Skip to main content

I bought a used Macbook and have updated it to the latest Mavericks. From when I first powered it on I have been getting prompts to enroll the device. I can't get them to go away...only cancel them and they reappear dozens of times per day.



I guess the folks who sold the machine have it in their DEP server? Or there is an agent that keeps checking?



How can I disable the agent that keeps prompting me to join?



Could not figure out after 30 minutes searching JAMF and other sites discussions of the various woes of school IT admins. :(




Until the original owner removes it from DEP it will basically continue to do this.
There are two places the info is stored.
Apple has the device listed as belonging to a certain organisation.
That organisation has the device set to auto enroll.
Both listings are effectively controlled by the organisation so they are the ones to contact to stop it.
It's an inbuilt function within OS X not something that is installed or added later so not easy to disable and really should be dealt with by contacting the original owner.
Even if the machine is completely wiped and reinstalled the moment it hits the internet it will return.


If you purchased that machine from the organization in the prompt, you should contact them to help un-enroll the device (ideally they would have done so already if they were selling it).


Piggy backing on what Emily said: If you bought it from another party (not in the prompt) as a legit 3rd part sale, I would still contact the organization, ask for the IT department and explain the situation. Likely, they will cut their losses and help you out since you didn't remove it from their possession.



They may want it back, which if they do, I would recommend just sending back. It truly is a brick and pointless to keep/use until it is either enrolled or removed from their DEP enrollment. This is exactly why it's built this way.


Thanks all. I bought it through a dealer on Amazon.com -- wholesale used machines something something.



But it isn't a brick - it works fine - it just has this silly prompt. I suspect there must be a way to silence those reminders! Otherwise anybody with access to a serial number could enroll a machine and remotely "take control" of it....


Otherwise anybody with access to a serial number could enroll a machine and remotely "take control" of it....


That isn't exactly how DEP works. Apple wouldn't put something in place that would be so easy to exploit by nefarious people.



I hate to say it, but it almost sounds like you purchased a lost/stolen device. It may not be that, and could genuinely be that the people who sold it forgot to remove it from their DEP program, but I don't know - wholesale used machines etc? Sounds a little fishy to me.
Also, I'm familiar with the New England Center for Children. They have a location that's literally down the street from where I work. I know they have a location in, I think, Abu Dubai or some place like that. Any chance you can contact them about it? They would be the only ones who can get rid of this. The fact that you are just looking for a way to disable it without going through the correct channels also raises some suspicion with me. If this purchase was legit and you aren't up to anything fishy, you need to be contacting them to see if they can help, or at least the reseller and ask them for assistance in contacting the original owners. Resellers on Amazon do not like negative reviews, so you may want to just drop a hint that one such review may be forthcoming unless they can assist you.


Not af all.
A machine can only be in DEP if sold by an Apple authorized dealer to an Apple authorized organisation, the original dealer registers it for your specific DEP upon delivery to your organization. At which point only your organization can add ir remove it from DEP, if properly disowned in DEP it can then never be re-enrolled, this is what is supposed to have occurred with any resold DEP device. EDIT: Beaten to it I see :)


Thanks folks.



Let's see what the IT guy at Center for Children says.


Yep the Center for Children says they overlooked removing the machine from their DEP and has now done it. Though it hasn't cleared the alert 4 days later. So now onto Apple.



Which means despite the very wise commentary of posters above there seems to be issues with both Apple and the DEP admins, and none with the wholesale used laptop company that sells Macs via the suspicious internet site Amazon.com


Did you ever get this solved? I am in the same situation, the MacBook is good other than this annoying popup.


@rangert you'll likely have to track down the organization that is listed to ask them to remove the device from their DEP instance. If the device wasn't lost or stolen they will likely be happy to remove it from their DEP portal. That's really the only way to get around this issue.


@mpermann, Thank you.



I made a phone call to their main number and got a name/email for someone who would actually do it, so we shall see how that goes. Also, I talked to Apple Tech support and after some consulting with Enterprise tech support they confirmed it is just the former owners that need to remove it, Apple has nothing to do with removing the system from DEP.



I feel lucky to stumble across this group using google image search as I had no idea what management backend was responsible for those pop-ups.


We have a system that we removed from our Apple DEP portal ("Disowned Device") and from the JSS (removed from Pre-Stage). The device no longer shows up in any of our systems, but the new owner of the device constantly received DEP notifications that the device needs to be enrolled.



