Systematically remove configs by ProfileCreator

k3vmo
Contributor II

I inherited a deployment that has a lot of non-MDM installed profiles.

Further, it seems some of the same configs were attempted with different names.

The pattern I can find is they were all built with ProfileCreator.

I have so many different identifiers - I'm wondering - could I scan using profiles -P and somehow parse the output in such that if it includes: com.github.erikberglund.ProfileCreator.*

It would then use the:

profiles remove -identifier "$variable"

Asking if this is the only approach

9 REPLIES 9

skeenan07
New Contributor III

You could use a script like the following:

#!/bin/zsh

identifier="com.github.erikberglund.ProfileCreator"

profilesToRemove=$(profiles list | grep "$identifier" | awk '{ print $NF }')

for i in ${(f)profilesToRemove}; do
    profiles remove -identifier "$i"
done

k3vmo
Contributor II

@skeenan07 Above & beyond offering that much. is the f in '(f)profilesToRemove)' a counter function for zsh?

skeenan07
New Contributor III

The (f) flag reads the profilesToRemove variable as an array of lines.

For example, this script

#!/bin/bash
var=$(sw_vers)
for i in ${var}; do 
    echo "i = $i"
done

would have the following output:

i = ProductName: i = macOS i = ProductVersion: i = 11.2.3 i = BuildVersion: i = 20D91

However, in zsh with the (f) flag, the output would be

i = ProductName: macOS i = ProductVersion: 11.2.3 i = BuildVersion: 20D91

k3vmo
Contributor II

I can't tell if this is a response from the policy (simply runs the above script once on the host) or coming back from some other management function of the server -

Specifically I see under Management History: Cannot remove profile 'com.github.erikberglund.ProfileCreator.079F94D4-32B6-47B4-9D57-038409D3E405' because it was not installed by the MDM server <MDMClientError:96>

Any thoughts?

k3vmo
Contributor II

If you echo back $profilesToRemove it fails to give any response

Wouldn't you need to add something indicating that the identifier only includes com.github.erikberglund.ProfileCreator and isn't explicitly that?

k3vmo
Contributor II

actually I got it using:

#!/bin/bash
 profilesToRemove () {
        profiles list | grep 'com.github.erikberglund' | awk '{print $NF}'
}

for i in $(profilesToRemove); do
        profiles remove -identifier "$i"
done

skeenan07
New Contributor III

The script I wrote was not looking for just "com.github.erikberglund.ProfileCreator"; it should have found values like com.github.erikberglund.ProfileCreator123, com.github.erikberglund.ProfileCreator456, etc. Also, I wrote my script in zsh, not bash, so you may have gotten issues running it as bash. However, I'm glad you have a working solution.

k3vmo
Contributor II

I didn't mean to imply you did anything wrong. I couldn't get it to work so I tried removing and adding different things. This was simply by trying variations. It's my understanding that doing the list followed with a grep would also find any value that started with com.gitub... Is your method the most efficient?

skeenan07
New Contributor III

I wouldn't say it is more efficient; I just tend to use variables more in my scripts. For me, it makes modifying the script for another purpose easier.