Posted on 04-01-2021 07:56 AM
I inherited a deployment that has a lot of non-MDM installed profiles.
Further, it seems some of the same configs were attempted with different names.
The pattern I can find is they were all built with ProfileCreator.
I have so many different identifiers - I'm wondering - could I scan using profiles -P and somehow parse the output in such that if it includes: com.github.erikberglund.ProfileCreator.*
It would then use the:
profiles remove -identifier "$variable"
Asking if this is the only approach
Posted on 04-01-2021 10:20 AM
You could use a script like the following:
#!/bin/zsh
identifier="com.github.erikberglund.ProfileCreator"
profilesToRemove=$(profiles list | grep "$identifier" | awk '{ print $NF }')
for i in ${(f)profilesToRemove}; do
profiles remove -identifier "$i"
done
Posted on 04-01-2021 11:07 AM
@skeenan07 Above & beyond offering that much. is the f in '(f)profilesToRemove)' a counter function for zsh?
Posted on 04-01-2021 11:14 AM
The (f)
flag reads the profilesToRemove variable as an array of lines.
For example, this script
#!/bin/bash
var=$(sw_vers)
for i in ${var}; do
echo "i = $i"
done
would have the following output:
i = ProductName: i = macOS i = ProductVersion: i = 11.2.3 i = BuildVersion: i = 20D91
However, in zsh with the (f)
flag, the output would be
i = ProductName: macOS i = ProductVersion: 11.2.3 i = BuildVersion: 20D91
Posted on 04-02-2021 09:57 AM
I can't tell if this is a response from the policy (simply runs the above script once on the host) or coming back from some other management function of the server -
Specifically I see under Management History: Cannot remove profile 'com.github.erikberglund.ProfileCreator.079F94D4-32B6-47B4-9D57-038409D3E405' because it was not installed by the MDM server <MDMClientError:96>
Any thoughts?
Posted on 04-05-2021 08:31 AM
If you echo back $profilesToRemove it fails to give any response
Wouldn't you need to add something indicating that the identifier only includes com.github.erikberglund.ProfileCreator and isn't explicitly that?
Posted on 04-05-2021 10:15 AM
actually I got it using:
#!/bin/bash
profilesToRemove () {
profiles list | grep 'com.github.erikberglund' | awk '{print $NF}'
}
for i in $(profilesToRemove); do
profiles remove -identifier "$i"
done
Posted on 04-05-2021 11:25 AM
The script I wrote was not looking for just "com.github.erikberglund.ProfileCreator"; it should have found values like com.github.erikberglund.ProfileCreator123, com.github.erikberglund.ProfileCreator456, etc. Also, I wrote my script in zsh, not bash, so you may have gotten issues running it as bash. However, I'm glad you have a working solution.
Posted on 04-13-2021 07:28 AM
I didn't mean to imply you did anything wrong. I couldn't get it to work so I tried removing and adding different things. This was simply by trying variations. It's my understanding that doing the list followed with a grep would also find any value that started with com.gitub... Is your method the most efficient?
Posted on 04-13-2021 10:34 AM
I wouldn't say it is more efficient; I just tend to use variables more in my scripts. For me, it makes modifying the script for another purpose easier.