So perhaps we're missing something?



Lucky for us, our device in question is still within the company, so it's easy for us to work with.



But the issue certainly is persistent and annoying!



Any thoughts?


@cainhorr Have you tried wiping the device after removing it from DEP? I would imagine the computer would think it was still associated with DEP until it was wiped and went through its setup again.


Well I had same issue but solved so quickly
Just buy a repair service to someone to change the serial number on the machine and your pop up messages will go away
It’s a hassle going to the vendor or the original owners since they won’t have the time to help you
Also apple doesn’t care they simply say talk to the seller or return the item


I just bought a new macbook from someone off craigslist, the macbook was brand new and sealed. Opened and set up the mbp and it's constantly throwing dep notifications to me. Tried calling the company but i keep getting told there is no IT department. Has anyone had success removing their device from a company's dep / removing the daily notifications for dep enrollment?


@jwolf9 No. Only the original owner can. You most definitely bought a stolen machine. It's not likely anyone would sell new Macs that were enrolled in DEP.


Hey,
With my experience, once the device is disowned through apple business manager and then also refreshed in Jamf Pro a reinstall is needed to remove that prompt.
I think jamf explained that it saves a file on the machine somewhere from memory but that was years ago ha
Good luck


I refurbish e-waste and tech surplus , I get dep stuff often and sometimes it's not possible to achieve un-enrollment. What you do to disable the popup is delete the folder /var/db/configurationprofiles and delete mdm and Managed (stars and capital letters important) from /system/library/launchagents and launchdaemons.


@Kautz



I refurbish e-waste and tech surplus , I get dep stuff often and sometimes it's not possible to achieve un-enrollment. What you do to disable the popup is delete the folder /var/db/configurationprofiles and delete mdm and Managed (stars and capital letters important) from /system/library/launchagents and launchdaemons.


Does that process simply turn off the pop up and leave me vulnerable to the old company / owner. i bought a Logic board recently and this is happening to me and i'm going to try your method. But i just wanted to know will this fix it or will this just stop the pop up?



Thanks!


Above steps will stop the pop-up but do not address the binary. Device will still be re-enrolled if you restore the OS and the process starts again.


Any way you can share how to do this removal to a basic user? I can't seem to find the folder to remove.



Thanks!



I refurbish e-waste and tech surplus , I get dep stuff often and sometimes it's not possible to achieve un-enrollment. What you do to disable the popup is delete the folder /var/db/configurationprofiles and delete mdm and Managed (stars and capital letters important) from /system/library/launchagents and launchdaemons.

Any way you can explain how to do this removal of folders and files to a basic user? I Cant seem to find them when I look in the system folder.



"delete the folder /var/db/configurationprofiles and delete mdm and Managed (stars and capital letters important) from /system/library/launchagents and launchdaemons."


Where do I find the folder /var/db/configurationprofiles. I am a basic user, no coding experience.


Ok, not sure if you still require this but here goes...



The "check-in" to ABM (Aple Business Manager) ONLY happens at the setup stage, which means the following holds true
1) If you install a new OS from Apple and disable your internet at the setup stage, nothing will get installed.
2) You could also use a USB installer with the internet disabled and that will keep the MDM from installing.



Last but not the least, you can go the hacker way to ensure it never happens again.
1) Setup a Launch Agent or Daemon with a script which runs all the time in the background ( every 5 minutes - recommended ) and does the following:



I. Checks for any installed profiles (use "man profiles" to see your options in the terminal manual)
ii. Do a grep for "MDM Profile" or "MDM" it is the standard name for all management profiles
iii. Grab the UUID of the profiles with MDM in the name, I think the label is -u in terminal
iv. Then gut the life out of it with - sudo profiles -R {UUID}



You will need to be handy with command line to get it to work but it is possible, I did some profile coding a long time ago.



If you are still struggling, let me and I'll put up some code on this thread.



Cheers


@CasperAdminNet I would really appreciate some help in what you've outlined above with the DEP / MDM. I am not very technically inclined but, I can do basic things like launch terminal, paste in code etc...anything a monkey can do! Would it be at all possible for you to share step by step?



And more importantly, if I am ok with the pop ups, is my mac being enrolled in some organisations DEP DB an issue? issue meaning, can they wipe my HDD? Can they read/download/manipulate my files data etc? Will apple block the mac serial from app store etc?
Thanks in advance!


Reply