- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on
06-04-2019
06:03 AM
- last edited
a week ago
by
kh-richa_mig
We're still struggling to get our Macs to register with Intune. After each failed attempt, in addition to removing the partial computer entries from Intune, we have to delete every single file and keychain entry that has anything at all to do with Intune and the Company portal app. After a lot of searching I came up with this script to remove the files associated with it:
#!/bin/sh
#variable for storing the current users name assuming the computer has the end user
# and not the admin user logged in when this script is run.
currentuser=`stat -f "%Su" /dev/console`
rm -Rfv /Users/$currentuser/Library/Application Support/com.microsoft.CompanyPortal.usercontext.info
rm -Rfv /Users/$currentuser/Library/Application Support/com.microsoft.CompanyPortal
rm -Rfv /Users/$currentuser/Library/Application Support/com.jamfsoftware.selfservice.mac
rm -Rfv /Users/$currentuser/Library/Saved Application State/com.jamfsoftware.selfservice.mac.savedState
rm -Rfv /Users/$currentuser/Library/Saved Application State/com.microsoft.CompanyPortal.savedState
rm -Rfv /Users/$currentuser/Library/Preferences/com.microsoft.CompanyPortal.plist
rm -Rfv /Users/$currentuser/Library/Preferences/com.jamfsoftware.selfservice.mac.plist
rm -Rfv /Users/$currentuser/Library/Preferences/com.jamfsoftware.management.jamfAAD.plist
rm -Rfv /Users/$currentuser/Library/Cookies/com.microsoft.CompanyPortal.binarycookies
rm -Rfv /Users/$currentuser/Library/Cookes/com.jamf.management.jamfAAD.binarycookiesI am having a helluva time trying to figure out how to automate the removal of the keychain items. There are so many and I can't make heads or tails out of the security command. So far I have found the following in the current user's Login keychain that seem to have anything to do with Intune:
- Application Password: a long string of random letters and numbers associated with com.microsoft.workplace.thumbprint
- Application Password: the OS version
- 2 Application Passwords: that are time stamps of some sort
- Application Password: the computer name
- Application Password: the email address used to try and register with Intune
- Application Password: "com.microsoft.CompanyPortal"
- Application Password: "com.microsoft.CompanyPortal.Hockey.SDK"
- Application Password: "enterpriseregistration.windows.net"
- Public key: "Microsoft Workplace Join Key"
- Private key: "Microsoft Workplace Join Key"
- Public Key: "Microsoft Session Transport Key"
- Private Key: "Microsoft Session Transport Key"
- Identity preference: "https://enterpriseregistration.windows.net"
- Identity preference: "https://enterpriseregistration.windows.net/" (yes the same as above with a trailing slash)
- Identity preference: "https://device.login.microsoftonline.com"
- Identity preference: "https://device.login.microsoftonline.com/" (yes the same as above with a trailing slash)
- That's all I can recall finding
I would prefer to use a surgical methodology to only remove the Intune-specific Keychain entries and leave the user's other keychain items untouched. I don't know where to begin. I've spent weeks trying to figure out how to use the security command but I'm getting nowhere. Does anyone else have a way to automate this?
Solved! Go to Solution.
- Labels:
-
Jamf Pro
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-04-2019 08:37 PM
I created a blog post on how to do this. Read Here
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-04-2019 08:37 PM
I created a blog post on how to do this. Read Here
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-16-2021 07:51 AM
I cant access your blog. Can you please that post also here?
jusst curious, am I the only one who cant access the website?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-05-2019 03:26 AM
hmmm interesting. I'll take a look at it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2019 04:46 AM
@kerickson I just discovered that the script causes Self Service to crash since upgrading to Mojave 10.14.6.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2019 04:55 AM
The only other thing I've done was to upgrade from JamfPro 10.9.0 to 10.13.0, but I suspect Mojave 10.14.6 doesn't like some of the security commands.
In the log, after the part where it deletes the Application Support and Preference files it says this:
Remove keychain password items
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
[message repeats 9 times]
delete-identity: option requires an argument -- Z
Usage: delete-identity [-c name] [-Z hash] [-t] [keychain...]
-c Specify certificate to delete by its common name
-Z Specify certificate to delete by its SHA-1 hash value
-t Also delete user trust settings for this identity certificate
The identity to be deleted must be uniquely specified either by a
string found in its common name, or by its SHA-1 hash.
If no keychains are specified to search, the default search list is used.
Delete an identity (certificate + private key) from a keychain.- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-24-2019 05:15 AM
ya know... there's something else going on here... the log snippet I pasted above was not from the first crash. Sorry about that. I need to dig deeper.
