Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Disable Device Enrollment Program (DEP) notification on macOS Monterey.md

NB! command-R is replaced with holding the power button on M1 macs.

With full reinstall (recommended)

   a. Boot into recovery using command-R during reboot, wipe the harddrive using Disk Utility, and select reinstall macOS

   b. Initial installation will run for approximately 1 hour, and reboot once

   c. It will then show a remaining time of about 10-15 minutes

   d. When it reboots again, be sure to press command-R to boot into recovery and continue with Main procedure

Without full reinstall

Boot to Recovery Mode by holding command-R during restart and continue with Main procedure

Main procedure

  1. Open Utilities → Terminal and type
$ csrutil disable
$ reboot
  1. Hold command-R during the reboot to enter Recovery Mode again

  2. Enter Disk Utility, and mount the Macintosh HD volume (or whatever your main volume is named). (It might already be mounted.)

  3. Exit Disk Utility, open Utilities → Terminal, and type

$ cd "/Volumes/Macintosh HD/System/Library"
$ cd ../../etc
$ echo "0.0.0.0 iprofiles.apple.com" >> hosts
$ echo "0.0.0.0 mdmenrollment.apple.com" >> hosts
$ echo "0.0.0.0 deviceenrollment.apple.com" >> hosts
$ echo "0.0.0.0 gdmf.apple.com" >> hosts
$ csrutil enable
$ reboot
  1. If you come to the “Choose your country/location” dialogue, make sure to not select a wireless network, but “continue without an internet connection”

  2. After a normal boot, you can verify the DEP status in Terminal:

$ profiles status -type enrollment
Enrolled via DEP: No
MDM enrollment: No
@brunerd
Copy link

brunerd commented Jun 1, 2022

@brunerd Just wondering if you've tested this on the newer M1 Macs? Thanks

@vzeazy yes, most definitely, it’s architecture independent it’s all about what macOS caches on disk really, we’ll see if they change anything for the next OS

@secured2k
Copy link

secured2k commented Jun 1, 2022

I'm guessing that if I can't disable SIP then I'm out of luck?

Is there anyway around that? Cloning another drive?

Any help would be appreciated.

Check the recent comments or the parent thread for instructions for current version OS’s. Answers have been posted multiple times.

@depmac
Copy link

depmac commented Jun 9, 2022

Method confirmed dead on Ventura. Now MDM lock works in a similar way to FMM lock. For all of you legally owning DEP enabled Macs, disabling Full Security is highly recommended so that when you accidentally wipe the mac, you will be able to always downgrade to a full installation of macOS <=12.x. For Macs shipped with Ventura from now on, be extra careful unless new ways of MDM bypass come out.

@depmac
Copy link

depmac commented Jun 9, 2022

Method confirmed dead on Ventura. Now MDM lock works in a similar way to FMM lock. For all of you legally owning DEP enabled Macs, disabling Full Security is highly recommended so that when you accidentally wipe the mac, you will be able to always downgrade to a full installation of macOS <=12.x. For Macs shipped with Ventura from now on, be extra careful unless new ways of MDM bypass come out.

Non Apple Silicon and T2 Macs are not impacted though. Also in the worst case we still have checkm8 for T2.

@secured2k
Copy link

secured2k commented Jun 9, 2022

This does not seem like anything new. The case was the same since T2 and M1. The case if MDM actually got installed/enrolled during setup or profile install, the management system could enable FMM type locks (but doesn't have to).

@mitatskni
Copy link

mitatskni commented Jun 10, 2022

On catalina, I solved the problem in a similar way. I found an xml file where it is written how often to display a notification and commented out the necessary section. I bought a used laptop with mdm profile.

@mitatskni
Copy link

mitatskni commented Jun 10, 2022

On catalina, I solved the problem in a similar way. I found an xml file where it is written how often to display a notification and commented out the necessary section. I bought a used laptop with mdm profile.

Just in case, I will give an example that I edited on Catalina to get rid of notifications every 3 hours

@mitatskni
Copy link

mitatskni commented Jun 10, 2022

On catalina, I solved the problem in a similar way. I found an xml file where it is written how often to display a notification and commented out the necessary section. I bought a used laptop with mdm profile.

