Jamf Nation Community

Yeah. That’s the part I’m stuck on. I can easily do it manually but I am trying to give this ability to a JAMF admin that does not have access to the profiles

How long do you wait after the smart group gets updated? Maybe if you wait long enough, it will eventually take action? I know that even under proper conditions, it can take a while to push or pull.

And I presume that the computer is plugged into Ethernet while you're trying to remove the WiFi?

Yes, it is plugged in and I have waited at least an hour (which is really hard as an impatient IT guy)

Did you try to trigger this over terminal?
If I do an upgrade for an mcx, it takes at least a few seconds until it will delet automatically

Did you try to trigger this over terminal?

Trigger the removal of the profile? No, how do I do that?

Is there a way to automate the removal of a config profile using Smart Groups?
It seems like the only way to remove the profile after the computers membership has changed is to open it in JAMF and distribute to new devices.

I'm not sure if this will work since I developed it for removing locally installed profiles, but it might work.

If nothing else it should point you in the right direction.

Profile Name to remove goes in Parameter 4.

#!/bin/bash

## Get UUID of requested MDM Profile
MDMUUID=`profiles -Lv | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}'`

## Remove said profile, identified by UUID
if [[ $MDMUUID ]]; then
    profiles -R -p $MDMUUID
else
    echo "No Profile Found"
fi

sleep 5

If you're looking for a user profile, this should work.

#!/bin/bash

## Get logged in user
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");'`


## Get UUID of requested MDM Profile
MDMUUID=$(profiles -Lv -U $loggedInUser | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}')

echo $MDMUUID

## Remove said profile, identified by UUID
if [[ $MDMUUID ]]; then
    profiles -R -U $loggedInUser -p $MDMUUID
else
    echo "No Profile Found"
fi

sleep 5

Thanks Merps!

I'm still stuck though.

This is the output I get when running the script...
profiles remove for identifier:'48C85CF7-FA9E-4188-9876-F2F44AC17EB2' and user:'root' returned 101 (Profile is not removable.)
profiles remove for identifier:'3F920BE6-BE94-4E67-8116-FCBCB9ED8729' and user:'root' returned 101 (Profile is not removable.)

The only way to remove these two config profiles is to login to JAMF, open up the config profile, edit, save, distribute to new devices.

The strange thing is I have another Computer Level profile that IS removed when the computer changes smart group.

#!/bin/sh
profileName=( "Faculty/Staff Profile" "Base Restrictions" )

for (( i=0; i< ${#profileName[@]}; i++ ))

do
MDMUUID=`profiles -vP | grep "name: ${profileName[i]}" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}'`
profiles -R -p $MDMUUID
unset MDMUUID
done

Did you ever work out a way to get around this? I am having a similar issue at the moment where unscoping a computer from a Config profile will not remove it? I also get the same error if I try via Terminal

user:'root' returned 101 (Profile is not removable.)