. I didn't know it had that. So in that case you may be able to script removing this by passing the actual profile password after that flag. I would give that a try. It seems to me that's the reason why you haven't been able to remove it in your policy. It's looking for that removal password.
i think we got it. this script in a policy removed the profile
#!/bin/sh
username=$( scutil <<< "show State:/Users/ConsoleUser" | awk -F': ' '/[[:space:]]+Name[[:space:]]:/ { if ( $2 != "loginwindow" ) { print $2 }}' )
loggedInUID=$(id -u "$username")
/bin/launchctl asuser $loggedInUID sudo -iu $username profiles -R -p CompanyCertificates -z password
exit