Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340
Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d
Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac
Good lord if I had known my email replies were posting like that…garrrrr….
Thanks guys
@Pedro147 May I ask which url you used to query this picture?
@Pedro147 I'm talking about the content of this picture
MDM_LOCAL: on
You mean to query the info in the picture, so https://sickw.com/?page=services&service=11
general question on stopping DEP reminders in macOS Ventura
Hello, I have found this thread helpful in stopping DEP reminders in Monterey, and just received a Mac Studio (still in the box) from Apple and was hoping that you could recommend preventing DEP reminders. My institution puts a lot of rather invasive software on Macs including blocking naming of the computer and blocking the root user. Thanks!
I did not quite understand. Why is this necessary? Explain someone briefly
pretty cool, how can i make sure the mdm enrollment prompt is fully closed ? need some time to confirm ?
👍😍😍
@sonomadep looks like those files don't exist actually..
Mine were located in /Volumes/Macintosh\ HD\ -\ Data/private/var.. in case it helps anyone else
@sonomadep looks like those files don't exist actually..
Mine were located in /Volumes/Macintosh\ HD\ -\ Data/private/var.. in case it helps anyone else
Hmm… My MCP i5 lets me install Catalina, but anything higher shows greyish SSD and info "This disk is locked". Root user is working normally, but the disk has some way of security in higher versions of macOS.
edit: I will check if I have proper Secure Boot options enabled and let u know if that solved the problem.
Awesome! It work for me, now the nagging DEP popup won't show anymore. Thank you.
May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?
May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?
Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14)
Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?
Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14) Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
I am currently on macOS 12, and I want to reinstall, disable MDM, and then upgrade to the newer version. How should I proceed? I've been trying to figure this out for a while
How to disable SIP
May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?
Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14) Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
I am currently on macOS 12, and I want to reinstall, disable MDM, and then upgrade to the newer version. How should I proceed? I've been trying to figure this out for a while
How to disable SIP
Disable System Integrity Protection Temporarily
To disable SIP, do the following:
Restart your computer in [Recovery mode] (https://support.apple.com/en-us/HT201314).
Launch Terminal from the Utilities menu.
Run the command csrutil disable.
Restart your computer.
Hello, is it a good choice to buy a MacBook MDM for the next two years?
What should I check when buying a MacBook MDM?
I've already had a MacBook pro 2020 M1 MDM, but now I'm hesitating between a MacBook Pro 2021 M1 Pro 16/512 No MDM and a MacBook Pro 2021 M1 Pro 32/1T MDM for same price.
Where can I buy a MDM macbook for a good price?
I am selling macbook pro 2021 m1 chip, 16 gb ram. It has only 3 battery cycles. I'm from Serbia and can send it to you. If you are interested, send me a message.
thanks @gwshaw for the edits!
Here is how you can bypass MDM completely ...
Boot to Recovery
Open Terminal and enable the root user and give it a password:
Enter the command below and press Enter
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/rootThere might be a slight directory difference between Intel/Silicon. If the command above does not work try using one of these variations:
/Volumes/Macintosh\ HD\ -\ Data/or/Volumes/Data/Enter a new password for root user. Note * If you choose a simple password be aware that the root user will be available as a user that can log into macOS which could present a risk to the security of the device.
Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.
Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.
Click the Apple logo > System Settings -> Users & Groups
Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "root" and use the password you created earlier in Terminal.
Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.
Boot to Recovery again.
Open Terminal and enter the command below and press Enter.
touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDoneThen type Reboot and press Enter or force off your Mac again using the steps above.
If you found this helpful please donate! https://pay.siliconbypass.com
Thank you so much, this is what i used and it worked perfectly. With that said, i am still getting the popups every few hours or so reminding me to install the MDM. How do i get rid of that? The instructions above are not helping. Thanks!
**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things
- A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
- Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
- An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.
Steps I did On the non-DEP M1/M2 Mac
- USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
- Once installed, go thru the account creation so you have an account
- Boot from USB SSD drive just to make sure it is working.
Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac
- Boot to recovery mode
- Disk Utility
- Erase the internal physical disk
- Click on internal disk and use the RESTORE option, FROM the external SSD
- Let it run - will take a while.
Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.Many thanks @maclover696 for your method... Could you please share the output when you do the below command in Terminal (to verify the DEP status) using your method in M2? Thanks
$ profiles status -type enrollmenthere you go
Enrolled via DEP: No MDM enrollment: No
The screens for MDM enrollment never showed up because I completely bypassed it thru the first computer. Yes, it does require another M1 computer that' Non-DEP but that process is just once to build the External SSD OS once.
I did find some videos about disabling wifi, login, enable wifi, download some software (is that sofware safe? Something about Checkm8) but I don't want to install software - I'm sure it's fine since people are using it but I don't want to run csrutil either, terminal etc.
Anyway, I felt it was too much babysitting the process so I rather just instal lit twice with my method cuz I can just go to sleep after part 1 started and just do part 2 and set it and forget it.
Much easier and requires no real attention to watch it install.
And the benefit of my method is that my external SSD can be updated with latest software so any new Macs I install would have all of the software I normally want on it. Visual Studio code, nodejs, docker etc. It's an "golden image" for my own base build!
Glad I was able to contribute to this new method! I've been using the csrutil editing hosts tricks for many years. Frustrated a long time that I cannot do the same on M1 and Carbon Copy and SuperDuper are all failing also. My method can also help you dupe an working mac completely if you ever say upgrade to a new computer and co not want to reset- everything from scratch. I don't think Migration Assistant will migrate stuff I installed manually via GIT etc in various directories so I rather just copy it all as is in the future.
Thank you for posting this. I havent tried this method yet, I did the other one on here and it works but my device is stil getting popups and Its still showing MDM in terminal. Is there anyway you can get with me one on one, on telegram or something, to walk me through this? I can pay you for your troubles. Thanks!
Last question of the night! Promise! After doing this command:
(sudo profiles show -type enrollment), it shows the company info its enrolled to. I also get the popup in the corner reminding me. Even though i bypassed MDM, is there any way this company can still track the machine? or even worse, see into my icloud account? I am logged in with my apple ID and connected to my home wifi.
**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things
- A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
- Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
- An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.
Steps I did On the non-DEP M1/M2 Mac
- USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
- Once installed, go thru the account creation so you have an account
- Boot from USB SSD drive just to make sure it is working.
Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac
- Boot to recovery mode
- Disk Utility
- Erase the internal physical disk
- Click on internal disk and use the RESTORE option, FROM the external SSD
- Let it run - will take a while.
Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.
Does anyone know if I've used this method to enroll in MDM? Can I update without issues to macOS Sonoma?
Not sure if it helps but I found this website which might do it for you: https://skipmdm.com
You can verify the contents with curl https://raw.githubusercontent.com/skipmdm-phoenixbot/skipmdm.com/main/Autobypass-mdm.sh | cat
To save everyone time, the script provided on skipmdm is just what was discussed here previously put together in a nice script.
The current version linked is safe, but as it goes always check before you run something you got off the internet as the script can always be changed.
For anyone curious, here is the direct link to the script:
AutoBypass-mdm.sh
You lost me I asked about a link, but thanks for your thoughts anyway