Just in case, I will give an example that I edited on Catalina to get rid of notifications every 3 hours

% cat /System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>com.apple.ManagedClientAgent.enrollagent</string>
    <key>ProcessType</key>
    <string>Background</string>
	<key>ProgramArguments</key>
	<array>
		<string>/System/Library/CoreServices/ManagedClient.app/Contents/Resources/ManagedClientAgent</string>
		<string>-j</string>
	</array>
<!--
	<key>StartInterval</key>
	<integer>7200</integer>
-->
</dict>
</plist>

@mitatskni
Copy link

mitatskni commented Jun 10, 2022

As you can see, I commented out the StartInterval key. In my case, this solved the issue with notifications.

@secured2k
Copy link

secured2k commented Jun 10, 2022

You cannot do this on newer systems with snapshots and signed system volumes.

@JShub683
Copy link

JShub683 commented Jun 21, 2022

Just a general question. I was able to get into my M1 that i purchased from a liquidator who got the laptop from a company that was purchased prior to going out of business. I have an M1 and 2019 i5 on the i5 I get zero notifications about being remote managed, where as the M1 I'll get a pop-up about every 3-4hrs. The M1 took me a few days to realize that I could enter the echo commands without csrutil disabled to get around the MDM and create an account on Monterey. Anyway I've read through multiple threads on DEP and it seems like the intel models wont get notifications and the M1 theres nothing that can be done to stop on block em right? When checking for MDM profiles in terminal I get the NO status so I'm fine on that front just the stupid popup.

@secured2k
Copy link

secured2k commented Jun 21, 2022

There is no difference in the ability to block MDM pop up notifications on intel and m-series Macs. The difference in management security for those systems is t-2 and newer systems can be securely activation locked. I have looked at 2 random people’s computer that claimed the same problem and I have no idea what I did differently but with no relevant changes, those users say the messages go away; so I assume the issue is with the users actions or steps to block the network communication that causes the alerts. The parent thread has more detail and I have answered many questions since Nov 2020 about this.

@Aleks4o
Copy link

Aleks4o commented Jun 23, 2022

Hi I wanted to ask because I am new to the mac scene and I bought a macbook second hand with dep (that i did not know of). Can anyone tell me is it safe to use the laptop and is there a chance that the laptop is unusable?

@Aleks4o
Copy link

Aleks4o commented Jun 23, 2022

I did take the steps above but what did you mean by change the security settings in the recovery portion”?

@FaunoFloyd
Copy link

FaunoFloyd commented Jun 28, 2022

Hi Guys,

i tried and got this reply

sudo profiles show -type enrollment
2022-06-28 12:31:49.952 profiles[10194:708792] Bad response from apsd: Connection interrupted
Error fetching Device Enrollment configuration: We can't determine if this machine is DEP enabled. Try again later.

It should be all right? DEP and MDM cant do a thing on the macbook right ?
Screen Shot 2022-06-28 at 12 37 17

@secured2k
Copy link

secured2k commented Jun 28, 2022

No, the error talks about an error with apsd's connection being interrupted. This is for Apple Push Services Daemon which means you might not get push notifications on that system, but that doesn't mean a profile could not be installed. The response you should get if DEP servers are blocked is similar to below:

Error fetching Device Enrollment configuration: (34006) Error Domain=MCCloudConfigurationErrorDomain Code=34006 "The Device Enrollment server is unavailable. Please try again later." UserInfo={USEnglishDescription=CLOUD_CONFIG_MAX_RETRIES_EXCEEDED, NSLocalizedDescription=The Device Enrollment server is unavailable. Please try again later., MCErrorType=MCFatalError}

@FaunoFloyd
Copy link

FaunoFloyd commented Jun 28, 2022

@secured2k tried again and got same results, im using macbook pro 16 m1 pro 2021, could be any diff?

do i need to reinstall macos from scratch to try again?

@secured2k
Copy link

secured2k commented Jun 28, 2022

It is your call. I do not have the information about what was done that caused you to get a bad response from apsd.
However, the first command in the screenshot says enrolled via DEP/MDM: NO so generally there is no automatic profile install unless an Admin agrees to install a profile. This usually comes up in a push notification alert and if something has broken those push notifications, it will be difficult to accidentally enroll.

@brishtiteveja
Copy link

brishtiteveja commented Jun 29, 2022

I've been wondering if I should blog about this, but here's another way that doesn't involve blocking network ports, so to squirrel this knowledge away in a corner of the web:

## these commands MUST be from Terminal in Recovery mode only (as root of course)
## this assumes the boot drive is named "Macintosh HD" and is a newer OS that has a Data volume

#clear the nvram if there is any saved WiFi info there
nvram -c

#remove the known networks plist which auto-joins your WiFi - older version of macOS may not have this
rm /Volumes/Macintosh\ HD\ -\ Data/Library/Preferences/com.apple.wifi.known-networks.plist 

#the WiFi password IS still stored here but it is not necessary to remove this
rm /Library/Keychains/System.keychain

#SUPPRESS FOR SETUP ASSISTANT ONLY
#remove all the dot files .* in Settings the main file is .cloudConfigHasActivationRecord
rm /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings/.*
#When you reboot with this method you must choose Other for network options then "This Mac does not connect to the Internet" to skip Remote Management
#this method of skipping via Other/No Internet is usually sufficient for macOS 10.14 and under

#SUPPRESS PERMANENTLY
#remove the entire folder and it NEVER asks for DEP again, without this folder it won't work
rm -r /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings

reboot

I have faced this issue. After fresh install of mac OS Catalina, it was showing remote management from a company that is different from my own workplace.
Removing LaunchDaemons and LaunchAgents and re-routing IP addresses didn't work for me.
The only thing that worked for me was by removing /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings
Thank you very much.

@Hr46ph
Copy link

Hr46ph commented Jul 2, 2022

Simple question from a macOS noob. When you speak of "wipe the harddrive using Disk Utility" in the instructions, what exactly do I select? There are multiple partitions. Tx.

@secured2k
Copy link

secured2k commented Jul 2, 2022

You would select the disk rather than a partition. Apple support pages have instructions and can be found with a google search. However you may want to review the parent thread for recent fixes before following older instructions.

@Hr46ph
Copy link

Hr46ph commented Jul 2, 2022

This being comments and not a real forum, what exactly do you mean with parent thread? Do you mean where you forked it from?
https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac

@secured2k
Copy link

secured2k commented Jul 2, 2022

Yes

@Hr46ph
Copy link

Hr46ph commented Jul 2, 2022

Thanks. I was there too. When I boot in recovery mode and open a terminal, it will ask me for credentials. sudo or su commands don't work. Ive been searching my ass off through the comments here and there, Google directs me to official support. It looks like I need to wipe the disk so it wont read the current configurion on disk and connects to wifi, can you please confirm or point me in the right direction if thats wrong?

@secured2k
Copy link

secured2k commented Jul 2, 2022

I don’t recall recovery mode asking for a password unless it was an encrypted disk.
su/sudo is not needed in recovery mode because you run as root (Adminstrator) by default.

It depends on what the issues is and what your goal is (what are you trying to accomplish?). If you are trying to erase everything, then apple’s official instructions are good to follow. Assuming you are here because of MDM, then you follow the instructions with no internet setup or blocking hosts via dns.

@brishtiteveja
Copy link

brishtiteveja commented Jul 4, 2022

comments

If the device does not have any OS, after fresh installation, you don't have an administrator account created yet. And you may not even be able to go to the account creation phase because remote management screen. This is a scenario where the previous owning organization has forgot to remove MDM requirement for the device.. may not be the same for regular device.

@rafaelsaxo
Copy link

rafaelsaxo commented Jul 5, 2022

I just got scammed with a macbook pro m1 14inch, so I found here.
A little hard for a newbie so I wonder if a software like https://checkm8.info/bypass-mac-mdm-lock are trustable
and the scammer gave em this solution https://www.youtube.com/watch?v=PZy5Xayv5PY
I would really appreciate some help here.
By the way read the whole thread and couldn't execute everything. I need to learn better how to use terminal like do I have to use the $ sign or this is just a bullet?
Thanks in advance.

