Skip to content

Instantly share code, notes, and snippets.

@izhangzhihao

izhangzhihao/README.md

Created September 28, 2023 07:51
Show Gist options
  • Save izhangzhihao/a0f4d191c5e64192e2355428793c6308 to your computer and use it in GitHub Desktop.
Save izhangzhihao/a0f4d191c5e64192e2355428793c6308 to your computer and use it in GitHub Desktop.
Download ZIP
Remove a non-removable Simple MDM profile from macOS without a complete wipe
Raw
README.md

https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe

Non-removable MDM profiles cannot officially removed without doing a full system wipe. This is a problem when you restore a system from Time Machine after you enrolled it into the MDM, as the MDM will break, leaving you unable to re-enroll the machine.

Here's how to remove a non-removable MDM profile Boot the Mac into Recovery Mode (hold down command+R during startup). Go to the Utilities menu and open Terminal and type: csrutil disable. This will disable SIP (System Integrity Protection). Reboot into the OS. Open the integrated terminal and type:

cd /var/db/ConfigurationProfiles
rm -rf *
mkdir Settings
touch Settings/.profilesAreInstalled

Reboot. Boot the Mac into Recovery Mode (hold down command+R during startup). Go to the Utilities menu and open Terminal and type: csrutil enable. This will re-enable SIP. Reboot into the OS. The profile will be now removed and you will be able to re-enroll the Mac to your MDM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment