Skip to main content

I inherited a deployment that has a lot of non-MDM installed profiles.



Further, it seems some of the same configs were attempted with different names.



The pattern I can find is they were all built with ProfileCreator.



I have so many different identifiers - I'm wondering - could I scan using profiles -P and somehow parse the output in such that if it includes: com.github.erikberglund.ProfileCreator.*



It would then use the: 



profiles remove -identifier "$variable"


Asking if this is the only approach

You could use a script like the following:



#!/bin/zsh



identifier="com.github.erikberglund.ProfileCreator"



profilesToRemove=$(profiles list | grep "$identifier" | awk '{ print $NF }')



for i in ${(f)profilesToRemove}; do

    profiles remove -identifier "$i"

done

@skeenan07 Above & beyond offering that much. is the f in '(f)profilesToRemove)' a counter function for zsh?

The (f) flag reads the profilesToRemove variable as an array of lines.



For example, this script 



#!/bin/bash

var=$(sw_vers)

for i in ${var}; do 

    echo "i = $i"

done


would have the following output:



i = ProductName:
i = macOS
i = ProductVersion:
i = 11.2.3
i = BuildVersion:
i = 20D91


However, in zsh with the (f) flag, the output would be



i = ProductName: macOS
i = ProductVersion: 11.2.3
i = BuildVersion: 20D91

I can't tell if this is a response from the policy (simply runs the above script once on the host) or coming back from some other management function of the server -



Specifically I see under Management History: Cannot remove profile 'com.github.erikberglund.ProfileCreator.079F94D4-32B6-47B4-9D57-038409D3E405' because it was not installed by the MDM server <MDMClientError:96>



Any thoughts?

If you echo back $profilesToRemove it fails to give any response



Wouldn't you need to add something indicating that the identifier only includes com.github.erikberglund.ProfileCreator and isn't explicitly that?

actually I got it using:



#!/bin/bash

 profilesToRemove () {

        profiles list | grep 'com.github.erikberglund' | awk '{print $NF}'

}



for i in $(profilesToRemove); do

        profiles remove -identifier "$i"

done

The script I wrote was not looking for just "com.github.erikberglund.ProfileCreator"; it should have found values like com.github.erikberglund.ProfileCreator123, com.github.erikberglund.ProfileCreator456, etc. Also, I wrote my script in zsh, not bash, so you may have gotten issues running it as bash. However, I'm glad you have a working solution.

I didn't mean to imply you did anything wrong. I couldn't get it to work so I tried removing and adding different things. This was simply by trying variations. It's my understanding that doing the list followed with a grep would also find any value that started with com.gitub... Is your method the most efficient?

I wouldn't say it is more efficient; I just tend to use variables more in my scripts. For me, it makes modifying the script for another purpose easier.

Reply


Terms & ConditionsCookie settings