@secured2k
Copy link

secured2k commented Jul 5, 2022

The last I recall from 2-3 years ago is checkm8 is for iPhone 4S (A5) through iPhone 8/X series (A11). This includes T2 which is related to A10. There was some news of Checkra1n being able to have some support for M1 (A14) chips but I never heard much about it.

As for the video, it starts with is the same instructions in these comments and then goes to do things not needed, but potentially can work. In theory the instructions have you disable some security and run a program that could do some of the steps listed in the comments (or some hidden unknown method). However, I don't have any proof of what it is doing, so I can't say it really is "safe" or will work.

@iactivate-host
Copy link

iactivate-host commented Jul 6, 2022

Disable Device Management and remove MDM enrollment profile on MacBook Pro & Air can be done via iRemove tool. You can download software from https://iremove.tools/remove-device-management-on-macbook
. The tool can bypass MDM on Mac computers powered by M1 & T2 chip.

@rajpootathar
Copy link

rajpootathar commented Jul 6, 2022

Disable Device Management and remove MDM enrollment profile on MacBook Pro & Air can be done via iRemove tool. You can download software from https://iremove.tools/remove-device-management-on-macbook . The tool can bypass MDM on Mac computers powered by M1 & T2 chip.

does this work can someone confirm?

@rafaelsaxo
Copy link

rafaelsaxo commented Jul 6, 2022

How do I enter this in terminal?
$ cd "/Volumes/Macintosh HD/System/Library"
$ cd ../../etc
$ echo "0.0.0.0 iprofiles.apple.com" >> hosts
$ echo "0.0.0.0 mdmenrollment.apple.com" >> hosts
$ echo "0.0.0.0 deviceenrollment.apple.com" >> hosts
$ echo "0.0.0.0 gdmf.apple.com" >> hosts
$ csrutil enable
$ reboot
I am on Monterey and I did something wrong or it doesn't work.
thanks

I know that the $ is like a bullet point not to be typed, are there more things like this? Like if you see this you do press enter or something

@esvillar
Copy link

esvillar commented Jul 7, 2022

Hey team,

I have been struggling for the past 3 days trying to install Mac OS again on a MDM device. I bought it second hand and I was able to bypass it during installation with Big Sur, and Monterrey but I updated to Ventura and got stuck. I don’t know how to downgrade and everything I tried from this thread does not work. Can anybody provide me with a more in person assistance please. My WhatsApp is 506 87185747. And my name is Esteban. Thanks in advance to all of you.

@chuanhhoang
Copy link

chuanhhoang commented Jul 7, 2022

Hey team,

I have been struggling for the past 3 days trying to install Mac OS again on a MDM device. I bought it second hand and I was able to bypass it during installation with Big Sur, and Monterrey but I updated to Ventura and got stuck. I don’t know how to downgrade and everything I tried from this thread does not work. Can anybody provide me with a more in person assistance please. My WhatsApp is 506 87185747. And my name is Esteban. Thanks in advance to all of you.

What problem do you have with Ventura? Could you please upload a screenshot?

@chuanhhoang
Copy link

chuanhhoang commented Jul 7, 2022

Method confirmed dead on Ventura. Now MDM lock works in a similar way to FMM lock. For all of you legally owning DEP enabled Macs, disabling Full Security is highly recommended so that when you accidentally wipe the mac, you will be able to always downgrade to a full installation of macOS <=12.x. For Macs shipped with Ventura from now on, be extra careful unless new ways of MDM bypass come out.

So just disabling network connection when installing Ventura will not help any more?

@chuanhhoang
Copy link

chuanhhoang commented Jul 8, 2022

Just to update on how to bypass MDM on Ventura:

  • Install Monterey and bypass MDM
  • Download Ventura and install it
  • When the computer restarts, disconnect your router and let the computer finishes the installation.

@aabdyli
Copy link

aabdyli commented Jul 8, 2022

Hello everyone,

I have installed the Monterey 12.3.1 but the 12.4 is not showing on the Software Update.
Has anyone of you had this problem?

@solis98
Copy link

solis98 commented Jul 10, 2022

Hola a todos,

Instalé el Monterey 12.3.1 pero el 12.4 no aparece en la Actualización de software. ¿Alguno de vosotros ha tenido este problema?

I didn't even know there was an update. I'm downloading it from the App Store because it doesn't appear from "Software Update".
Did one of you have a problem with the update? Does the notification reappear?

@daeta
Copy link

daeta commented Jul 10, 2022

@solis98
Copy link

solis98 commented Jul 10, 2022

Once a month, I comment out the below line in /etc/hosts file then check for MacOS X Updates. Once the update starts to download, I remove the "#". sudo vim /etc/hosts # Comment out below for software update 0.0.0.0 gdmf.apple.com Change to: # 0.0.0.0 gdmf.apple.com Save ":w" Run software update and start process. Change to: 0.0.0.0 gdmf.apple.com Save and Quit ":wq" This has been my "fix" for many months.

On Sun, 10 Jul 2022 at 10:53, solis98 @.> wrote: @.* commented on this gist. ------------------------------ Hola a todos, Instalé el Monterey 12.3.1 pero el 12.4 no aparece en la Actualización de software. ¿Alguno de vosotros ha tenido este problema? I didn't even know there was an update. I'm downloading it from the App Store because it doesn't appear from "Software Update". Did one of you have a problem with the update? Does the notification reappear? — Reply to this email directly, view it on GitHub https://gist.github.com/65d26a7deca30bdb9828e183809690bd#gistcomment-4226554, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABTQXPZHE62H7HZ35CXK7ZTVTINIJANCNFSM4J55H5MA . You are receiving this because you were mentioned.Message ID: <henrik242/Disable Device Enrollment Program (DEP) notification on macOS Monterey. @.>
-- David Robinson - 0412 458 477 - @.

I don't know much about this. Could you tell me how to make that change? Where is that done from?

@aabdyli
Copy link

aabdyli commented Jul 12, 2022

Once a month, I comment out the below line in /etc/hosts file then check for MacOS X Updates. Once the update starts to download, I remove the "#". Need to learn "vim" to use this. sudo vim /etc/hosts # Comment out below for software update 0.0.0.0 gdmf.apple.com Change to: # 0.0.0.0 gdmf.apple.com Save ":w" Run software update and start process. Change to: 0.0.0.0 gdmf.apple.com Save and Quit ":wq" This has been my "fix" for many months.

On Sun, 10 Jul 2022 at 10:53, solis98 @.> wrote: @.* commented on this gist. ------------------------------ Hola a todos, Instalé el Monterey 12.3.1 pero el 12.4 no aparece en la Actualización de software. ¿Alguno de vosotros ha tenido este problema? I didn't even know there was an update. I'm downloading it from the App Store because it doesn't appear from "Software Update". Did one of you have a problem with the update? Does the notification reappear? — Reply to this email directly, view it on GitHub https://gist.github.com/65d26a7deca30bdb9828e183809690bd#gistcomment-4226554, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABTQXPZHE62H7HZ35CXK7ZTVTINIJANCNFSM4J55H5MA . You are receiving this because you were mentioned.Message ID: <henrik242/Disable Device Enrollment Program (DEP) notification on macOS Monterey. @.>
-- David Robinson - 0412 458 477 - @.

Tried it and works! Thank you 💯

@Samiakaraeen
Copy link

Samiakaraeen commented Jul 14, 2022

This works fine with me, the trick is to install a clean Catalina
after it installs and when it restarts - YOU MUST NOT LET IT GO TO THE SCREEN WHERE IT ASKS YOU TO CHOOSE COUNTRY- YOU MUST GO TO RECOVERY MODE
after you go to recovery mode in the terminal the first command must be "mount -uw /" so as to be able to write to the host's file
after that and doing all the steps above can restart and go the choose country screen and choose my computer is not connected to the internet and it goes smoothly ,i installed Catalina and updated to the latest macOS

@ClickClocks
Copy link

ClickClocks commented Jul 20, 2022

I bought a brand new Mac Studio from a Pawshop. when I tried to setup and created a user I got the Remote Managment message asking me for user name and password.

them I found and followed the steps of this guide but by the time I did: "csrutil disable" i get a message about not admin privileges or something.

What I did was to do again a clean install of Monterrey after the second rebot unplug internet create a new user etc and now I was able to disble csrutil, add the hosts and them enable csrutil.

my question is: what will happen when Ventura is launch? Do I need to do similar steps or procedure to get this working?

When I tried to check the warranty information of this mac it told me they didn't have information available and asked me to provided a purchase date. Now when I check again Warranty Coverage it shows the date I added there.

It seems this Mac Studio was a company mac but never was activated (Maybe I'm Wrong) I'm on the line to return it and get my money back. it was a great deal though. Please Advice

@vladsolokha
Copy link

vladsolokha commented Aug 4, 2022

I presume that you won’t need to do the steps for Ventura. But we won’t know until it comes out.

I would like to thank the original post. I did all the steps and it worked for my M1 MacBook Air 10,1. I bought from a guy who was selling it on Marketplace and it had remote management on it from a company that doesn’t exist anymore. Thanks for the help.

@JediRhymeTrix
Copy link

JediRhymeTrix commented Aug 5, 2022

2021 MacBook Pro 14 on Monterey 12.4 here. Blocking those domains in hosts did not seem to get rid of the notification. However, I tried one of the suggestions from the parent thread and I haven't seen the notification in the past 24 hours or so.

Here's the command I ran:

rm -r /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings

Now I'm not sure if this will allow me to install Ventura without any hiccups or if I'd still need to block internet access to the machine when it reboots.

@JediRhymeTrix
Copy link

JediRhymeTrix commented Aug 6, 2022

Is there a risk in installing minor updates like 12.4->12.5 if the device is not enrolled and only had the notification pop-up issue, which has been remedied by doing what I have mentioned above?

@Hr46ph
Copy link

Hr46ph commented Aug 11, 2022

Is there a risk in installing minor updates like 12.4->12.5 if the device is not enrolled and only had the notification pop-up issue, which has been remedied by doing what I have mentioned above?

I have installed updates like that without a problem.

@shahbaazkyz
Copy link

shahbaazkyz commented Aug 13, 2022

Hello I just bought a Used laptop from Market, after few days

I've been wondering if I should blog about this, but here's another way that doesn't involve blocking network ports, so to squirrel this knowledge away in a corner of the web:

## these commands MUST be from Terminal in Recovery mode only (as root of course)
## this assumes the boot drive is named "Macintosh HD" and is a newer OS that has a Data volume

#clear the nvram if there is any saved WiFi info there
nvram -c

#remove the known networks plist which auto-joins your WiFi - older version of macOS may not have this
rm /Volumes/Macintosh\ HD\ -\ Data/Library/Preferences/com.apple.wifi.known-networks.plist 

#the WiFi password IS still stored here but it is not necessary to remove this
rm /Library/Keychains/System.keychain

#SUPPRESS FOR SETUP ASSISTANT ONLY
#remove all the dot files .* in Settings the main file is .cloudConfigHasActivationRecord
rm /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings/.*
#When you reboot with this method you must choose Other for network options then "This Mac does not connect to the Internet" to skip Remote Management
#this method of skipping via Other/No Internet is usually sufficient for macOS 10.14 and under

#SUPPRESS PERMANENTLY
#remove the entire folder and it NEVER asks for DEP again, without this folder it won't work
rm -r /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings

reboot

I have faced this issue. After fresh install of mac OS Catalina, it was showing remote management from a company that is different from my own workplace. Removing LaunchDaemons and LaunchAgents and re-routing IP addresses didn't work for me. The only thing that worked for me was by removing /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings Thank you very much.

Thanks alot. You're a life Saver.
This solution works on My macbook pro 2013(late). MacOS Catalina .

I tried to clean install macOS Catalina and stuck on Remote management screen. Come up with using above solution.

@JediRhymeTrix
Copy link

JediRhymeTrix commented Aug 13, 2022

Hello I just bought a Used laptop from Market, after few days

I've been wondering if I should blog about this, but here's another way that doesn't involve blocking network ports, so to squirrel this knowledge away in a corner of the web:

## these commands MUST be from Terminal in Recovery mode only (as root of course)
## this assumes the boot drive is named "Macintosh HD" and is a newer OS that has a Data volume

#clear the nvram if there is any saved WiFi info there
nvram -c

#remove the known networks plist which auto-joins your WiFi - older version of macOS may not have this
rm /Volumes/Macintosh\ HD\ -\ Data/Library/Preferences/com.apple.wifi.known-networks.plist 

#the WiFi password IS still stored here but it is not necessary to remove this
rm /Library/Keychains/System.keychain

#SUPPRESS FOR SETUP ASSISTANT ONLY
#remove all the dot files .* in Settings the main file is .cloudConfigHasActivationRecord
rm /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings/.*
#When you reboot with this method you must choose Other for network options then "This Mac does not connect to the Internet" to skip Remote Management
#this method of skipping via Other/No Internet is usually sufficient for macOS 10.14 and under

#SUPPRESS PERMANENTLY
#remove the entire folder and it NEVER asks for DEP again, without this folder it won't work
rm -r /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings

reboot

I have faced this issue. After fresh install of mac OS Catalina, it was showing remote management from a company that is different from my own workplace. Removing LaunchDaemons and LaunchAgents and re-routing IP addresses didn't work for me. The only thing that worked for me was by removing /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings Thank you very much.

Thanks alot. You're a life Saver. This solution works on My macbook pro 2013(late). MacOS Catalina .

I tried to clean install macOS Catalina and stuck on Remote management screen. Come up with using above solution.

Can confirm. This is the only solution that has worked on my 2021 MBP. If this also helps bypass the remote management screen during a fresh install, then i think there is a pretty good chance that this may allow major OS updates to be installed without any issues.

Would anyone be willing to test this with a Monterey -> Ventura upgrade?

@ethansawicki
Copy link

ethansawicki commented Aug 15, 2022

Hello I just bought a Used laptop from Market, after few days

I've been wondering if I should blog about this, but here's another way that doesn't involve blocking network ports, so to squirrel this knowledge away in a corner of the web:

## these commands MUST be from Terminal in Recovery mode only (as root of course)
## this assumes the boot drive is named "Macintosh HD" and is a newer OS that has a Data volume

#clear the nvram if there is any saved WiFi info there
nvram -c

#remove the known networks plist which auto-joins your WiFi - older version of macOS may not have this
rm /Volumes/Macintosh\ HD\ -\ Data/Library/Preferences/com.apple.wifi.known-networks.plist 

#the WiFi password IS still stored here but it is not necessary to remove this
rm /Library/Keychains/System.keychain

#SUPPRESS FOR SETUP ASSISTANT ONLY
#remove all the dot files .* in Settings the main file is .cloudConfigHasActivationRecord
rm /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings/.*
#When you reboot with this method you must choose Other for network options then "This Mac does not connect to the Internet" to skip Remote Management
#this method of skipping via Other/No Internet is usually sufficient for macOS 10.14 and under

#SUPPRESS PERMANENTLY
#remove the entire folder and it NEVER asks for DEP again, without this folder it won't work
rm -r /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings

reboot

I have faced this issue. After fresh install of mac OS Catalina, it was showing remote management from a company that is different from my own workplace. Removing LaunchDaemons and LaunchAgents and re-routing IP addresses didn't work for me. The only thing that worked for me was by removing /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings Thank you very much.

Thanks alot. You're a life Saver. This solution works on My macbook pro 2013(late). MacOS Catalina .
I tried to clean install macOS Catalina and stuck on Remote management screen. Come up with using above solution.

Can confirm. This is the only solution that has worked on my 2021 MBP. If this also helps bypass the remote management screen during a fresh install, then i think there is a pretty good chance that this may allow major OS updates to be installed without any issues.

Would anyone be willing to test this with a Monterey -> Ventura upgrade?

I updated my 2019 MBP no issue dunno if its different on M series.

Edit: Don't bother updating. The notification came back even with /ConfigurationProfiles/Settings deleted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment