csrutil disable
Restart computer
In the terminal, type
sudo open /Applications/TextEdit.app /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist
change
<key>com.apple.ManagedClient.enroll</key>
<true/>
to
<key>com.apple.ManagedClient.enroll</key>
<false/>
So that the changes take effect
Depending on the CPU, there may be other security checks. If there is absolutely no network blocks for apple services for Messages/FaceTime, I could assume either SIP was disabled and the standard boot snapshot partition was modified and no longer signed by Apple or the system Serial Number is invalid. There is not enough detail to determine the issue because we would have no information on what system modifications were done.
what you guys need to understand is that:
if you already start getting the notifications blocking the DNS will not work because its already downloaded to your system. You will have to erase/do a fresh install of macOS then block the DNS.
If anybody needs guidance, you can send me a message i will be happy to help
what you guys need to understand is that:
if you already start getting the notifications blocking the DNS will not work because its already downloaded to your system. You will have to erase/do a fresh install of macOS then block the DNS.
If anybody needs guidance, you can send me a message i will be happy to help
As written months ago :) - Thanks to bringing it back to the point.
2nd Option is MDM like Intune, if someone has the possibility ;)
MDM like Intune
please talk more on the second option, thanks
You can send „Profiles“ to iOS Devices which gives you a much deeper access to the Devices as a usual User can have. You need it for IKEv2 or IKEv3 VPNs to for example.
The „easy“ and free to use method will provide „Apple Profile Manager“ which can be downloaded on Mac (!!) App Store for free. Just copy the sourcecode of this files to Intune Custom Profiles.
You also can download „Apple Server“ from AppStore for a couple of Bugs
Just got a new M1 Macbook Pro 16". It has MDM on it. So I formatted the disk, and reinstalled OSX Monterrey from a USB drive. I have put all the suspects in my DNS server to return 0.0.0.0 when looked up, so this macbook should be getting an IP of 0.0.0.0 for hosts recommneded in this thread: mdmenrollment, deviceenrollment, etc.
But I am still getting the pop up that my company can manage this device remotely, and theres no way for me to not accept it. NOt sure what I am missing here?
Possibilities - The profile could be downloaded and installed during setup, the hostname/IPs are cached (mDNS/DNS), you have some other third part software doing some kind of networking manipulation, you have not declined the profile in the settings app, you have not requested the "profiles" app to clear/delete past profiles.
I have not tested brunerd method, but I have used similar methods in other systems to bypass configuration files. If the folder that should be there no longer exists, not all apps are smart enough to recreate the folder to store the configuration files. When the files cannot be created or accessed (because the path/file does not exist), this does break some apps; such as this case the configuration daemons.
Hello team. I have a MacBook Pro 2019 with MDM. I made the mistake to update to Ventura beta, and since it was so much trouble, I tried to reinstall Mac OS but now I’m stuck on the MDM window right after installation. What can I do? Help please
Anybody get Ventura to work on a M1 device?
I checked the file com.apple.ManagedClient.enroll.plist on other 2 MacBooks which none have MDM/DEP and the field for com.apple.ManagedClient.enroll is true. What does that mean? The laptops never had any kind of DEP notification, one of them was bought from Apple directly. Anyone has any other info about the meaning of this file?
I am using Monterey, 12.4 and when I try to edit the plist in Terminal I get this message. The file /Applications/TextEdit.app does not exist. I copied and pasted straight off of this page so I did not type wrong. Any suggestions?
@DaWallyLama
I had the same issue with TextEdit. Instead, use nano in the terminal:
sudo nano /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist
But the problem is the read-only file system where this file is located. You can edit the file as described (in nano) but when you attempt to write it out it will error saying the file is read-only. So, I tried to work around that by going to the Terminal and entering:
sudo mount -uw /
That failed with a message that permission was denied and mount: / failed with 66
So I am trying to work around that obstacle. Any other advice would be appreciated.
@DaWallyLama and @RyanPlant these instructions are out of data for newer versions of macOS. More current instructions may be found here.
I followed similar steps myself on a machine over 6 months ago and it has run flawlessly since then.
What I did was:
gdmf.apple.com could interfere with future updates.0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
sudo profiles remove -all
Hello team. I have a MacBook Pro 2019 with MDM. I made the mistake to update to Ventura beta, and since it was so much trouble, I tried to reinstall Mac OS but now I’m stuck on the MDM window right after installation. What can I do? Help please
Had the same issue of wiping out my machine and got stucked on MDM when finishing the installation, but i fixed mine by reinstalling an older osx version "lion" then update to newer version up to "catalina" #2012MBP.
l the dot files .* in Settings the main file is .cloudConfigHasActivationRecord
rm /Volumes/Macintosh\ HD\ -\ Data/private/var/db/ConfigurationProfiles/Settings/.*
#When you reboot with this method you must choose Other for network options then "This Mac does not connect to the Internet" to skip Remote Management
#this method of skipping via Other/No Internet is usually sufficient for macOS 10.14 and under
did dot and apparently it won't delete the notifications
Does anyone know if there is a way to remove remote management from a 2019 iMac but keep all the data as is.
We were upgrading to Monterey at work since our software is compatible now but forgot a few were 2019 ex-remote managed.
Cheers
I have no experience with iRemove.tools. Since I'm more of low level "do it yourself" tech, I have not investigated or tried other potential options. I am not interested in testing it because this is not a revenue generating model for me. I looked over the instructions and it looks like it just does the same thing posted in this thread. Basically wipe the Mac and disable network access. Then it wants to disable SIP so maybe it's installing its own firewalling/filtering driver or modifying other system files. Since I don't have a problem with the 1 second-hand Mac that has this MDM Enrollment problem, I will probably not try to reverse engineer what it is doing.
I think there was only 1 review where someone said it worked for them; perhaps the payment is enough for normal users who are not IT trained to work in CLI or with low level OS design, security, or programming methods.
Hi secured2K,
i hope you're fine.
sry for the late reply i dont have the app where we used to talk anymore (and don't remember the name), i found this site again by chance..I just want to give you a little tip for the time you took to resolve my issue.
let me know where and how i can do that.
thanks
The app was called Session.
thanks a lot
@DaWallyLama I had the same issue with TextEdit. Instead, use nano in the terminal:
sudo nano /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plistBut the problem is the read-only file system where this file is located. You can edit the file as described (in nano) but when you attempt to write it out it will error saying the file is read-only. So, I tried to work around that by going to the Terminal and entering:sudo mount -uw /That failed with a message that permission was denied andmount: / failed with 66So I am trying to work around that obstacle. Any other advice would be appreciated.
do u have a solution for this one ? i am here also :/
Review more recent comments (Nov 2021 to current) for better solutions.
Is there any way to install MacOS Ventura offline and without internet connection?
Yes, u can make a USB with Ventura and install it from the usb
Even with a complete wipe of the hard drive and an installer on a USB stick, you can't do an install without being online. I even tried doing a restore from a Time Machine backup and it won't proceed without an online connection.
This was discussed a while back during the late beta releases. If you have an older Mac (Intel), offline install the previous MacOS, make changes to block mdm as needed (per purpose of this post/thread), then upgrade. Newer Macs based on M2 and newer must come with the newest OS and must be online. The current protection matches the feature set of activation lock for iPhones as in a wiped iPhone must be online to activate. If you activate via usb cable, the internet connection is coming from the activating PC device.
Thanks for the clarification, which is what I'd assumed to be the case based on all the previous comments/statements. The issue for me is I have an employer-supplied 13" MacBook Pro M2 that has a load of bloat-ware and surveillance-ware I want to ditch. In the past, I've simply wiped the drive and undertaken a clean install before installing the software I need/want. Now it looks like even if I wipe the drive and do a clean install, my employer can re-install the bloat-ware and surveillance-ware.
So, long story short, if I allow my MacBook to enrol in Apple's DEP when I re-install Ventura after wiping the hard drive, can I block my employer's access to my MacBook after the install, and if so what are the steps I need to take?
Look back up at what ejm201 had to say on August 12. I was able to reinstall using this method. As far as connecting to the internet, I guess it would depend on how your system is set up. I never used Wi-Fi and just plugged in to ethernet to install. Then I just disconnected from ethernet when I ran initial setup I checked the box saying I don't connect to internet. Before connecting to the internet I followed the instructions provided by ejm201 following his link "in the gist". The only problem I have discovered using this method is that I cannot activate a phone or iPad with the Mac that I am using. Not sure which line is blocking me but it is a small price to pay since my old company refuses to remove Management from the computer that I paid for.
@DaWallyLama glad to hear my notes worked. My Mac is still running strong to this day. I have not tried activating another Mac or iPad with the machine in question, but interesting to note. To @secured2k's point the newer Macs behave differently. I recently nuked an MDM loaded machine from my previous employer using these steps @peon666 https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe. YMMV but it worked for me on a 2019 intel Macbook pro.
Thanks for the suggestion and link to graffino.com djm20—I'll give it a try.
Just wondering if anyone has tried this?: MDM Bypass from MacOS computers
I'm suspicious by nature, so these kinds of "services" always make me feel a little uneasy.
This question was already asked and answered previously. It does the same thing as various earlier posts. If you pay, you are using a service/program from someone who has scripted/automated the process to some degree.
Many of these methods have been posted and repeated here in these threads (and on the checkm8 site) but you’ll have to go back a few years for some of the original instructions or carefully find someone who posted file based bypasses. For most I recommend the fresh install with no internet and block three hosts on the pc or at your router or dns device.
The general current work around to MDM is blocking the connection to 3 hosts. Simple. Other methods can work but have drawbacks. For removal of an already installed MDM solution (and bypass as well, deleting / changing various configuration folders or files on the user data partition and possibly preventing MacOS from being able to write downloaded configurations back to the data partition is a working solution. I don’t think many want to talk about that bypass because Apple could easily fix that in a an update if it becomes widely known they don’t error handle file system failure actions.
One option to block those hosts even if you are forced to do the installation while online is to use something like PiHole in your home network, and block the domains there. That way, even while installing the OS online, the machine won't be able to access those hosts. Not sure if they would stop the installer if can't connect though, but worth a try.
Hello everyone, I have written a perfect script tool to bypass supervision by bypassing the Internet or shielding the MDM server, delete the MDM software and folder after entering the system, and finally grant 400 permissions to the folder and lock it. I am looking for the domain name of the MDM activation server, I hope everyone can give me some advice, I will provide you with 20 free access to scripts that bypass supervision, and I will share the code for professionals, and the estimated price is $15 per serial number
The servers are listed in earlier posts on this thread multiple times. They are also found in apple’s official documentation (see network or firewall requirements).
Hello everyone, Ventura needs an administrator password to execute csrutil disable after installing the system. Does anyone know what the password is? (no user created)
There is no root password (the account is disabled and password randomized). Even after assigning a password and enabling the account, the system does not allow for system integrity protection to be disabled (csrutil disable) in a live running mode. Since users/apps in this mode are not root/admin for the core system paths.
It seems that these interfaces are not the most important, I suspect it is gdmf.apple.com, but this domain name cannot be disabled, otherwise the iCloud pasteboard, system update and the like may be invalid
iprofiles.apple.com
mdmenrollment.apple.com
deviceenrollment.apple.comVentura does randomize passwords after installation. It seems that you can’t shield and clean up supervision before creating users 😂
Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
(1) Disable SIP in 1 True Recovery
(2)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
slack.com: join & talk bypass with clean
If you are a developer, please contact me, I will review and invite you to develop automation scripts
The Workaround
(1) Disable SIP in 1 True Recovery
(2)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
What is "1 True recovery" and how can I access it?
Does intel Macs have a "1 True recovery" too?
The Workaround
(1) Disable SIP in 1 True Recovery
(2)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgradeWhat is "1 True recovery" and how can I access it? Does intel Macs have a "1 True recovery" too?
do yourself a favor and use opencore on top of mac boot rom. change the SN in opencore instead of patching the OS
do yourself a favor and use opencore on top of mac boot rom. change the SN in opencore instead of patching the OS
Interessting. But how can I change my Mac serial number with OpenCore?
Still unable to edit the plist even I've disabled SIP, but I can set it to false with launchctl command.
sudo launchctl disable system/com.apple.ManagedClient.enroll
Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14)
Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
Hello @sonomadep can you please help me, I am getting command not found. Can you please help me. I think I am typing the commands wrong.
The Workaround
(1) Disable SIP in 1 True Recovery
(2)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgradeWhat is "1 True recovery" and how can I access it? Does intel Macs have a "1 True recovery" too?
@itsthomas can you please help me, I am getting command not found. Can you please help me. I think I am typing the commands wrong.
i have the same proble can u help me pls sonoma 14 beta
The Workaround
(1) Disable SIP in 1 True Recovery
(2)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgradeWhat is "1 True recovery" and how can I access it? Does intel Macs have a "1 True recovery" too?
@itsthomas can you please help me, I am getting command not found. Can you please help me. I think I am typing the commands wrong.
Last login: Thu Jun 29 08:32:54 on ttys002
ghost@MacBook-Pro-de-GHOST ~ % sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
Password:
rm: /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord: No such file or directory
rm: /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound: No such file or directory
ghost@MacBook-Pro-de-GHOST ~ %
macOS 13 Ventura bypass: https://www.bilibili.com/video/BV15m4y1Y7Ey/
macOS 13重启后会恢复mdm profile,我自己编写了一个步骤,有需要的可以看下。
https://github.com/luckydzp/skip-mdm/blob/main/README.md
@sonomadep Your steps worked perfectly. 💯
Your tutorial is perfect, I have upgraded to the latest system
Sonomo 23A5286i Failed to block notifications,And the configuration will automatically override
Can anyone explain why this is happening? My Mac is not supposed to be under MDM and in Venture it was not. Is this a bug in Sonoma? Or should I contact the previous owner of my Mac to get it removed from the past company's MDM setup?
有人知道怎么看监管剩余时间或者是否已失效嘛
Does anyone know how to look at the remaining time of supervision or whether it has expired?
@Ran-Xing - your video is very blurry on my screen. I can't really tell the text in that video. Any chance you can make the video a higher resolution?
@JW-github6 login your bilibili account,you can see 1080p
This YouTube video on MDM Bypass worked like a charm! I have a MacBook Air M1 and updated it from MacOS Ventura to Mac OS Sonoma - Beta. MDM notice appeared shortly after the new OS was installed. It's been a few hours since I erased everything in Utility, reinstalled the current version of MacOS Ventura, and created a new profile, etc...
I'm not familiar with using Terminal and Terminal commands. The steps listed above were confusing and may be best suited for someone who's advanced with Terminal commands. I'm not entirely sure if this is the best route to take to bypass the MDM, but so far so good.
Follow steps in this video exactly how it's shown.
*You will have to have MacOS Ventura installed for this to work. Not sure about other OS's.
The website provided in the tutorial does not take you directly to the terminal command as shown in the video. You'll be directed right to the websites homepage. There is a search bar at the top... type in MDM and click press Return. Everything is in Vietnamese so take your time if you aren't fluent. The first MDM "Ventura" option is what I selected.
You'll be taken to a page that provides steps written in Vietnamese... Pictures of the steps are provided and they match what the video tutorial steps are. I was not able to easily find the Terminal command in English so copying and pasting wasn't an option for me. I typed in the command manually. If your command isn't successful make sure you are spacing according to what's shown in the tutorials and use the letter "o" not the number 0 when you get to that part of the command.
After you see that the command was successful, press 1 to proceed. Next you'll be asked to enter username, name, password for account creation. SKIP THAT JUST LIKE THE DUDE IN THE VIDEO AND TAP RETURN. This will give you a default profile named MAC and a password of 1234. You can delete that profile later.
I think I covered everything. Im open to any feedback or questions if inclined and try my best to respond to questions as quickly as possible.
dharrisLA: thanks so much for this information. I've watched the video, but it's a little cryptic in places—not sure what's going on. Does it have to be a clean install of Ventura for this process to work? I have Ventura installed, but the MDM profile I want to remove is active. I don't suppose there's a Vietnamese speaker out there that would be willing translate the instructions and commands.
dharrisLA: thanks so much for this information. I've watched the video, but it's a little cryptic in places—not sure what's going on. Does it have to be a clean install of Ventura for this process to work? I have Ventura installed, but the MDM profile I want to remove is active. I don't suppose there's a Vietnamese speaker out there that would be willing translate the instructions and commands.
Ahhh that’s the one thing I forgot to mention. I never had the MDM fully enrolled or installed. I was getting notifications and popups to enroll.
I wiped my computer and reinstalled a fresh version of Ventura as well.
Hope that helps.
@luckydzp I read your script from your link https://github.com/luckydzp/skip-mdm/blob/main/README.md
A question - Does this script only work for Mac OS 12? It won't work for Mac os 13 Ventura? Thanks.
Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14)
Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
i already removed the whole mdm framework from Mac OS Ventura i have a MacBook pro m1 pro and i have no profiles or notifications. if i upgrade to Sonoma i will get the notifications back?
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade..
I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked
my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
I grabbed the sh script from the command "https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh"
This is the file
#!/bin/bash
RED='\033[0;31m'
GRN='\033[0;32m'
BLU='\033[0;34m'
NC='\033[0m'
echo ""
echo -e "Auto Tools for MacOS"
echo ""
PS3='Please enter your choice: '
options=("Bypass on Recovery" "Disable Notification (SIP)" "Disable Notification (Recovery)" "Check MDM Enrollment" "Thoát")
select opt in "${options[@]}"; do
case $opt in
"Bypass on Recovery")
echo -e "${GRN}Bypass on Recovery"
if [ -d "/Volumes/Macintosh HD - Data" ]; then
diskutil rename "Macintosh HD - Data" "Data"
fi
echo -e "${GRN}Tạo người dùng mới"
echo -e "${BLU}Press Enter to move to the next step, if not filled in, it will automatically receive the default value"
echo -e "Enter user name (Default: MAC)"
read realName
realName="$ {realName:=MAC}"
echo -e "${BLUE}Get username ${RED}WRITTEN UNACCLOSED ${GRN} (Default: MAC)" read
username
username="${username:=MAC}"
echo -e "${BLUE}Enter password (default: 1234)"
read passw
passw="${passw:=1234}"
dscl_path='/Volumes/Data/private/var/db/dslocal/nodes/Default'
echo -e "${GREEN}Đang tạo user"
# Create user
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UserShell "/bin/zsh"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UniqueID "501"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" PrimaryGroupID "20"
mkdir "/Volumes/Data/Users/$username"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" NFSHomeDirectory "/Users/$username"
dscl -f "$dscl_path" localhost -passwd "/Local/Default/Users/$username" "$passw"
dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership $username
echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo -e "${GREEN}Chặn host thành công${NC}"
# echo "Remove config profile"
touch /Volumes/Data/private/var/db/.AppleSetupDone
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
echo "----------------------"
break
;;
"Disable Notification (SIP)")
echo -e "${RED}Please Insert Your Password To Proceed${NC}"
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
break
;;
"Disable Notification (Recovery)")
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
break
;;
"Check MDM Enrollment")
echo ""
echo -e "${GRN}Check MDM Enrollment. Error is success${NC}"
echo ""
echo -e "${RED}Please Insert Your Password To Proceed${NC}"
echo ""
sudo profiles show -type enrollment
break
;;
"Quit")
break
;;
*) echo "Invalid option $REPLY" ;;
esac
done
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
I grabbed the sh script from the command "https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh"
This is the file
#!/bin/bash RED='\033[0;31m' GRN='\033[0;32m' BLU='\033[0;34m' NC='\033[0m' echo "" echo -e "Auto Tools for MacOS" echo "" PS3='Please enter your choice: ' options=("Bypass on Recovery" "Disable Notification (SIP)" "Disable Notification (Recovery)" "Check MDM Enrollment" "Thoát") select opt in "${options[@]}"; do case $opt in "Bypass on Recovery") echo -e "${GRN}Bypass on Recovery" if [ -d "/Volumes/Macintosh HD - Data" ]; then diskutil rename "Macintosh HD - Data" "Data" fi echo -e "${GRN}Tạo người dùng mới" echo -e "${BLU}Press Enter to move to the next step, if not filled in, it will automatically receive the default value" echo -e "Enter user name (Default: MAC)" read realName realName="$ {realName:=MAC}" echo -e "${BLUE}Get username ${RED}WRITTEN UNACCLOSED ${GRN} (Default: MAC)" read username username="${username:=MAC}" echo -e "${BLUE}Enter password (default: 1234)" read passw passw="${passw:=1234}" dscl_path='/Volumes/Data/private/var/db/dslocal/nodes/Default' echo -e "${GREEN}Đang tạo user" # Create user dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UserShell "/bin/zsh" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UniqueID "501" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" PrimaryGroupID "20" mkdir "/Volumes/Data/Users/$username" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" NFSHomeDirectory "/Users/$username" dscl -f "$dscl_path" localhost -passwd "/Local/Default/Users/$username" "$passw" dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership $username echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo -e "${GREEN}Chặn host thành công${NC}" # echo "Remove config profile" touch /Volumes/Data/private/var/db/.AppleSetupDone rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound echo "----------------------" break ;; "Disable Notification (SIP)") echo -e "${RED}Please Insert Your Password To Proceed${NC}" sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound break ;; "Disable Notification (Recovery)") rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound break ;; "Check MDM Enrollment") echo "" echo -e "${GRN}Check MDM Enrollment. Error is success${NC}" echo "" echo -e "${RED}Please Insert Your Password To Proceed${NC}" echo "" sudo profiles show -type enrollment break ;; "Quit") break ;; *) echo "Invalid option $REPLY" ;; esac done
I updated a Ventura machine to Sonoma and I'm getting the full screen enrollment message. I'm going to try this method (skipmdm.com) this evening and will post my results.
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I had the popup after the upgrade. then i ran the script from skipmdm.com and it went away.
so i was wondering what exactly did the script do.
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
I grabbed the sh script from the command "https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh"
This is the file
#!/bin/bash RED='\033[0;31m' GRN='\033[0;32m' BLU='\033[0;34m' NC='\033[0m' echo "" echo -e "Auto Tools for MacOS" echo "" PS3='Please enter your choice: ' options=("Bypass on Recovery" "Disable Notification (SIP)" "Disable Notification (Recovery)" "Check MDM Enrollment" "Thoát") select opt in "${options[@]}"; do case $opt in "Bypass on Recovery") echo -e "${GRN}Bypass on Recovery" if [ -d "/Volumes/Macintosh HD - Data" ]; then diskutil rename "Macintosh HD - Data" "Data" fi echo -e "${GRN}Tạo người dùng mới" echo -e "${BLU}Press Enter to move to the next step, if not filled in, it will automatically receive the default value" echo -e "Enter user name (Default: MAC)" read realName realName="$ {realName:=MAC}" echo -e "${BLUE}Get username ${RED}WRITTEN UNACCLOSED ${GRN} (Default: MAC)" read username username="${username:=MAC}" echo -e "${BLUE}Enter password (default: 1234)" read passw passw="${passw:=1234}" dscl_path='/Volumes/Data/private/var/db/dslocal/nodes/Default' echo -e "${GREEN}Đang tạo user" # Create user dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UserShell "/bin/zsh" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UniqueID "501" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" PrimaryGroupID "20" mkdir "/Volumes/Data/Users/$username" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" NFSHomeDirectory "/Users/$username" dscl -f "$dscl_path" localhost -passwd "/Local/Default/Users/$username" "$passw" dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership $username echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo -e "${GREEN}Chặn host thành công${NC}" # echo "Remove config profile" touch /Volumes/Data/private/var/db/.AppleSetupDone rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound echo "----------------------" break ;; "Disable Notification (SIP)") echo -e "${RED}Please Insert Your Password To Proceed${NC}" sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound break ;; "Disable Notification (Recovery)") rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound break ;; "Check MDM Enrollment") echo "" echo -e "${GRN}Check MDM Enrollment. Error is success${NC}" echo "" echo -e "${RED}Please Insert Your Password To Proceed${NC}" echo "" sudo profiles show -type enrollment break ;; "Quit") break ;; *) echo "Invalid option $REPLY" ;; esac done
how to use this script .?
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I had the popup after the upgrade. then i ran the script from skipmdm.com and it went away. so i was wondering what exactly did the script do.
Did it create a new log in account?
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I had the popup after the upgrade. then i ran the script from skipmdm.com and it went away. so i was wondering what exactly did the script do.
Did it create a new log in account?
I left it blank when it asked to enter username, i just hit enter.
there's no other username on my login screen.
but yea it created a default username; "Apple"
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I had the popup after the upgrade. then i ran the script from skipmdm.com and it went away. so i was wondering what exactly did the script do.
Did it create a new log in account?
I left it blank when it asked to enter username, i just hit enter
So it created a 2nd account? Or after bypassing and logging in you still have only 1 admin account?
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
I grabbed the sh script from the command "https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh"
This is the file#!/bin/bash RED='\033[0;31m' GRN='\033[0;32m' BLU='\033[0;34m' NC='\033[0m' echo "" echo -e "Auto Tools for MacOS" echo "" PS3='Please enter your choice: ' options=("Bypass on Recovery" "Disable Notification (SIP)" "Disable Notification (Recovery)" "Check MDM Enrollment" "Thoát") select opt in "${options[@]}"; do case $opt in "Bypass on Recovery") echo -e "${GRN}Bypass on Recovery" if [ -d "/Volumes/Macintosh HD - Data" ]; then diskutil rename "Macintosh HD - Data" "Data" fi echo -e "${GRN}Tạo người dùng mới" echo -e "${BLU}Press Enter to move to the next step, if not filled in, it will automatically receive the default value" echo -e "Enter user name (Default: MAC)" read realName realName="$ {realName:=MAC}" echo -e "${BLUE}Get username ${RED}WRITTEN UNACCLOSED ${GRN} (Default: MAC)" read username username="${username:=MAC}" echo -e "${BLUE}Enter password (default: 1234)" read passw passw="${passw:=1234}" dscl_path='/Volumes/Data/private/var/db/dslocal/nodes/Default' echo -e "${GREEN}Đang tạo user" # Create user dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UserShell "/bin/zsh" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UniqueID "501" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" PrimaryGroupID "20" mkdir "/Volumes/Data/Users/$username" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" NFSHomeDirectory "/Users/$username" dscl -f "$dscl_path" localhost -passwd "/Local/Default/Users/$username" "$passw" dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership $username echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo -e "${GREEN}Chặn host thành công${NC}" # echo "Remove config profile" touch /Volumes/Data/private/var/db/.AppleSetupDone rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound echo "----------------------" break ;; "Disable Notification (SIP)") echo -e "${RED}Please Insert Your Password To Proceed${NC}" sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound break ;; "Disable Notification (Recovery)") rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound break ;; "Check MDM Enrollment") echo "" echo -e "${GRN}Check MDM Enrollment. Error is success${NC}" echo "" echo -e "${RED}Please Insert Your Password To Proceed${NC}" echo "" sudo profiles show -type enrollment break ;; "Quit") break ;; *) echo "Invalid option $REPLY" ;; esac donehow to use this script .?
https://github.com/maclifevn/bypasmdm
This is the actual GitHub link I got it from
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I had the popup after the upgrade. then i ran the script from skipmdm.com and it went away. so i was wondering what exactly did the script do.
Did it create a new log in account?
I left it blank when it asked to enter username, i just hit enter. there's no other username on my login screen. but yea it created a default username; "Apple"
how about who already have an admin user?> > > > > >
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I had the popup after the upgrade. then i ran the script from skipmdm.com and it went away. so i was wondering what exactly did the script do.
Did it create a new log in account?
I left it blank when it asked to enter username, i just hit enter. there's no other username on my login screen. but yea it created a default username; "Apple"
how about who already have an admin user?
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I had the popup after the upgrade. then i ran the script from skipmdm.com and it went away. so i was wondering what exactly did the script do.
Did it create a new log in account?
I left it blank when it asked to enter username, i just hit enter
So it created a 2nd account? Or after bypassing and logging in you still have only 1 admin account?
Yes, it created a 2nd account (a standard user account called "Apple"). I still have my admin account i created
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
your upgrade from ventura to sonoma or you install a clean version, and you still got the full screen pop up or not ?
I upgraded from Ventura to Sonoma
and still have the popup full screen now or not?
I had the popup after the upgrade. then i ran the script from skipmdm.com and it went away. so i was wondering what exactly did the script do.
Did it create a new log in account?
I left it blank when it asked to enter username, i just hit enter
So it created a 2nd account? Or after bypassing and logging in you still have only 1 admin account?
Yes, it created a 2nd account (a standard user account called "Apple"). I still have my admin account i created
If you delete the standard Apple account it created, the enrollment window does not reappear? I’m curious because I have a machine at home I would like to try this on.
# Create user
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UserShell "/bin/zsh"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UniqueID "501"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" PrimaryGroupID "20"
mkdir "/Volumes/Data/Users/$username"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" NFSHomeDirectory "/Users/$username"
dscl -f "$dscl_path" localhost -passwd "/Local/Default/Users/$username" "$passw"
dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership $username
echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo -e "${GREEN}Chặn host thành công${NC}"
# echo "Remove config profile"
touch /Volumes/Data/private/var/db/.AppleSetupDone
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
echo "----------------------"
break
;;
It looks like 1 of 2 things:
I don't think the enrollment window will reappear because the modifications are on the system files, not a specific user file.
If you already have an admin user, you can choose to modify the script to change the file and have it point towards your admin user (I don't recommend)
Or leave it alone because I don't think having another admin user will affect it.
Disclaimer: I'm just someone reading the script. I have not tested it (planning on it) nor am I the owner or contributor.
So after you disable SIP and make the changes, can you re-enable it again?
Additionally, do you know if we need to keep disabling it on every update? E.g. if i disable it on Monterey, do I need to re-disable it on Sonoma?
Hi everyone,
I'm new here and having this problem after updating to sonoma. I can do the csrutil disable, that works.
But after rebooting in safe mode (m2 macbook) commands as 'sudo' and 'open' do not work, 'command not found'.
Terminal starts with '-bash-3.2#', so I guess I'm already root?
I'm probably doing something wrong, do you have any suggestions for me?
Thanks a lot!!
one of my users had to disable sip. his volume was encrypted, so we rebooted normally, and killed his internet right after it checked for internet. and he was able to run
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
and add the block addressses.
hello, i also got the same issue w/ an mdm locked mac os sonoma unit, i want to request links/steps to fix the said issue. I also fresh reinstalled the unit w/ mac os sonoma from ventura but mdm locked popped and cannot go forward with it. Thank you
hello, i also got the same issue w/ an mdm locked mac os sonoma unit, i want to request links/steps to fix the said issue. I also fresh reinstalled the unit w/ mac os sonoma from ventura but mdm locked popped and cannot go forward with it. Thank you
Watch the video.
https://www.youtube.com/watch?v=khlALitW0zI
Use skipmdm.com. There are instructions on the site. It will create an account and run a script to block the appropriate IP addresses and bypass the enrollment page. At the desktop delete the Apple user account created by the script.
Hello everyone,
I hope this message finds, I bought a MacBook i9 few months ago via Facebook market, all seems working well during the last couple of months. Yesterday I did update from Ventura to Sonoma and suddenly MDM appears I tried to restart by recovery mode there’s password which I don’t know. Please can anyone might help
Hello everyone,
I hope this message finds, I bought a MacBook i9 few months ago via Facebook market, all seems working well during the last couple of months. Yesterday I did update from Ventura to Sonoma and suddenly MDM appears I tried to restart by recovery mode there’s password which I don’t know. Please can anyone might help
Looks like the person who sold it to you had an asset from Meta that they never returned. This is a corporate asset. You should probably reach out back to them if they didn't inform you of that tidbit.
hello, i also got the same issue w/ an mdm locked mac os sonoma unit, i want to request links/steps to fix the said issue. I also fresh reinstalled the unit w/ mac os sonoma from ventura but mdm locked popped and cannot go forward with it. Thank you
Watch the video. https://www.youtube.com/watch?v=khlALitW0zI
Use skipmdm.com. There are instructions on the site. It will create an account and run a script to block the appropriate IP addresses and bypass the enrollment page. At the desktop delete the Apple user account created by the script.
Thank you so much, that worked!!!
Hello everyone,
I hope this message finds, I bought a MacBook i9 few months ago via Facebook market, all seems working well during the last couple of months. Yesterday I did update from Ventura to Sonoma and suddenly MDM appears I tried to restart by recovery mode there’s password which I don’t know. Please can anyone might helpLooks like the person who sold it to you had an asset from Meta that they never returned. This is a corporate asset. You should probably reach out back to them if they didn't inform you of that tidbit.
Do you have iCloud logged in on that machine? Log into iCloud and iCloud lock that device. It will generate an unlock code number. I was told the iCloud lock unlock code will overwrite an existing firmware password.
When you see the enrollment prompt did you connect to wifi try without but like @dawonderboy said this is a compromised likely stolen laptop.
…
On Thu, Sep 28, 2023 at 18:18 dawonderboy @.> wrote: @.* commented on this gist. ------------------------------ Hello everyone, I hope this message finds, I bought a MacBook i9 few months ago via Facebook market, all seems working well during the last couple of months. Yesterday I did update from Ventura to Sonoma and suddenly MDM appears I tried to restart by recovery mode there’s password which I don’t know. Please can anyone might help [image: IMG_7923] https://user-images.githubusercontent.com/2879912/271434012-dca9ea0c-a3f4-4f7d-ae38-bfa20aec7700.jpeg [image: IMG_7906] https://user-images.githubusercontent.com/2879912/271434022-d30b847a-0502-4eee-a454-ec9a2c7e37c5.jpeg Looks like the person who sold it to you had an asset from Meta that they never returned. This is a corporate asset. You should probably reach out back to them if they didn't inform you of that tidbit. — Reply to this email directly, view it on GitHub https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac#gistcomment-4707804 or unsubscribe https://github.com/notifications/unsubscribe-auth/AE2UCCSRMIEZG3FH4LANLUDX4YAVNBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVA4DCMZXGMYTQMVHORZGSZ3HMVZKMY3SMVQXIZI . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub .
I tried without Wi-Fi, but the remote management box still popping. This is really frustrating, I bought this machine last year it was really working well with Ventura OS, if I knew I didn't do this update. This is a lesson learned !
Hello everyone,
I hope this message finds, I bought a MacBook i9 few months ago via Facebook market, all seems working well during the last couple of months. Yesterday I did update from Ventura to Sonoma and suddenly MDM appears I tried to restart by recovery mode there’s password which I don’t know. Please can anyone might helpLooks like the person who sold it to you had an asset from Meta that they never returned. This is a corporate asset. You should probably reach out back to them if they didn't inform you of that tidbit.
Do you have iCloud logged in on that machine? Log into iCloud and iCloud lock that device. It will generate an unlock code number. I was told the iCloud lock unlock code will overwrite an existing firmware password.
Any web link on how to do that?
Hello everyone,
I hope this message finds, I bought a MacBook i9 few months ago via Facebook market, all seems working well during the last couple of months. Yesterday I did update from Ventura to Sonoma and suddenly MDM appears I tried to restart by recovery mode there’s password which I don’t know. Please can anyone might helpLooks like the person who sold it to you had an asset from Meta that they never returned. This is a corporate asset. You should probably reach out back to them if they didn't inform you of that tidbit.
Do you have iCloud logged in on that machine? Log into iCloud and iCloud lock that device. It will generate an unlock code number. I was told the iCloud lock unlock code will overwrite an existing firmware password.
Any web link on how to do that?
I don't mean to sound like an ass but have you tried googling for instructions?
https://gprivate.com/66yry
I am now getting this error while running the script
I have also run the csrdisable command
Anyone seen this?
Getting these errors when I run the above skipmdm.com script... Anyone seen this one? And I have also done the csrdisable command.
Got this same output.
@sonomadep @dawonderboy do we have to click enrol before trying this work around?
I am now getting this error while running the script
I have also run the csrdisable command
Anyone seen this?
I’m getting the same errors appearing and I haven’t clicked on enrol when the pop up appears, is this why?
Got this same output.
@sonomadep @dawonderboy do we have to click enrol before trying this work around?
Just messaged the guy who made the mdmskip.com, on telegram he said restore your Mac and then try again. I was getting the same error so I’m currently restoring then I’ll run it again.
I am now getting this error while running the script
I have also run the csrdisable command
Anyone seen this?I’m getting the same errors appearing and I haven’t clicked on enrol when the pop up appears, is this why?
Got this same output.
@sonomadep @dawonderboy do we have to click enrol before trying this work around?Just messaged the guy who made the mdmskip.com, on telegram he said restore your Mac and then try again. I was getting the same error so I’m currently restoring then I’ll run it again.
I have restored it and ran the skipmdm.com code and it worked.
Hello everyone,
I hope this message finds, I bought a MacBook i9 few months ago via Facebook market, all seems working well during the last couple of months. Yesterday I did update from Ventura to Sonoma and suddenly MDM appears I tried to restart by recovery mode there’s password which I don’t know. Please can anyone might help
if you haven't already, run this script, worked for me (literally just did it)
I am dropping notifications for this thread since the same methods previously listed have been published elsewhere in scripts that try to automate the tasks.
Good luck all.
I am now getting this error while running the script
I have also run the csrdisable command
Anyone seen this?I’m getting the same errors appearing and I haven’t clicked on enrol when the pop up appears, is this why?
Got this same output.
@sonomadep @dawonderboy do we have to click enrol before trying this work around?Just messaged the guy who made the mdmskip.com, on telegram he said restore your Mac and then try again. I was getting the same error so I’m currently restoring then I’ll run it again.
I have restored it and ran the skipmdm.com code and it worked.
by restored do you mean factory reset?
My journey:
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(If you run into rm: /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord: No such file or directory that's fine. It just means the thing you were supposed to remove doesn't exist. Continue with the commands.)
No issues.
Note: my previous issues with the sudo rm commands was that the sudo command is not found. That's usually because you're running sudo in recovery mode. Since I ran sudo in normal mode and I have an account that I knew the password to, these steps worked. Hope this helps!
My journey:
- Wipe out my hard drive using disk utility.
- Reinstall MacOS Sonoma
- After reinstall, go to Recovery Mode, disable SIP and run skipmdm.com
- Same issue persists.
- Restart computer and go through normal setup process but don't connect to internet.
- Account creation successful.
- Run these commands in normal mode (NOT IN RECOVERY MODE)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound(If you run into
rm: /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord: No such file or directorythat's fine. It just means the thing you were supposed to remove doesn't exist. Continue with the commands.)
- Restart normally and connect to wifi.
No issues.
Note: my previous issues with the sudo rm commands was that the sudo command is not found. That's usually because you're running sudo in recovery mode. Since I ran sudo in normal mode and I have an account that I knew the password to, these steps worked. Hope this helps!
good
but what about old data? i have lots of data in my TimeMachine
:) macOS 14 beta
The latest version of macOS can no longer be bypassed normally, please do not update at will.
I was success bypass today. I was tried backup data to external hard drive. After reboot , we have some time 5s to 60s to make copy commands, under MDM screen, the data still copying. After backup data, we fresh install Sonoma, and use command at skipmdm.com
@davidkolesom
I had Mac OS Sonoma with the mdm full screen pop.
This is what I did:
I know nothing about tech so sorry if this doesn’t make sense 🤣
Before wiping the hard drive you can back up the files you want to timemachine, I didn’t do this though so I don’t know if it changes anything.
any instruction to upgrade to Sonoma without wiping data? i have macbook pro m1 pro ventura
:) macOS 14 beta
The latest version of macOS can no longer be bypassed normally, please do not update at will.
what about after its bypassed? can I still update
My journey:
- Wipe out my hard drive using disk utility.
- Reinstall MacOS Sonoma
- After reinstall, go to Recovery Mode, disable SIP and run skipmdm.com
- Same issue persists.
- Restart computer and go through normal setup process but don't connect to internet.
- Account creation successful.
- Run these commands in normal mode (NOT IN RECOVERY MODE)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound(If you run into
rm: /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord: No such file or directorythat's fine. It just means the thing you were supposed to remove doesn't exist. Continue with the commands.)
- Restart normally and connect to wifi.
No issues.
Note: my previous issues with the sudo rm commands was that the sudo command is not found. That's usually because you're running sudo in recovery mode. Since I ran sudo in normal mode and I have an account that I knew the password to, these steps worked. Hope this helps!good but what about old data? i have lots of data in my TimeMachine
How did you create an account without connecting to the internet. Since Ventura you have to connect to the internet to continue the setup wizard.
@davidkolesom I had Mac OS Sonoma with the mdm full screen pop. This is what I did:
- I wiped my hard drive using desk utility in recovery mode.
- I reinstalled Mac OS Ventura on to the Macintosh HD drive not Mac OS Sonoma
- After the reinstall I went back into recovery mode, disabled SIP.
- Restarted back into recovery mode, ran mdmskip.com.
- Restarted but not in recovery mode. Had no mdm pop up but mdmskip.com installed Apple admin account. I was unable to update to OS Sonoma or connect my Apple ID to that admin account.
- I created a new admin account but didn’t delete the Apple one.
- I was able to connect my Apple ID to this and download OS Sonoma and when I did the MDM pop up did not happen after the install.
I know nothing about tech so sorry if this doesn’t make sense 🤣
Before wiping the hard drive you can back up the files you want to timemachine, I didn’t do this though so I don’t know if it changes anything.
You can delete the account the script created. There is no reason to keep it.
I am now getting this error while running the script
The script is buggy. It does not recognize the volume where your Mac OS has been installed. It assumes you have a default installation with volumes mounted with their default names, such as "Volumes/Macintosh HD". I have seen installations where the "Macintosh HD" is NOT the name of the volume. Thus, this script would fail miserably. The author would tell you to wipe all your data and reinstall the OS instead of making the script smarter... bad bad.
Here is a command that will tell you the name of your boot volume:
diskutil info -plist "$(bless --getBoot)" |
plutil -extract VolumeName raw -- -
If this command returns anything other than "Macitonsh HD" then the script is likely going to throw errors.
PM me if you need help getting this MDM check disabled.
I am now getting this error while running the script
The script is buggy. It does not recognize the volume where your Mac OS has been installed. It assumes you have a default installation with volumes mounted with their default names, such as "Volumes/Macintosh HD". I have seen installations where the "Macintosh HD" is NOT the name of the volume. Thus, this script would fail miserably. The author would tell you to wipe all your data and reinstall the OS instead of making the script smarter... bad bad.
Here is a command that will tell you the name of your boot volume:
diskutil info -plist "$(bless --getBoot)" | plutil -extract VolumeName raw -- -If this command returns anything other than "Macitonsh HD" then the script is likely going to throw errors.
PM me if you need help getting this MDM check disabled.
any instruction to upgrade to Sonoma without wiping data? i have macbook pro m1 pro ventura
The following helped me:
any instruction to upgrade to Sonoma without wiping data? i have macbook pro m1 pro ventura
The following helped me:
did you directly upgraded from ventura to sonoma?
any instruction to upgrade to Sonoma without wiping data? i have macbook pro m1 pro ventura
The following helped me:
did you directly upgraded from ventura to sonoma?
Yes, and after upgrading made these two steps
@sonomadep Can SIP be enabled after your workaround?
@sonomadep Can SIP be enabled after your workaround?
Yes
I am now getting this error while running the script
As someone has already pointed out, this can happen if your OS is not installed on the default volume Macintosh HD. If that's the case, either you can fix the script and then run it or reach out to the owner and ask them to fix it.
If you have already installed the OS on the default volume and still facing this, then to resolve this, I had to use the disk utility to mount the Data volume in the disk utility so it could write the patch to /Volumes/Data/.
I am now getting this error while running the script
As someone has already pointed out, this can happen if your OS is not installed on the default volume
Macintosh HD. If that's the case, either you can fix the script and then run it or reach out to the owner and ask them to fix it.If you have already installed the OS on the default volume and still facing this, then to resolve this, I had to use the disk utility to mount the
Datavolume in the disk utility so it could write the patch to/Volumes/Data/.
how can I fix the script?
I am now getting this error while running the script
As someone has already pointed out, this can happen if your OS is not installed on the default volume
Macintosh HD. If that's the case, either you can fix the script and then run it or reach out to the owner and ask them to fix it.
If you have already installed the OS on the default volume and still facing this, then to resolve this, I had to use the disk utility to mount theDatavolume in the disk utility so it could write the patch to/Volumes/Data/.how can I fix the script?
Either hardcode the value of the volume where you installed os in the place of Macintosh HD or read that value using the command diskutil info / | sed -n 's/^ *Volume Name: *//p' and replace it where Macintosh HD is hardcoded.
I am now getting this error while running the script
As someone has already pointed out, this can happen if your OS is not installed on the default volume
Macintosh HD. If that's the case, either you can fix the script and then run it or reach out to the owner and ask them to fix it.
If you have already installed the OS on the default volume and still facing this, then to resolve this, I had to use the disk utility to mount theDatavolume in the disk utility so it could write the patch to/Volumes/Data/.how can I fix the script?
hey mate! you don't need to fix the script, just create a symbolic link and that should do it.
Open the Terminal and navigate to the folder /Volumes. List what you have in there. You should have one root volume, one Data and may be another base system.
For example, my root volume was named Macintosh rather than Macintosh HD. So I executed the following:
ln -s Macintosh 'Macintosh HD'
do the same for the data volume, and that should work. for instance:
ln -s YourVolume Data
ln -s YourVolume 'Macintosh Data"
but tailor to what you see in your computer.
Has anyone seen this and found a solution?
Hi, this script made by me and I wrote for community while I have a mdm Macbook. Its too buggy and maybe made you bug when you use Keychain. I recommend guys bypass manually by terminal on Recovery after reinstall. If have any question can ask me below. I will not improve my script cuz I used Mac no MDM and my script copy many place without credit or no any mention ;)
Please I’m having the issue after upgrading to Sonoma.
But the challenge is that on the second step I can’t use the terminal, cause the pop up comes up automatically upon login and I can’t use any other thing cause it blocks every other thing from working.
Please I need help
Please I’m having the issue after upgrading to Sonoma. But the challenge is that on the second step I can’t use the terminal, cause the pop up comes up automatically upon login and I can’t use any other thing cause it blocks every other thing from working.
Please I need help
Oh man!
I’ve had to dig into previous responses, thanks to the community and thanks to God, I’ve got it fixed!
First had issues, tried renaming in the script but unfortunately that was not it.
I eventually found out where the OS was installed wasn’t mounted!
it’s working fine now.
Is it safe for me to enable system integrity I mean this command csrutil enable after using it mdm script?
is it safe to update to 14.1 after running script?
Yes, it would be good to know if it's safe to update to 14.1 or not?
Has anyone updated to Sonoma 14.1?
Galera, boa noite!
Fiz o processo é no meu MacOs M1 funcionou.
Galera, boa noite!
Fiz o processo é no meu MacOs M1 funcionou.
have you updated to 14.1?
Galera, boa noite!
Fiz o processo é no meu MacOs M1 funcionou.have you updated to 14.1?
Ainda não! Estou com medo de atualizar, aquele velho ditado: 'Em time que esta ganhando, não se mexe.' hahah
Vou esperar mais um pouco para atualizar, como resolveu o problema não quero arrumar outra dor de cabeça.
Yes, it would be good to know if it's safe to update to 14.1 or not?是的,很高兴知道更新到 14.1 是否安全? Has anyone updated to Sonoma 14.1?有人更新到 Sonoma 14.1 了吗?
safe
Yes, it would be good to know if it's safe to update to 14.1 or not?是的,很高兴知道更新到 14.1 是否安全? Has anyone updated to Sonoma 14.1?有人更新到 Sonoma 14.1 了吗?
safe
are you sure? meaning you've done it yourself?
Apple business said that not having a MDM server should not cause this error, but it did, so I am interested in knowing if anyone has allowed their system to update to 14.1 as well and had issues or not had issues...
Apple business said that not having a MDM server should not cause this error, but it did, so I am interested in knowing if anyone has allowed their system to update to 14.1 as well and had issues or not had issues...
@aniop said its "save", but I'd love to hear if others had. I really do wanna update, unless someone wants to take one for the team idk
@todd-gallant yeah I went to 14.1 and had the issue. Yesterday I was able to get into the OS and play around for hours. The only thing was the notification on the Apple Menu, so thought it would be okay. Today, it was completely locked out.
I followed the steps summarised by @luckydzp here: luckydzp then it started to work.
I feel (though not 100% sure) if you upgrade then after you log in, disconnect any internet connection, then follow the steps, it /should/ work and has for me (so far... but now probably jinxed it)
A empresa da Apple disse que não ter um servidor MDM não deveria causar esse erro, mas causou, então sim, então estou interessado em saber se alguém permitiu que seu sistema atualizasse para 14.1 também e teve problemas ou não teve problemas... // Eu também.
Acho que essa atualização vai cair o processo, vai corrigir erro e retornar o 'csrutil disable'. Estou utilizando o meu MacOs para trabalhos de faculdade, assim que eu entrar de ferias farei backup e vou atualizar, porque caso dê erro faço uma instalação limpa do ventura novamente.
@todd-gallant yeah I went to 14.1 and had the issue. Yesterday I was able to get into the OS and play around for hours. The only thing was the notification on the Apple Menu, so thought it would be okay. Today, it was completely locked out.
I followed the steps summarised by @luckydzp here: luckydzp then it started to work.
I feel (though not 100% sure) if you upgrade then after you log in, disconnect any internet connection, then follow the steps, it /should/ work and has for me (so far... but now probably jinxed it)
//# Did you do this process?
skip mac mdm note
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
4.3 执行sudo profiles show -type enrollment 测试是否删除成功(若报错表示删除成功)
4.4 执行 sudo launchctl disable system/com.apple.ManagedClient.enroll
4.5
#block mdm connect
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com
@todd-gallant yeah I went to 14.1 and had the issue. Yesterday I was able to get into the OS and play around for hours. The only thing was the notification on the Apple Menu, so thought it would be okay. Today, it was completely locked out.
I followed the steps summarised by @luckydzp here: luckydzp then it started to work.
I feel (though not 100% sure) if you upgrade then after you log in, disconnect any internet connection, then follow the steps, it /should/ work and has for me (so far... but now probably jinxed it)
any update?, tutorial being in another language sure makes it a bit complicated but I translated and got the gist
Two days passed without enrollment notification. Upgrading to 14.1.1 is safe AFAIK.
Two days passed without enrollment notification. Upgrading to 14.1.1 is safe AFAIK.
direct update? or need to do any trick before?
Two days passed without enrollment notification. Upgrading to 14.1.1 is safe AFAIK.
direct update? or need to do any trick before?
Direct update from first MacOS 14 with SIP on.
Dois dias se passaram sem notificação de inscrição. Atualizar para 14.1.1 é AFAIK seguro.
Look! Good, I'll do mine. I've been with Sonoma for 10 days, with 'csrutil disable'. Can I update? Will I be surprised? Mine is very good, I hated receiving those damn messages.
Dois dias se passaram sem notificação de inscrição. Atualizar para 14.1.1 é AFAIK seguro.
Look! Good, I'll do mine. I've been with Sonoma for 10 days, with 'csrutil disable'. Can I update? Will I be surprised? Mine is very good, I hated receiving those damn messages.
have you updated? any update?
Dois dias se passaram sem notificação de inscrição. Atualizar para 14.1.1 é AFAIK seguro.
Olhar! Bom, vou fazer o meu. Estou no Sonoma há 10 dias, com 'csrutil desabilitado'. Posso atualizar? Ficarei surpreso? O meu é muito bom, odiei receber aquelas malditas mensagens.
você atualizou? Qualquer atualização?
I'm on Sonoma 14.0 running smoothly without messages. I did the procedure above and it worked great, now I want to know if I can update to Sonoma 14.1
Eu adicionei os hosts para serem bloqueados e atualizados para Sonoma e até agora sem problemas... Envio do meu iPhoneEm 13 de novembro de 2023, às 22:20, Marco Tulio Almeida @.> escreveu: Re: sghiassy/Disable Device Enrollment Notification on @. comentou sobre este gist.Dois dias se passaram sem notificação de inscrição. Atualizar para 14.1.1 é AFAIK seguro.Olhar! Bom, vou fazer o meu. Estou no Sonoma há 10 dias, com 'csrutil desabilitado'. Posso atualizar? Ficarei surpreso? O meu é muito bom, odiei receber aquelas malditas mensagens.você atualizou? Qualquer atualização? Estou no Sonoma 14.0 funcionando sem problemas sem mensagens. Eu fiz o procedimento acima e funcionou muito bem, agora quero saber se posso atualizar para o Sonoma 14.1—Responder a este e-mail diretamente, visualizá-lo no GitHub ou cancelar a inscrição. Você está recebendo este e-mail porque comentou o tópico. Notificações de triagem em movimento com o GitHub Mobile para iOS ou Android. desculpe-me qual hosts? Can you tag me please? on the hosts to be installed?
Still unable to edit the plist even I've disabled SIP, but I can set it to false with
launchctlcommand.sudo launchctl disable system/com.apple.ManagedClient.enroll
Can anyone explain why this step is needed? I was unable to edit the plist file even after disabling SIP but used this command above. No idea if it actually disabled it or not. But anyways, the other half of this post solved my problem of getting the full screen notification that blocks me out of my computer completely... Luckily theres like a 60-120 second gap from restarting my computer where I have full access until that giant notification pops up
Whats the purpose of modifying the plist file? Is there a way to prevent this in the future. I am always terrified when i have to start reading these forums again as eventually I have a feeling I am going to get totally locked out. Weirdly the full screen notification takes a few minutes to pop up after a restart so I had a very small window to login & copy the commands over to terminal before getting locked out.
Lastly, Is there a way to get sudo terminal commands to work in recovery mode? Im confused why I was forced to login and deal with the panic of the notification locking me out . They should work by default as you have root permission from my knowledge but I was forced to login. Why do you have to run the commands in normal mode and not recovery mode? Above people are specifically specifying that you must do it in normal mode.
Oh wow that checkmdm method seems to alleviate all of my concerns regarding being able to do it in recovery mode^ thats so awesome!
Edit: Ive now followed this step as well which I hadnt done on Ventura. I wonder if I had done this if I still would have received the full screen notification that blocks you out? Also Ive heard conflicting things about blocking gdmf from above but I decided to block it as well.
sudo nano /etc/hosts
#block mdm connect
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com
I am on 14.1.1 and everything is working smoothly as of now
Ah so gdmf sounds like its just used to identify software updates for MDM devices that are controlled by a remote management profile thus it doesn't harm to block it since we dont have any management profiles installed. Ill go back and add it to my blocked hosts then! Thanks!
Ah so gdmf sounds like its just used to identify software updates for MDM devices who are controlled by a remote management profile thus Ill go back and add it to my blocked hosts then! Thanks!
I left it disabled, it worked and didn't bring me any other problems. I'm still on Sonoma 14.0 and I saw today that it has an update to 14.1.1
I have updated to 14.1.1 and locked those domains, disabled the service mentioned by ParkerPerry. For now, it looks good, but in future updates, it can be restricted to disabling the mdm service or even disabling the ability to block the mdm host on the OS level. We need some time to pass to see if everything is working as expected.
I have updated to 14.1.1 and locked those domains, disabled the service mentioned by ParkerPerry. For now, it looks good, but in future updates, it can be restricted to disabling the mdm service or even disabling the ability to block the mdm host on the OS level. We need some time to pass to see if everything is working as expected.
I'll do the update now. Let's see!
Hello everyone, I am fairly new to the whole terminal/command line stuff. But like a lot of people here , I bought a second hand MacBook pro on offer up which was working great running Ventura. Then I updated to Sonoma and full screen MDM pop upcomes up and can't do anything because it appears right after logging in but I really need this computer for work and a couple very important projects and never was able to back it up cuz my hardrive showed up just 2 days after I upgraded to Sonoma😖
I've noticed most people here have the newer MacBooks and to my understanding use different methods to remove/bypass the mdm.
However,I have a 2018 15" MacBook pro T2 chip version of MacBook.
I am desperate for help to get my computer back to normal without data loss, can someone please help me out with like step by step for a noob not familiar with most the verbage used here. Words couldn't describe how much I would appreciate the help guys,please.
Hello everyone, I am fairly new to the whole terminal/command line stuff. But like a lot of people here , I bought a second hand MacBook pro on offer up which was working great running Ventura. Then I updated to Sonoma and full screen MDM pop upcomes up and can't do anything because it appears right after logging in but I really need this computer for work and a couple very important projects and never was able to back it up cuz my hardrive showed up just 2 days after I upgraded to Sonoma😖 I've noticed most people here have the newer MacBooks and to my understanding use different methods to remove/bypass the mdm.
However,I have a 2018 15" MacBook pro T2 chip version of MacBook.
I am desperate for help to get my computer back to normal without data loss, can someone please help me out with like step by step for a noob not familiar with most the verbage used here. Words couldn't describe how much I would appreciate the help guys,please.
@ibgroovy The only difference should be how you access recovery mode. I believe its command-R for intel based macs instead of just holding down the power button on arm based macs. Everything should be the same.
Theres one big distinction on this forum which is where my confusion would come if I was a noob.
1: this thread is dedicated to removing the notification popup and basically assumes that you dont have a mdm profile installed yet. You’re just being prompted by apple’s servers to install the profile since its registered in their databases as owned by a school/corporate company. I believe you are in this camp which is a good thing.
2: You’re laptop currently has a mdm profile installed and you’re locked out completely without having the administrator password. In this case you would most likely have to wipe your computer and fresh install macos and turn off your internet right after installation is complete. Theres more to this above but it sounds like you can disregard this.
For you being part of group one all you have to do is access recovery mode and disable SIP. Reboot then go back in recovery mode, open a safari tab, go to skipmdm.com and press the button to copy the code.
Should be this: (curl https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh -o test.sh && chmod +x ./test.sh && ./test.sh)
Then exit safari, open terminal, paste it there & hit enter, follow the steps and then boom done. Restart computer and once in for added reassurance:
open terminal once logged into normal mode
Run these:
sudo launchctl disable system/com.apple.ManagedClient.enroll
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
Then do:
sudo nano /etc/hosts
#block mdm connect
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com
Lastly reboot into recovery mode and renable SIP
————————————————————————————
Amazing links that might help in certain areas:
https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe
https://apple.stackexchange.com/questions/297293/turning-off-device-enrollment-notifications-on-macbook-pro
Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14)
Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
I think this just worked for me. I've had this annoying issue since forever. Thank you!
Hello everyone, I am fairly new to the whole terminal/command line stuff. But like a lot of people here , I bought a second hand MacBook pro on offer up which was working great running Ventura. Then I updated to Sonoma and full screen MDM pop upcomes up and can't do anything because it appears right after logging in but I really need this computer for work and a couple very important projects and never was able to back it up cuz my hardrive showed up just 2 days after I upgraded to Sonoma😖 I've noticed most people here have the newer MacBooks and to my understanding use different methods to remove/bypass the mdm.
However,I have a 2018 15" MacBook pro T2 chip version of MacBook.
I am desperate for help to get my computer back to normal without data loss, can someone please help me out with like step by step for a noob not familiar with most the verbage used here. Words couldn't describe how much I would appreciate the help guys,please.@ibgroovy The only difference should be how you access recovery mode. I believe its command-R for intel based macs instead of just holding down the power button on arm based macs. Everything should be the same.
Theres one big distinction on this forum which is where my confusion would come if I was a noob.
1: this thread is dedicated to removing the notification popup and basically assumes that you dont have a mdm profile installed yet. You’re just being prompted by apple’s servers to install the profile since its registered in their databases as owned by a school/corporate company. I believe you are in this camp which is a good thing.
2: You’re laptop currently has a mdm profile installed and you’re locked out completely without having the administrator password. In this case you would most likely have to wipe your computer and fresh install macos and turn off your internet right after installation is complete. Theres more to this above but it sounds like you can disregard this.
For you being part of group one all you have to do is access recovery mode and disable SIP. Reboot then go back in recovery mode, open a safari tab, go to skipmdm.com and press the button to copy the code. Should be this: (curl https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh -o test.sh && chmod +x ./test.sh && ./test.sh) Then exit safari, open terminal, paste it there & hit enter, follow the steps and then boom done. Restart computer and once in for added reassurance:
open terminal once logged into normal mode
Run these:
sudo launchctl disable system/com.apple.ManagedClient.enroll
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
Then do:
sudo nano /etc/hosts
#block mdm connect 0.0.0.0 iprofiles.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 deviceenrollment.apple.com 0.0.0.0 gdmf.apple.com 0.0.0.0 acmdm.apple.com 0.0.0.0 albert.apple.com
Lastly reboot into recovery mode and renable SIP
————————————————————————————
Amazing links that might help in certain areas:
https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe https://apple.stackexchange.com/questions/297293/turning-off-device-enrollment-notifications-on-macbook-pro
Hey thank you for replying to my question, I definitely appreciate you helping to simplify stuff a bit more so I can understand what it is I'm doing.
And yes I believe you are correct about my computer being in that first category. The full screen pop up is prompting me to Enroll into device remote management or whatever which I haven't done yet thankfully. So that's a plus it sounds like ha.
Also, after I upgraded from Ventura to Sonoma, there was 20 min or so where the MDM full screen pop up allowed me to close it, which didn't last obviously.but I checked the section in settings for any installed profiles but there were none displayed, which I thought was weird. The setting for Remote Management was also turned off too. So I think it possibly is just some file or configuration left on the MacBook that simply prompts the pop up or something. I'm gonna give that skipmdm method a go and I'll report back if I have any success or run into problems. Thanks again for writing it all out for me. I wanted to asked though, reading through the forum and comments a bit more I saw somewhere someone saying that one of the suggested methods was not necessarily a safe method of disabling the pop up cuz it prevents firevault from working and something like the SSC or SVC or something along those lines. Is that relevant to this skipmdm method to your knowledge,? Would it be possible to do the skipmdm code, then after I can access desktop and enter those other commands in terminal, can I then somehow undo the skipmdm code to bring back the firevault or safety stuff or whatever? Thanks again for the help and I apologize for writing a novel here.
Last pic is what it showed when I would terminal command show profiles command in case it helps at all
Olá a todos, sou bastante novo em todas as coisas do terminal/linha de comando. Mas, como muitas pessoas aqui, eu comprei um MacBook pro de segunda mão em oferta que estava funcionando muito bem executando o Ventura. Então eu atualizei para Sonoma e o MDM pop-up em tela cheia aparece e não pode fazer nada porque aparece logo após o login, mas eu realmente preciso deste computador para o trabalho e alguns projetos muito importantes e nunca consegui fazer backup porque meu hardrive apareceu apenas 2 dias depois que eu atualizei para Sonoma😖 Notei que a maioria das pessoas aqui tem os MacBooks mais novos e, para o meu entendimento, usa métodos diferentes para remover/contornar o mdm.No entanto, eu tenho uma versão com chip MacBook pro T2 de 2018 de 15" do MacBook.Estou desesperado por ajuda para colocar meu computador de volta ao normal sem perda de dados, alguém pode me ajudar passo a passo para um novato não familiarizado com a maioria das verbagens usadas aqui. Palavras não podiam descrever o quanto eu apreciaria a ajuda, pessoal, por favor. > > > > > > @ibgroovyA única diferença deve ser como você acessa o modo de recuperação. Acredito que seu comando-R para macs baseados em inteligência em vez de apenas manter pressionado o botão liga/desliga em macs baseados em braço. Tudo deve ser o mesmo. > > Há uma grande distinção neste fórum, que é onde minha confusão viria se eu fosse um novato. > > 1: este tópico é dedicado a remover o pop-up de notificação e basicamente assume que você ainda não tem um perfil mdm instalado. Você está apenas sendo solicitado pelos servidores da Apple a instalar o perfil, já que ele está registrado em seus bancos de dados como de propriedade de uma escola/empresa corporativa. Acredito que você está neste acampamento, o que é uma coisa boa. > > 2: Seu laptop atualmente tem um perfil mdm instalado e você está completamente bloqueado sem ter a senha do administrador. Nesse caso, você provavelmente teria que limpar seu computador e instalar macos novos e desligar sua internet logo após a conclusão da instalação. Há mais sobre isso acima, mas parece que você pode desconsiderar isso. > > Para você fazer parte do grupo um, tudo o que você precisa fazer é acessar o modo de recuperação e desativar o SIP. Reinicie e volte ao modo de recuperação, abra uma guia de safári, vá para skipmdm.com e pressione o botão para copiar o código. Deve ser isso: (curlhttps://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh -o test.sh && chmod +x ./test.sh && ./test.sh) Em seguida, saia do safari, abra o terminal, cole-o lá e pressione enter, siga as etapas e, em seguida, pronto. Reinicie o computador e uma vez para maior tranquilidade: > > terminal aberto depois de entrar no modo normal > > Execute estes: > > sudo launchctl disable system/com.apple.ManagedClient.enroll > > sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound > > Então faça: > > sudo nano /etc/hosts > > #block mdm connect 0.0.0.0 iprofiles.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 deviceenrollment.apple.com 0.0.0.0 gdmf.apple.com 0.0.0.0 acmdm.apple.com 0.0.0.0 albert.apple.com > > Por fim, reinicie no modo de recuperação e no SIP renable > > ——————————————————————————————— > > Links incríveis que podem ajudar em certas áreas: > > https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipehttps://apple.stackexchange.com/questions/297293/turning-off-device-enrollment-notifications-on-macbook-pro > > Ei, obrigado por responder à minha pergunta, eu definitivamente agradeço por você ajudar a simplificar um pouco mais as coisas para que eu possa entender o que estou fazendo.E sim, acredito que você está certo sobre o meu computador estar nessa primeira categoria. O pop-up de tela cheia está me solicitando para me inscrever no gerenciamento remoto do dispositivo ou o que quer que eu ainda não tenha feito, felizmente. Então isso é uma vantagem, parece ha.Além disso, depois que atualizei de Ventura para Sonoma, houve cerca de 20 minutos em que o pop-up de tela cheia do MDM me permitiu fechá-lo, o que obviamente não durou. Mas verifiquei a seção nas configurações para quaisquer perfis instalados, mas não havia nenhum exibido, o que achei estranho. A configuração para Gerenciamento Remoto também foi desativada. Então eu acho que possivelmente é apenas algum arquivo ou configuração deixada no MacBook que simplesmente solicita o pop-up ou algo assim. Vou dar uma boada nesse método skipmdm e relatarei se tiver algum sucesso ou tiver problemas. Obrigado novamente por escrever tudo para mim. Eu queria perguntar, no entanto, lendo o fórum e comentando um pouco mais, vi em algum lugar alguém dizendo que um dos métodos sugeridos não era necessariamente um método seguro de desativar o pop-up porque impede que o firevault funcione e algo como o SSC ou SVC ou algo nesse sentido. Isso é relevante para este método skipmdm para o seu conhecimento? Seria possível fazer o código skipmdm, então depois que eu puder acessar a área de trabalho e inserir esses outros comandos no terminal, posso de alguma forma desfazer o código skipmdm para trazer de volta o firevault ou coisas de segurança ou o que quer que seja? Obrigado novamente pela ajuda e peço desculpas por escrever um romance aqui.A última foto é o que mostrou quando eu o comando do terminal mostrar o comando de perfis, caso ajude > >
// >> 1- you will have to install ventura cleanly, using a portable pendrive.
2-Make sure to turn off the internet in the last phase so that it works.
3-Only after that will you be able to do it, I have a MacBook Pro M1 and it worked this way, I managed to do it with Sonoma installed, but I had to be very quick, saving it in Notepad to be able to copy in seconds before the pop that takes over the entire screen.
Mine is working normally, but I haven't updated it. Just thank the forum here, it was very useful.
I open a non-admin partition so that if it happens again I can access it, I advise you to do this.
Now I didn't know about this skip.mdm, I saved everything so if it happens again I can resolve it. Big hug from Brazil!
Olá a todos, sou bastante novo em todas as coisas do terminal/linha de comando. Mas, como muitas pessoas aqui, eu comprei um MacBook pro de segunda mão em oferta que estava funcionando muito bem executando o Ventura. Então eu atualizei para Sonoma e o MDM pop-up em tela cheia aparece e não pode fazer nada porque aparece logo após o login, mas eu realmente preciso deste computador para o trabalho e alguns projetos muito importantes e nunca consegui fazer backup porque meu hardrive apareceu apenas 2 dias depois que eu atualizei para Sonoma😖 Notei que a maioria das pessoas aqui tem os MacBooks mais novos e, para o meu entendimento, usa métodos diferentes para remover/contornar o mdm.No entanto, eu tenho uma versão com chip MacBook pro T2 de 2018 de 15" do MacBook.Estou desesperado por ajuda para colocar meu computador de volta ao normal sem perda de dados, alguém pode me ajudar passo a passo para um novato não familiarizado com a maioria das verbagens usadas aqui. Palavras não podiam descrever o quanto eu apreciaria a ajuda, pessoal, por favor. > > > > > > @ibgroovyA única diferença deve ser como você acessa o modo de recuperação. Acredito que seu comando-R para macs baseados em inteligência em vez de apenas manter pressionado o botão liga/desliga em macs baseados em braço. Tudo deve ser o mesmo. > > Há uma grande distinção neste fórum, que é onde minha confusão viria se eu fosse um novato. > > 1: este tópico é dedicado a remover o pop-up de notificação e basicamente assume que você ainda não tem um perfil mdm instalado. Você está apenas sendo solicitado pelos servidores da Apple a instalar o perfil, já que ele está registrado em seus bancos de dados como de propriedade de uma escola/empresa corporativa. Acredito que você está neste acampamento, o que é uma coisa boa. > > 2: Seu laptop atualmente tem um perfil mdm instalado e você está completamente bloqueado sem ter a senha do administrador. Nesse caso, você provavelmente teria que limpar seu computador e instalar macos novos e desligar sua internet logo após a conclusão da instalação. Há mais sobre isso acima, mas parece que você pode desconsiderar isso. > > Para você fazer parte do grupo um, tudo o que você precisa fazer é acessar o modo de recuperação e desativar o SIP. Reinicie e volte ao modo de recuperação, abra uma guia de safári, vá para skipmdm.com e pressione o botão para copiar o código. Deve ser isso: (curlhttps://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh -o test.sh && chmod +x ./test.sh && ./test.sh) Em seguida, saia do safari, abra o terminal, cole-o lá e pressione enter, siga as etapas e, em seguida, pronto. Reinicie o computador e uma vez para maior tranquilidade: > > terminal aberto depois de entrar no modo normal > > Execute estes: > > sudo launchctl disable system/com.apple.ManagedClient.enroll > > sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound > > Então faça: > > sudo nano /etc/hosts > > #block mdm connect 0.0.0.0 iprofiles.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 deviceenrollment.apple.com 0.0.0.0 gdmf.apple.com 0.0.0.0 acmdm.apple.com 0.0.0.0 albert.apple.com > > Por fim, reinicie no modo de recuperação e no SIP renable > > ——————————————————————————————— > > Links incríveis que podem ajudar em certas áreas: > > https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipehttps://apple.stackexchange.com/questions/297293/turning-off-device-enrollment-notifications-on-macbook-pro > > Ei, obrigado por responder à minha pergunta, eu definitivamente agradeço por você ajudar a simplificar um pouco mais as coisas para que eu possa entender o que estou fazendo.E sim, acredito que você está certo sobre o meu computador estar nessa primeira categoria. O pop-up de tela cheia está me solicitando para me inscrever no gerenciamento remoto do dispositivo ou o que quer que eu ainda não tenha feito, felizmente. Então isso é uma vantagem, parece ha.Além disso, depois que atualizei de Ventura para Sonoma, houve cerca de 20 minutos em que o pop-up de tela cheia do MDM me permitiu fechá-lo, o que obviamente não durou. Mas verifiquei a seção nas configurações para quaisquer perfis instalados, mas não havia nenhum exibido, o que achei estranho. A configuração para Gerenciamento Remoto também foi desativada. Então eu acho que possivelmente é apenas algum arquivo ou configuração deixada no MacBook que simplesmente solicita o pop-up ou algo assim. Vou dar uma boada nesse método skipmdm e relatarei se tiver algum sucesso ou tiver problemas. Obrigado novamente por escrever tudo para mim. Eu queria perguntar, no entanto, lendo o fórum e comentando um pouco mais, vi em algum lugar alguém dizendo que um dos métodos sugeridos não era necessariamente um método seguro de desativar o pop-up porque impede que o firevault funcione e algo como o SSC ou SVC ou algo nesse sentido. Isso é relevante para este método skipmdm para o seu conhecimento? Seria possível fazer o código skipmdm, então depois que eu puder acessar a área de trabalho e inserir esses outros comandos no terminal, posso de alguma forma desfazer o código skipmdm para trazer de volta o firevault ou coisas de segurança ou o que quer que seja? Obrigado novamente pela ajuda e peço desculpas por escrever um romance aqui.A última foto é o que mostrou quando eu o comando do terminal mostrar o comando de perfis, caso ajude > >
// >> 1- you will have to install ventura cleanly, using a portable pendrive. 2-Make sure to turn off the internet in the last phase so that it works. 3-Only after that will you be able to do it, I have a MacBook Pro M1 and it worked this way, I managed to do it with Sonoma installed, but I had to be very quick, saving it in Notepad to be able to copy in seconds before the pop that takes over the entire screen.
Mine is working normally, but I haven't updated it. Just thank the forum here, it was very useful.
I open a non-admin partition so that if it happens again I can access it, I advise you to do this.
Now I didn't know about this skip.mdm, I saved everything so if it happens again I can resolve it. Big hug from Brazil!
From my knowledge you shouldn't have to do a clean install via pendrive. Thats what you do if the profile has been installed and mdm is active on your laptop as you shouldnt even be able to login normally without an admin password setup by the company/school that the remote management has been installed by.
Those steps you listed doing a clean install with the internet being off from my knowledge arent needed since this is just the notification we are dealing with not actually removing the mdm profiles that are most likely unremovable as listed in this link (https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe).
@ibgroovy yeah its not that weird as apple is now pinging certain webhosts/servers to check if your device is regiustered as a mdm device that is why you are getting the notifcation popup. It looks like they added it in Sonoma. Per what @sonomadep said
"Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system."
I relooked through the forum and didnt see anyone mentioning it not a safe method due to reasons with firevault or whatever. And Im not following what you're saying about undoing skipmdm. Skipmdm is the same thing as the other steps listed its just an automated script that does it for you and is able to do it from recovery mode instead of logging in. I havent taken the time to understand the script to be able to explain it in depth but the steps we have outlined just in an automated fashion. i just did both methods via skipmdm and the regular way as being extra precautious. You should be fine as far as your concerns with firevault go. I dont see why that would be of concern, i think the skipmdm script was written kinda poorly from what i read because it auto assumes your drive is called Macintosh HD which for some users that might not be the case. Thats what you might be referencing and why some users were doing the clean wipe method even though they didnt have to, all they needed to do was change the skipmdm script and change the drive name from Macintosh HD to whatever their drive name is.
Again man not to trying to be an ass but I really think you should try to sit here for like 30 mins to an hour and understand the commands that you are doing so you know what you're doing to your computer. Its never a good idea to just follow along as Im sure you will be fine but understanding what you're doing and why you're doing it and what all it will impact is super important.
I was being a dummy earlier and @TomRider22 shared this link https://support.apple.com/en-ke/HT210060 which helps breakdown what each we port that we were told to block does and how it will impact your local environment.
#block mdm connect
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com
I also asked chatgpt for extended explanations, but anyways yeah fully wiping your laptop and doing a clean install doesnt seem to be necessary from my knowledge for removing the notification popups. Its only needed to remove "non-removable" mdm profiles from your machine and that would mean you cannot login normally because you need admin access that is being controlled by a company/school/etc.
Look, I bought my MacBook from someone who bought it on eBay. Okay, when I went to format it with cmd + r, I discovered that I was tricked. I spent two weeks looking for how to solve it, until I managed to do it in the way listed above, now I can't sell it because it would give me a headache. Good Luck!
Thank you all for this informative and educational topic...!
I've read this entire thread but I don't think the issue I'm experiencing has been covered (though this one is close).
I purchased an intel mac mini as an step between my Intel 5,1 and eventual Silicon Mac. It came with Ventura but a small 256GB internal drive, so I installed Ventura on an external drive using a USB installer I prepared.
After install, it booted into the OS setup and after I selected Language and Accessibility options, this appeared:
Then this:
And then this:
I have, in an attempt to bypass this (stupidly..!!!) wiped and re-installed Monterey (no difference - same Remote Management issue) and then Ventura on the internal HD and now I cannot get past those screens at all.
When I got he computer it worked fine in Ventura, I even did the System Update to the latest version with no issues - the only clue was a notification in the upper right corner of the screen that "Pinterest can set up your computer" - I was clueless and thought it was spam, so I set out to do a clean install on an external drive, and my long dark journey into hell began, leading me here, to what appears to be the most knowledgeable and helpful people online.
Like others, I have been unable to edit the .plist files - even when the HD is connected to a different computer and I attempted to change permissions on the files - did not work.
Also, as mentioned by others here, since there are no users created at the point of the Remote Management screens above, the suggested terminal commands are not recognized and I am unable to get any further.
Despite having read this entire thread, I am uncertain about how to proceed.
I really regret wiping the Ventura install, because I think that (according to other articles I have read) having a functioning OS would have allowed me to bypass the remote management using a higher level process like "System Settings" .
So, I am stuck.
I think that my next step will be to call the IT number at Pinterest and provide them the serial number, hoping that they can 'release' this admin block on my system.
I had never heard of Remote Management or MDM until yesterday, I've learned a lot, but so far 100% fails..
Is there some step I missed here?
Given that I have 2 fresh OS installs (one on the internal HD and one on an external HD) that are stuck at the screens above, and therefore have no User or Admin folders, what steps can I take to get to the point were I can at least try the terminal and script suggestions here?
Thank you all again for this informative and educational thread...
@zmixnyc Have you succeeded with booting into Recovery Mode after OS installation?
@zmixnyc Have you succeeded with booting into Recovery Mode after OS installation?
Yes, I can enter recovery mode and access the Disk Utilities and Terminal, etc.
@zmixnyc Have you succeeded with booting into Recovery Mode after OS installation?
Yes, I can enter recovery mode and access the Disk Utilities and Terminal, etc.
Have you tried using skipmdm after disabling SIP. I believe the script auto creates an admin account for root access if one is not already setup
@zmixnyc Have you succeeded with booting into Recovery Mode after OS installation?
Yes, I can enter recovery mode and access the Disk Utilities and Terminal, etc.
Have you tried using skipmdm after disabling SIP. I believe the script auto creates an admin account for root access if one is not already setup
I have been able to disable SIP, but none of the terminal commands I tried did anything (presumably because the system had not set up any admin or user accounts?)
Can you give me some details about skipmdm?
Hello everyone, I am fairly new to the whole terminal/command line stuff. But like a lot of people here , I bought a second hand MacBook pro on offer up which was working great running Ventura. Then I updated to Sonoma and full screen MDM pop upcomes up and can't do anything because it appears right after logging in but I really need this computer for work and a couple very important projects and never was able to back it up cuz my hardrive showed up just 2 days after I upgraded to Sonoma😖 I've noticed most people here have the newer MacBooks and to my understanding use different methods to remove/bypass the mdm.
However,I have a 2018 15" MacBook pro T2 chip version of MacBook.
I am desperate for help to get my computer back to normal without data loss, can someone please help me out with like step by step for a noob not familiar with most the verbage used here. Words couldn't describe how much I would appreciate the help guys,please.@ibgroovy The only difference should be how you access recovery mode. I believe its command-R for intel based macs instead of just holding down the power button on arm based macs. Everything should be the same.
Theres one big distinction on this forum which is where my confusion would come if I was a noob.
1: this thread is dedicated to removing the notification popup and basically assumes that you dont have a mdm profile installed yet. You’re just being prompted by apple’s servers to install the profile since its registered in their databases as owned by a school/corporate company. I believe you are in this camp which is a good thing.
2: You’re laptop currently has a mdm profile installed and you’re locked out completely without having the administrator password. In this case you would most likely have to wipe your computer and fresh install macos and turn off your internet right after installation is complete. Theres more to this above but it sounds like you can disregard this.
For you being part of group one all you have to do is access recovery mode and disable SIP. Reboot then go back in recovery mode, open a safari tab, go to skipmdm.com and press the button to copy the code. Should be this: (curl https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh -o test.sh && chmod +x ./test.sh && ./test.sh) Then exit safari, open terminal, paste it there & hit enter, follow the steps and then boom done. Restart computer and once in for added reassurance:
open terminal once logged into normal mode
Run these:
sudo launchctl disable system/com.apple.ManagedClient.enroll
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
Then do:
sudo nano /etc/hosts
#block mdm connect 0.0.0.0 iprofiles.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 deviceenrollment.apple.com 0.0.0.0 gdmf.apple.com 0.0.0.0 acmdm.apple.com 0.0.0.0 albert.apple.com
Lastly reboot into recovery mode and renable SIP
————————————————————————————
Amazing links that might help in certain areas:
https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe https://apple.stackexchange.com/questions/297293/turning-off-device-enrollment-notifications-on-macbook-pro
@zmixnyc Read this reply I made. Also if you are trying the commands with sudo being used than that is why. In recovery mode you dont have to call sudo, it throws a error if you do
Thank you @ParkerPerry , it's been a 'learning experience' the whole way and I appreciate the tips..
It's possible that I'm beyond that advice, since I do not have the ability to set up a functional OS.
"Air gapping" might be one way to allow the installer to set up the user profile without making the deadly search to the Remote Manager?
I wanted to follow up on my original post here with my eventual solution.
I called the IT number in the Remote Management popup (twice) and never heard back from them.
I decided to try my 'air gapped' idea and I downloaded the installer for Ventura (and Sonoma) and set up the USB installers for each, then I disconnected the Ethernet cable from the computer and turned off my router to remove any "known" Wi-Fi networks.
After the offline clean install I was able to get all the way through the setup dialogs with no Remote Management intervention.
I looked at the system settings mentioned elsewhere on this thread and noted that after my clean install of the OS Remote Management defaulted to "off' and that no profiles were present.
I migrated all my data back onto the drive and re-connected to the internet. No popups, no Remote Management issues at all. I even updated the OS after all this and had no more interference.
The lesson here for me was that I learned a lot about Remote Management, a lot that I really didn't want to know..!
Had I known Remote Management existed before I tried to update the OS, and that defeating it was as possibly as easy as turning off a system preference, my life would have been so much better over these last 3 days.
I'm grateful for all the replies here, though I'm still not clear on how certain aspects of Remote Management work...
Questions:
Am I free and clear now?
In order for Remote management require a profile to be set up on the individual machine (by IT for example) or is there some sort of serial number database that was used to identify my second-hand computer as belonging to Pinterest (in my case), with the possibility that this might happen again?
Thanks again.
Eu queria acompanhar meu post original aqui com minha eventual solução.
Liguei para o número de TI no pop-up de Gerenciamento Remoto (duas vezes) e nunca tive resposta deles.
Decidi tentar minha ideia de 'air gapped' e baixei o instalador para Ventura (e Sonoma) e configurei os instaladores USB para cada um, depois desconectei o cabo Ethernet do computador e desliguei meu roteador para remover quaisquer redes Wi-Fi "conhecidas".
Após a instalação limpa off-line, consegui passar por todas as caixas de diálogo de configuração sem intervenção de Gerenciamento Remoto.
Eu olhei para as configurações do sistema mencionadas em outros lugares neste tópico e notei que, após a minha instalação limpa do Gerenciamento Remoto do Sistema Operacional, o padrão foi "desligado" e que nenhum perfil estava presente.
Eu migrei todos os meus dados de volta para a unidade e me reconectei à internet. Sem pop-ups, sem problemas de Gerenciamento Remoto. Eu até atualizei o sistema operacional depois de tudo isso e não tive mais interferência.
A lição aqui para mim foi que eu aprendi muito sobre Gerenciamento Remoto, muito que eu realmente não queria saber..!
Se eu soubesse que o Gerenciamento Remoto existia antes de tentar atualizar o sistema operacional, e que derrotá-lo era tão possivelmente tão fácil quanto desligar uma preferência de sistema, minha vida teria sido _muito melhor _nesses últimos 3 dias.
Sou grato por todas as respostas aqui, embora ainda não esteja claro sobre como certos aspectos do Gerenciamento Remoto funcionam...
Perguntas:
Estou livre e limpo agora?
Para que o gerenciamento remoto exija que um perfil seja configurado na máquina individual (por TI, por exemplo) ou existe algum tipo de banco de dados de número de série que foi usado para identificar meu computador de segunda mão como pertencente ao Pinterest (no meu caso), com a possibilidade de que isso possa acontecer novamente?
Obrigado novamente.
No! I believe it is forever, as it is linked to a company, hence the MDM message. I'm the same, I managed to solve it, it's great, using Sonoma 14.0, without pop, but I'm not free from Apple's ping.
Someone in this version and no problem?
Someone in this version and no problem?
Same question, found info that bypass ain't work anymore on 14.1
Someone in this version and no problem?
Same question, found info that bypass ain't work anymore on 14.1
// Your image didn't open. I'm still using 14.0, I'll wait for our friends to find a way out of this terrible MDM problem.
Someone in this version and no problem?
I was already on this version and the skipmdm method worked so far, I just did the bypass like an hr ago so its still early but so far its good, will update if I see any changes later
So going by this question I'm assuming, enabling automatic software updates is not advisable ? I've disabled it for now but if someone can clarify, pls do :)
I upgraded to Sonoma (i had used the bypass on ventura, with the pop ups on the side) and got the full screen popup after the upgrade.. I used the skipmdm.com from this youtube linkhttps://youtu.be/khlALitW0zI?si=ZGz2gk356IhFjmM3 and it worked my question is what did this do exactly and is it safe? did i just give someone backdoor access to my macbook?
I grabbed the sh script from the command "https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh"
This is the file
#!/bin/bash RED='\033[0;31m' GRN='\033[0;32m' BLU='\033[0;34m' NC='\033[0m' echo "" echo -e "Auto Tools for MacOS" echo "" PS3='Please enter your choice: ' options=("Bypass on Recovery" "Disable Notification (SIP)" "Disable Notification (Recovery)" "Check MDM Enrollment" "Thoát") select opt in "${options[@]}"; do case $opt in "Bypass on Recovery") echo -e "${GRN}Bypass on Recovery" if [ -d "/Volumes/Macintosh HD - Data" ]; then diskutil rename "Macintosh HD - Data" "Data" fi echo -e "${GRN}Tạo người dùng mới" echo -e "${BLU}Press Enter to move to the next step, if not filled in, it will automatically receive the default value" echo -e "Enter user name (Default: MAC)" read realName realName="$ {realName:=MAC}" echo -e "${BLUE}Get username ${RED}WRITTEN UNACCLOSED ${GRN} (Default: MAC)" read username username="${username:=MAC}" echo -e "${BLUE}Enter password (default: 1234)" read passw passw="${passw:=1234}" dscl_path='/Volumes/Data/private/var/db/dslocal/nodes/Default' echo -e "${GREEN}Đang tạo user" # Create user dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UserShell "/bin/zsh" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UniqueID "501" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" PrimaryGroupID "20" mkdir "/Volumes/Data/Users/$username" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" NFSHomeDirectory "/Users/$username" dscl -f "$dscl_path" localhost -passwd "/Local/Default/Users/$username" "$passw" dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership $username echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts echo -e "${GREEN}Chặn host thành công${NC}" # echo "Remove config profile" touch /Volumes/Data/private/var/db/.AppleSetupDone rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound echo "----------------------" break ;; "Disable Notification (SIP)") echo -e "${RED}Please Insert Your Password To Proceed${NC}" sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound break ;; "Disable Notification (Recovery)") rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound break ;; "Check MDM Enrollment") echo "" echo -e "${GRN}Check MDM Enrollment. Error is success${NC}" echo "" echo -e "${RED}Please Insert Your Password To Proceed${NC}" echo "" sudo profiles show -type enrollment break ;; "Quit") break ;; *) echo "Invalid option $REPLY" ;; esac done
DO NOT UPGRADE IT TO SONAMA .This commands will works perfect with the Ventura but won't work with the Sonoma .Do not believe anyone if someone will tell you this will work with the Sonoma which is IT WILL NOT .You will brick your Mac if you use Sonama
Eu atualizei para Sonoma (eu tinha usado o bypass no ventura, com os pop-ups ao lado) e recebi o pop-up de tela cheia após a atualização.. Eu usei o skipmdm.com deste link do youtubehttps://youtu.be/khlALitW0zI? si=ZGz2gk356IhFjmM3 e funcionou, minha pergunta é o que isso fez exatamente e é seguro? acabei de dar a alguém acesso ao meu macbook? > > > > > > Peguei o script sh do comando "https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh" > > Este é o arquivo > >
> > #! /bin/bash > > RED='\033[0;31m' > > GRN='\033[0;32m' > > BLU='\033[0;34m' > > NC='\033[0m' > > eco "" > > echo -e "Ferramentas Automáticas para MacOS" > > eco "" > > PS3='Por favor, insira sua escolha: ' > > options=("Bypass on Recovery" "Disable Notification (SIP)" "Disable Notification (Recovery)" "Check MDM Enrollment" "Thoát") > > selecione opt in "${options[@]}"; faça > > caso $opt in > > "Bypass na Recuperação") > > echo -e "${GRN}Bypass na Recuperação" > > se [ -d "/Volumes/Macintosh HD - Dados" ]; então > > diskutil renomear "Macintosh HD - Dados" "Dados" > > fi > > echo -e "${GRN}Tạo người dùng mới" > > echo -e "${BLU}Pressione Enter para passar para a próxima etapa, se não for preenchido, ele receberá automaticamente o valor padrão" > > echo -e "Digite o nome de usuário (Padrão: MAC)" > > leia o nome real > > realName="$ {realName:=MAC}" > > echo -e "${BLUE}Obter nome de usuário ${RED}WRITTEN UNACCLOSED ${GRN} (Padrão: MAC)" ler > > Nome de Usuário > > username="${username:=MAC}" > > echo -e "${BLUE}Digite a senha (padrão: 1234)" > > leia o passaporte > > passw="${passw:=1234}" > > dscl_path='/Volumes/Data/private/var/db/dslocal/nodes/Default' > > echo -e "${GREEN}Đang tạo usuário" > > # Criar usuário > > dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" > > dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UserShell "/bin/zsh" > > dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" > > dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName" > > dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UniqueID "501" > > dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" PrimaryGroupID "20" > > mkdir "/Volumes/Dados/Usuários/$nome de usuário" > > dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" NFSHomeDirectory "/Users/$username" > > dscl -f "$dscl_path" localhost -passwd "/Local/Default/Users/$username" "$passw" > > dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership $username > > echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts > > echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts > > echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts > > echo -e "${GREEN}Chặn host thành công${NC}" > > # echo "Remover perfil de configuração" > > toque em /Volumes/Dados/privado/var/db/. AppleSetupDone > > rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord > > rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound > > toque /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled > > toque /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound > > eco "----------------------" > > intervalo > > ;; > > "Desativar Notificação (SIP)") > > echo -e "${RED}Por favor, insira sua senha para prosseguir${NC}" > > sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord > > sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound > > sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled > > sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound > > pausa > > ;; > > "Desativar Notificação (Recuperação)") > > rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord > > rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound > > toque /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled > > toque /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound > > > > pausa > > ;; > > "Verifique a Inscrição no MDM") > > eco "" > > echo -e "${GRN}Verifique a inscrição no MDM. Erro é sucesso${NC}" > > eco "" > > echo -e "${RED}Por favor, insira sua senha para prosseguir${NC}" > > eco "" > > perfis sudo mostram inscrição -tipo > > intervalo > > ;; > > "Sair") > > intervalo > > ;; > > *) echo "Opção inválida $REPLY" ;; > > esac > > feito > >> > NÃO ATUALIZE PARA SONAMA. Esses comandos funcionarão perfeitamente com o Ventura, mas não funcionarão com o Sonoma. Não acredite em ninguém se alguém lhe disser que isso funcionará com o Sonoma, que é NÃO VAI. Você vai bloquear seu Mac se usar o Sonama Ok! Aguardando um para o SONOMA, o meu continua funcionando e nao vou atualizar tão cedo.
greeting i am on sonoma 14 and don't have any mdm notification
can i direct update to 14.2? is it safe? anyone did that direct?
I have the 6 IP's in the hosts file disabled and I'm not even showing that 14.2 is eligible to download at all at the moment.
Hello everyone, I am fairly new to the whole terminal/command line stuff. But like a lot of people here , I bought a second hand MacBook pro on offer up which was working great running Ventura. Then I updated to Sonoma and full screen MDM pop upcomes up and can't do anything because it appears right after logging in but I really need this computer for work and a couple very important projects and never was able to back it up cuz my hardrive showed up just 2 days after I upgraded to Sonoma😖 I've noticed most people here have the newer MacBooks and to my understanding use different methods to remove/bypass the mdm.
However,I have a 2018 15" MacBook pro T2 chip version of MacBook.
I am desperate for help to get my computer back to normal without data loss, can someone please help me out with like step by step for a noob not familiar with most the verbage used here. Words couldn't describe how much I would appreciate the help guys,please.@ibgroovy The only difference should be how you access recovery mode. I believe its command-R for intel based macs instead of just holding down the power button on arm based macs. Everything should be the same.
Theres one big distinction on this forum which is where my confusion would come if I was a noob.
1: this thread is dedicated to removing the notification popup and basically assumes that you dont have a mdm profile installed yet. You’re just being prompted by apple’s servers to install the profile since its registered in their databases as owned by a school/corporate company. I believe you are in this camp which is a good thing.
2: You’re laptop currently has a mdm profile installed and you’re locked out completely without having the administrator password. In this case you would most likely have to wipe your computer and fresh install macos and turn off your internet right after installation is complete. Theres more to this above but it sounds like you can disregard this.
For you being part of group one all you have to do is access recovery mode and disable SIP. Reboot then go back in recovery mode, open a safari tab, go to skipmdm.com and press the button to copy the code. Should be this: (curl https://raw.githubusercontent.com/maclifevn/bypasmdm/main/mdm.sh -o test.sh && chmod +x ./test.sh && ./test.sh) Then exit safari, open terminal, paste it there & hit enter, follow the steps and then boom done. Restart computer and once in for added reassurance:
open terminal once logged into normal mode
Run these:
sudo launchctl disable system/com.apple.ManagedClient.enroll
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
Then do:
sudo nano /etc/hosts
#block mdm connect 0.0.0.0 iprofiles.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 deviceenrollment.apple.com 0.0.0.0 gdmf.apple.com 0.0.0.0 acmdm.apple.com 0.0.0.0 albert.apple.com
Lastly reboot into recovery mode and renable SIP
————————————————————————————
Amazing links that might help in certain areas:
https://graffino.com/til/UmkCdmEx7v-remove-a-non-removable-mdm-profile-from-macos-without-a-complete-wipe https://apple.stackexchange.com/questions/297293/turning-off-device-enrollment-notifications-on-macbook-pro
Hi @ParkerPerry,
Thank you so much for your valuable input. I'm in a similar, but slightly different situation to most here, I believe. I'm a layman so apologies if any of this doesn't make sense.
I believe I'm in neither group one nor group two. My mac works find and there aren't any MDM profiles visible in Settings nor does the Activity Monitor show any MDM activity. However, my mac does occasionally show a notification (in the top right corner, and which can be clicked away) saying "XXX can automatically configure your mac".
I would greatly appreciate it if you (or anyone else) could share their thoughts!
Have a nice day!
Apple business said that not having a MDM server should not cause this error, but it did, so I am interested in knowing if anyone has allowed their system to update to 14.1 as well and had issues or not had issues...
@aniop said its "save", but I'd love to hear if others had. I really do wanna update, unless someone wants to take one for the team idk
@pain0x0 I've upgraded to 14.2 and it's totally fine
Apple business said that not having a MDM server should not cause this error, but it did, so I am interested in knowing if anyone has allowed their system to update to 14.1 as well and had issues or not had issues...
@aniop said its "save", but I'd love to hear if others had. I really do wanna update, unless someone wants to take one for the team idk
@pain0x0 I've upgraded to 14.2 and it's totally fine
u did with direct update? from 14? or?
Apple business said that not having a MDM server should not cause this error, but it did, so I am interested in knowing if anyone has allowed their system to update to 14.1 as well and had issues or not had issues...
@aniop said its "save", but I'd love to hear if others had. I really do wanna update, unless someone wants to take one for the team idk
@pain0x0 I've upgraded to 14.2 and it's totally fine
u did with direct update? from 14? or?
I would also like to know. Help!
skipmdm.com just worked for me on a 2018 intel mac mini. I updated from mac os 14.1 to 14.2 and after logging in was locked down by the MDM screen.
Another link to block out in hosts file is, some laptops use that as a fall back to initiate the MDM stuff
0.0.0.0 https://i.manage.microsoft.com/DeviceGatewayProxy/ioshandler.ashx?Platform=MacMDM
Hi! I've been struggling with MDM quite a lot and found the easiest, but a little long solution to the problem, but you won't get mdm blocking and profile upload notifications. I have described as much detail as possible for different cases, so find your own and follow the instructions.
I'll tell you the pros and cons at the very end, and now let's move on to the beginning:
Preparatory Stages:
If you are on macOS Ventura or Monterey and you have no problems with MDM, then download this utility https://checkm8.info/bypass-mac-mdm-lock and make a Bypass (this is a precautionary measure, without doing this, I cannot guarantee you a successful system update), if you have already done this before, then immediately proceed to the main stages.
If you are on macOS Ventura or Monterey or Sonoma and you did not turn off the Internet during installation, then the MacBook will download the corporate profile and be blocked. In this case, there are 2 possible scenarios ->
Scenario 1: If your data is not on the computer, then feel free to format the disk and install Monterey/Ventura without the Internet, as soon as you have created a user and configured a MacBook, you can connect to the Internet and bypass MDM using this utility https://checkm8.info/bypass-mac-mdm-lock once you have bypassed MDM with this utility, you can proceed to the main stages.
Scenario 2: If you had Monterey/Ventura and received a lock after upgrading to Sonoma, then the data can still be saved if there was still +-100gb of free space on the disk or if you have an external hard drive
If you still have disk space and you need to restore data from a system blocked by your corporate profile, then follow these steps:
Turn off your MacBook
Reboot into recovery mode by pressing the touch id button
Go to Settings
Disk utility
Divide your disk into 2 independent containers, it is important to note that we do not add a VOLUME for the disk, namely a CONTAINER
Install Monterey/Ventura without internet in a new, empty container and bypass MDM using this utility https://checkm8.info/bypass-mac-mdm-lock
Now in the Finder, find your other user from another container and transfer all the files of interest from the old disk container to the new one
You can proceed to the main stages
If you have an external hard drive and you need to recover data from a locked corporate system profile, then follow these steps:
Install Monterey/Ventura without internet and bypass MDM using this utility https://checkm8.info/bypass-mac-mdm-lock
Now find your other user in the Finder and transfer all the files of interest from the internal drive to the external hard drive
You can proceed to the main stages
The main steps:
So, in order to upgrade to Sonoma without problems, we need an external SSD or HDD (we will save our backup copy of all data via time machine to it)
Using the disk utility, format the external hard drive in APFS and in the settings in the main section select Time Machine, and in it select your external hard drive and then create a backup copy of all data
As soon as the backup is created (you don't have to worry about data security, time machine saves literally everything you can), turn off your MacBook
Enter recovery mode by pressing the touch id button.
Disk utility
Format your internal drive
(Pre-create a bootable USB flash drive with macOS Sonoma) Start installing Sonoma without the Internet, configure your MacBook until you are prompted to transfer data from a time machine backup, select this item
Restore all data from the backup and then complete the installation
That's it, you don't need to do anything else, successful bypass!
The advantages of my method:
Personally tested by me on a macbook pro 13" m1 and has been tested without any problems for a week now
An easy way to bypass the regular macos methods
Do you need more advantages besides reliability and simplicity? :)
Minuses:
Quite a long time
I mean you're completely wrong but okay.
Im literally on Sonoma and this whole forum is specifically about Sonoma. Theres plenty of detailed instructions here so if you cannot figure it out dont deter other people from the solution while spreading incorrect information like its not possible on Sonoma because it clearly is.
Has anyone tried this on a native Sonoma M3 macbook? Seems all the recommendations to date apply to Ventura (or older) upgrades. I've been working through every aspect of these recommendations I can but cannot get past the security block on Sonoma.
https://www.youtube.com/watch?v=YjKxz9kxnHE
I think this is the only solution for native Sonoma MacBook
Factually incorrect. Im on Sonoma and have been since October, got the mdm popup a few days after updating and was getting the full screen notification popup that was locking me out of my computer only a few minutes after rebooting.
Came here and did research and read all of the comments and its been working flawlessly since. No notifications whatsoever, currently on 14.1.1
Factually incorrect. Im on Sonoma and have been since October, got the mdm popup a few days after updating and was getting the full screen notification popup that was locking me out of my computer only a few minutes after rebooting.
Came here and did research and read all of the comments and its been working flawlessly since. No notifications whatsoever, currently on 14.1.1
You say you've "been on Sonoma" - did you upgrade or is your Macbook native Sonoma? There is a difference. Many of us have gotten these instructions to work on an upgraded MB. I can't find anyone who can confirm they have gotten it to work on A) a native Sonoma macbook (IE one delivered with Sonoma, not an earlier OS) and specifically B) an M3 Sonoma laptop.
I updated to Sonoma from Ventura. I fail to see how the process would be any different regardless of what OS your laptop natively ships with. Also why would the m3 be any different than an m1 or m2. MDM has essentially nothing to do with the arm chip itself and is more about the underlying os than any hardware specifics.
The process should be the same regardless, and skipmdm should help if you are running into the mdm notification locking you out straight out of bootup.
Blocking the computer from ports that are pinging apple servers to check if your motherboard is registered as a mdm device seems to be the most important component which has been outlined before.
From my understanding the native os and m series chip you have shouldnt matter. The only difference that people should come across:
Your device doesnt have a mdm profile installed on it but the computer is registered as a mdm device thus you are getting notification popups telling you that your device needs to be registered.
Your device currently has a mdm profile installed on it and is being monitored which probably requires you to do a fresh install and you will need to disconnect your internet upon completing installation. This might not be needed with skipmdm though. I initially had to do this to wipe my corporate laptop and remove the mdm profile from it so I wasnt blocked out of it from my company without a admin account.
Are you able to login as a user on this laptop?
Well thats why, this forum is specifically for the #1 I mentioned which is regarding just the notification popups and not removing a mdm profile from your device. Im completely aware that you cannot downgrade OS's unfortunately:/
From my experience I was informed a few yrs ago that upgrading from Monterey to Ventura they fixed it to where you can no longer fresh install a new/same os from a usb drive or ote without connecting to the internet for authentication. On Monterey when I did it you just installed the os ote and upon bootup after the installation you disconnected your router which wouldnt let it authenticate on apple servers. I thought they fixed this in Ventura but there seems to be people here who were able to do it still on Ventura.
Im sure its possible but without a device that has a t2 chip on it Im not really sure I can personally test it out but here are two resources that I suggest:
This helped me ages ago remove the mdm profile from my computer: https://support.addigy.com/hc/en-us/articles/4405907255827-Removing-non-removable-MDMs-by-disabling-SIP
More importantly take a look at the last comment by @nerykell here: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd
I am on Sonoma 14.2.1
What steps are currently valid to disable the MDM popup ?
I ran csrutil disable in recovery.
sudo csrutil status
System Integrity Protection status: disabled.
I ran sudo open /Applications/TextEdit.app /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist
and it would not open the file in text edit so I ran
sudo open /System/Applications/TextEdit.app /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist --> this only open the TextEdit app so I navigated to the file I got this error.
Have an Intel based Mac I'd bought for my daughter in college and realised it has MDM on it. I'm wondering what latest version of macOS Sonoma folks have had success using? (14.0, 14..1.1, 14.1.2? 14.2, 14.2.1?) And if someone has a streamlined set of instructions or video to watch? I think, I'm going to book into Recovery now from Ventura 13.6.3 usb, disconnect from network with about 1min left, reboot into recovery - open terminal csrutil disable - then from recovery mode open safari and go to skipmdm, copy script, and run in terminal again. Fingers crossed if that's not correct - let me know! Cheers!
Tenho um Mac baseado em Intel que comprei para minha filha na faculdade e percebi que tem MDM nele. Estou me perguntando qual versão mais recente do macOS Sonoma as pessoas tiveram sucesso usando? (14.0, 14..1.1, 14.1.2? 14.2, 14.2.1?) E se alguém tiver um conjunto simplificado de instruções ou vídeo para assistir? Acho que vou reservar para a Recuperação agora do Ventura 13.6.3 usb, desconectar da rede com cerca de 1 minuto restante, reiniciar para a recuperação - abrir o terminal csrutil desativar - depois do modo de recuperação abrir o safari e ir para skipmdm, copiar script e executar no terminal novamente. Dedos cruzados se isso não estiver correto - me avise! Saúde -- Fiz exatamente isso! O meu esta na versão 14.0 ( Numca mais apareceu msg MDM, desde novembro de 2023) não pretendo atualizar até ter certeza de algum processo que resolva, pois utilizo meu MacBook para trabalhar.
Greetings,
Suddenly you can help me skip the remote administration of my macbook, I have watched some videos and read the comments but what I tried does not work I always get this message, I don't know much about code, can someone help me.
Se você seguir o que foi informado no primeiro poste dará certo. Fiz no meu, estava utilizando o ventura, dai atualizei e esta bem até hoje.
Factually incorrect. Im on Sonoma and have been since October, got the mdm popup a few days after updating and was getting the full screen notification popup that was locking me out of my computer only a few minutes after rebooting.
Came here and did research and read all of the comments and its been working flawlessly since. No notifications whatsoever, currently on 14.1.1
You say you've "been on Sonoma" - did you upgrade or is your Macbook native Sonoma? There is a difference. Many of us have gotten these instructions to work on an upgraded MB. I can't find anyone who can confirm they have gotten it to work on A) a native Sonoma macbook (IE one delivered with Sonoma, not an earlier OS) and specifically B) an M3 Sonoma laptop.
I updated to Sonoma from Ventura. I fail to see how the process would be any different regardless of what OS your laptop natively ships with. Also why would the m3 be any different than an m1 or m2. MDM has essentially nothing to do with the arm chip itself and is more about the underlying os than any hardware specifics.
The process should be the same regardless, and skipmdm should help if you are running into the mdm notification locking you out straight out of bootup.
Blocking the computer from ports that are pinging apple servers to check if your motherboard is registered as a mdm device seems to be the most important component which has been outlined before.
From my understanding the native os and m series chip you have shouldnt matter. The only difference that people should come across:
- Your device doesnt have a mdm profile installed on it but the computer is registered as a mdm device thus you are getting notification popups telling you that your device needs to be registered.
- Your device currently has a mdm profile installed on it and is being monitored which probably requires you to do a fresh install and you will need to disconnect your internet upon completing installation. This might not be needed with skipmdm though. I initially had to do this to wipe my corporate laptop and remove the mdm profile from it so I wasnt blocked out of it from my company without a admin account.
Are you able to login as a user on this laptop?
Bypassing MDM is 100% no longer possible. Apple forces all computers on Sonoma to check in with Apple Business/School Manager to see if a device is owned by an org. If it is owned, it forces the device to check in with the MDM. It doesn't matter if you made it past setup.
Bypassing MDM is 100% no longer possible. Apple forces all computers on Sonoma to check in with Apple Business/School Manager to see if a device is owned by an org. If it is owned, it forces the device to check in with the MDM. It doesn't matter if you made it past setup.
No matter how hard you try it won’t work ,this is a new thing Apple is doing now
You better stay on the Ventura OSX ,on Ventura it will work for sure but not on Sonama
Factually incorrect. Im on Sonoma and have been since October, got the mdm popup a few days after updating and was getting the full screen notification popup that was locking me out of my computer only a few minutes after rebooting.
Came here and did research and read all of the comments and its been working flawlessly since. No notifications whatsoever, currently on 14.1.1
can you please to the specific comment solution which worked for you? Was it any of the MDM bypass scripts that worked for you?
For all those people telling wrong facts:
I updated to 14.2.1 for about 1h and got the MDM Registration menu point in settings and I realized it reseted my "hack". So reboot > csrutil disable > reboot >deleting the configs folder > creating Settings and the 2 files in it > reboot > csrutil enable > no MDM anymore
.. I mean until next big update.So @Signore74 stop talking bullshit.
Para todas aquelas pessoas que estão contando fatos errados: > > Atualizei para 14.2.1 por cerca de 1h e consegui o ponto de menu de Registro MDM nas configurações e percebi que ele redefiniu meu "hack". Então reinicie > csrutil desativar > reiniciar > excluindo a pasta de configurações > criando Configurações e os 2 arquivos nela > reiniciar > csrutil habilitar > não há mais MDM > > .. Quero dizer, até a próxima grande atualização. Então@Signore74pare de falar besteira. // Que bom @philipp-winterle, farei hoje a noite é retorno aqui com meu resultado.
For all those people telling wrong facts:
I updated to 14.2.1 for about 1h and got the MDM Registration menu point in settings and I realized it reseted my "hack". So reboot > csrutil disable > reboot >deleting the configs folder > creating Settings and the 2 files in it > reboot > csrutil enable > no MDM anymore
.. I mean until next big update.So @Signore74 stop talking bullshit.
Yeah I'm on 14.1.1 and there's no issues on sonoma since a month at least, don't get all the fear mongering on updates.
Also @philipp-winterle , just to confirm when you update to 14.2.1, there's no data loss ? Just do mdm bypass steps and all your data is in tact ?
I updated to sonoma by fresh install w skipmdm method, so wanted to check how the process was without fresh install. I don't plan on updating anytime soon but wanted to know in case of any future updates, that without fresh install if the skip mdm still works :)
Does the script from skipMDM still work? I got error message saying "could not find disk for disk1". It seems that the script could not find the disk.
@HAndresM, have you found a solution with skipMDM? I have the same issue as yours.
@HAndresM, have you found a solution with skipMDM? I have the same issue as yours.
@superkwn This problem has been documented and explained above. I get it the thread is long but its because your disc drive isnt named "Macintosh HD" I believe.
Someone explained that the skipMDM code is written kinda shitty and doesnt work dynamically as it should and fails if your hard disk isnt the default name. Someone commented on how they changed the skipmdm code to fix this oversight
@HAndresM, have you found a solution with skipMDM? I have the same issue as yours.
@superkwn This problem has been documented and explained above. I get it the thread is long but its because your disc drive isnt named "Macintosh HD" I believe.
Someone explained that the skipMDM code is written kinda shitty and doesnt work dynamically as it should and fails if your hard disk isnt the default name. Someone commented on how they changed the skipmdm code to fix this oversight
@ParkerPerry, I need to look into it. But I did the restore using Apple Configurator. I thought the disc drive should be named as "Macintosh HD" in the restore process.
I am now getting this error while running the script
The script is buggy. It does not recognize the volume where your Mac OS has been installed. It assumes you have a default installation with volumes mounted with their default names, such as "Volumes/Macintosh HD". I have seen installations where the "Macintosh HD" is NOT the name of the volume. Thus, this script would fail miserably. The author would tell you to wipe all your data and reinstall the OS instead of making the script smarter... bad bad.
Here is a command that will tell you the name of your boot volume:
diskutil info -plist "$(bless --getBoot)" | plutil -extract VolumeName raw -- -If this command returns anything other than "Macitonsh HD" then the script is likely going to throw errors.
PM me if you need help getting this MDM check disabled.
@donkelonio Was the one who made the post I remembered seeing. Hope it helps
Here is what happened after running script from skipMDM
Here is what happened after running script from skipMDM
What exactly is not working? It seems like it worked imo
Here is what happened after running script from skipMDM
What exactly is not working? It seems like it worked imo
The script did not find the correct directory. After reboot, the system is still at the setup page.
Also @philipp-winterle , just to confirm when you update to 14.2.1, there's no data loss ? Just do mdm bypass steps and all your data is in tact ?
Can confirm. Your user folders ain't touched
Para todas aquelas pessoas que estão contando fatos errados: > > Atualizei para 14.2.1 por cerca de 1h e consegui o ponto de menu de Registro MDM nas configurações e percebi que ele redefiniu meu "hack". Então reinicie > csrutil desativar > reiniciar > excluindo a pasta de configurações > criando Configurações e os 2 arquivos nela > reiniciar > csrutil habilitar > não há mais MDM > > .. Quero dizer, até a próxima grande atualização. Então@Signore74pare de falar besteira. // Que bom @philipp-winterle, farei hoje a noite é retorno aqui com meu resultado.
Tudo bem?
Seu Mac está funcionando? Você conseguiu pular a página do MDM após atualizando para Sonoma?
Para todas aquelas pessoas que estão contando fatos errados: > > Atualizei para 14.2.1 por cerca de 1h e consegui o ponto de menu de Registro MDM nas configurações e percebi que ele redefiniu meu "hack". Então reinicie > csrutil desativar > reiniciar > excluindo a pasta de configurações > criando Configurações e os 2 arquivos nela > reiniciar > csrutil habilitar > não há mais MDM > > .. Quero dizer, até a próxima grande atualização. Então@Signore74pare de falar besteira. // Que bom@philipp-winterle, faria hoje a noite é retorno aqui com meu resultado. > > Tudo bem? > > Seu Mac está funcionando? Você conseguiu pular a página do MDM após atualizando para Sonoma? // Sim! O meu esta rodando há duas semanas, não vi mais a mdm. Sonoma 14.2.1
Bom dia!
Alguém atualizou para esta?
Bom dia!
Alguém atualizou para esta?
my question too. i am waiting to confirm by others if they did direct upgrade
I am now getting this error while running the script
I have also run the csrdisable command
Anyone seen this?I’m getting the same errors appearing and I haven’t clicked on enrol when the pop up appears, is this why?
Got this same output.
@sonomadep @dawonderboy do we have to click enrol before trying this work around?Just messaged the guy who made the mdmskip.com, on telegram he said restore your Mac and then try again. I was getting the same error so I’m currently restoring then I’ll run it again.
I have restored it and ran the skipmdm.com code and it worked.
Very easy rename (Data to Macintosh HD - Data )from disk utility
I was struggling with this Remote Management issue.
I own a 2019 Macbook Pro with an Intel CPU that I purchased used from my old college. I upgraded the OS from Ventura to Sonoma 14.3 and received an unavoidable/non-closable popup prompting me to enroll in Remote Management.
I fixed my issues using this thread and wanted to provide the steps that worked. Mainly, I want to provide an alternative to running the script(s) floating around. I was uncomfortable running any script as root in recovery mode. I was uncomfortable both due to security concerns and as I had valuable data on my hard drive that I didn't want to mess up. Also, I haven't read the entire thread so other things might have been addressed above that I am not addressing here.
launchctl disable system/com.apple.ManagedClient.enroll
rm -rf /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
rm -rf /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
For me removing the above files under
/var/db/did not work because they were not present. I included the commands because some people seemed to have luck with them. I still added (touched) the two files under/var/dbjust to be thorough.
reboot to restart your computer and let it boot normally./etc/hosts file using your favorite editor: sudo vim /etc/hosts#block mdm connect
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com
It is also worth mentioning that I had my internet turned off for the duration of this process. Even if you can get your WiFi turned off before the popup blocks you, that isn't good enough. It is still possible for your Macbook to auto connect to a known WiFi network at boot - even if you have turned that network off. I've heard people say that it can still connect even if you've forgotten the network as well. To be thorough I blacklisted my macbook from accessing the internet from my router's configuration. If your router doesn't have that functionality or you don't want to figure out how to do that, just unplugging your router for the duration of the process would work as well. Again, I'm not sure if completely staying of the internet was necessary but I did it to be safe.
Bom dia!
Alguém atualizou para esta?
Sim. Já. Consegui atualizar sem problemas.
Hello!
I was struggling with this Remote Management issue.
I own a 2019 Macbook Pro with an Intel CPU that I purchased used from my old college. I upgraded the OS from Ventura to Sonoma 14.3 and received an unavoidable/non-closable popup prompting me to enroll in Remote Management.
I fixed my issues using this thread and wanted to provide the steps that worked. Mainly, I want to provide an alternative to running the script(s) floating around. I was uncomfortable running any script as root in recovery mode. I was uncomfortable both due to security concerns and as I had valuable data on my hard drive that I didn't want to mess up. Also, I haven't read the entire thread so other things might have been addressed above that I am not addressing here.
Here are the steps that worked for me:
- Restart/Power computer holding cmd+r to enter recovery mode.
- Open the terminal.
- Run the following commands
launchctl disable system/com.apple.ManagedClient.enroll rm -rf /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFoundFor me removing the above files under
/var/db/did not work because they were not present. I included the commands because some people seemed to have luck with them. I still added (touched) the two files under/var/dbjust to be thorough.
- Type
rebootto restart your computer and let it boot normally.- Login and hopefully the popup doesn't appear.
- Edit the
/etc/hostsfile using your favorite editor:sudo vim /etc/hosts- Add the following to the file:
This hopefully stops your computer from accessing these domains on the internet - where the mdm information is stored on Apple's servers.#block mdm connect 0.0.0.0 iprofiles.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 deviceenrollment.apple.com 0.0.0.0 gdmf.apple.com 0.0.0.0 acmdm.apple.com 0.0.0.0 albert.apple.comIt is also worth mentioning that I had my internet turned off for the duration of this process. Even if you can get your WiFi turned off before the popup blocks you, that isn't good enough. It is still possible for your Macbook to auto connect to a known WiFi network at boot - even if you have turned that network off. I've heard people say that it can still connect even if you've forgotten the network as well. To be thorough I blacklisted my macbook from accessing the internet from my router's configuration. If your router doesn't have that functionality or you don't want to figure out how to do that, just unplugging your router for the duration of the process would work as well. Again, I'm not sure if completely staying of the internet was necessary but I did it to be safe.
Thank you to all above that contributed, you really saved my butt!
Using this workaround it is safe to upgrade directly to 14.3.1 from 14.2.1?
Hope this comment is now visible - it got hidden due to a problem with my account.
(Cross post to https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4912658#gistcomment-4912658).
I managed getting rid of spyware and worse w/ Sonoma (14.3.1). So any statement that's not possible at all is wrong.
>sudo sysinfo
Software:
System Software Overview:
System Version: macOS 14.3.1 (23D60)
Kernel Version: Darwin 23.3.0
Boot Volume: Macintosh HD
Boot Mode: Normal
Computer Name: <>
User Name: System Administrator (root)
Secure Virtual Memory: Enabled
System Integrity Protection: Enabled
Time since boot: <>
Hardware:
Hardware Overview:
Model Name: MacBook Pro
Model Identifier: Mac15,9
Model Number: <>
Chip: Apple M3 Max
Total Number of Cores: 16 (12 performance and 4 efficiency)
Memory: 128 GB
System Firmware Version: 10151.81.1
OS Loader Version: 10151.81.1
Serial Number (system): <>
Hardware UUID: <>
Provisioning UDID: <>
Activation Lock Status: Disabled
>sudo profiles list
There are no configuration profiles installed in the system domain
>sudo profiles show -type enrollment
Error fetching Device Enrollment configuration: We can't determine if this machine is DEP enabled. Try again later.This approach assumes you are able to create a bootable installer and wipe your system disk (be sure to have a backup in place!).
Before starting at all, make sure you block the following URLs in the internet router. I used a Fritz!Box and here the ("Blocked websites" filter) to block these URLs:
iprofiles.apple.com
mdmenrollment.apple.com
deviceenrollment.apple.com
gdmf.apple.com
acmdm.apple.com
albert.apple.comMake sure the blocker works (i.e. ping from another device)!
In recovery mode, wipe the hard disk and start a clean install with the bootable installer.
Connect to the internet once to activate the system (I could not proceed without). As the installer fails to connect to the enrollment servers, an error message will be displayed indicating that the status of the enrollment could not be verified.
In recovery mode, open Terminal and e.g. try to delete /var/db/ConfigurationProfiles/Settings - you should get a prompt for the installation user (starting w/ "_m...") - which is a good sign (no other users set up so far)!
Now just run the script from the USB stick. Hint: directly enter the username you'd like to use later (instead going w/ Apple:1234 - saves some time). The script should run without any errors (despite the long previous discussions).
Before you proceed with the installation, reboot in recovery mode and change /etc/hosts by adding:
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf..apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com
>sudo launchctl disable system/com.apple.ManagedClientAgent.enrollagent
>sudo launchctl disable system/com.apple.mdmclient.daemon
>sudo launchctl disable system/com.apple.devicemanagementclient.teslad
# You might check other services and disable them - know what you do!
>sudo launchctl print system | sort | grep enabledFinally a firewall comes in handy to possibly add even more security: I blocked
/usr/libexec/teslad
/usr/libexec/mdmclient
(for both user + system).
This works well for me and shows that it's possible to stop companies from installing spyware on their employees' devices - even on M3. B.t.w. - in many countries these practices are unlawful, so I see following this approach justified as a way of self-defense.
Hello!
I was struggling with this Remote Management issue.
I own a 2019 Macbook Pro with an Intel CPU that I purchased used from my old college. I upgraded the OS from Ventura to Sonoma 14.3 and received an unavoidable/non-closable popup prompting me to enroll in Remote Management.
I fixed my issues using this thread and wanted to provide the steps that worked. Mainly, I want to provide an alternative to running the script(s) floating around. I was uncomfortable running any script as root in recovery mode. I was uncomfortable both due to security concerns and as I had valuable data on my hard drive that I didn't want to mess up. Also, I haven't read the entire thread so other things might have been addressed above that I am not addressing here.Here are the steps that worked for me:
- Restart/Power computer holding cmd+r to enter recovery mode.
- Open the terminal.
- Run the following commands
launchctl disable system/com.apple.ManagedClient.enroll rm -rf /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFoundFor me removing the above files under
/var/db/did not work because they were not present. I included the commands because some people seemed to have luck with them. I still added (touched) the two files under/var/dbjust to be thorough.
- Type
rebootto restart your computer and let it boot normally.- Login and hopefully the popup doesn't appear.
- Edit the
/etc/hostsfile using your favorite editor:sudo vim /etc/hosts- Add the following to the file:
This hopefully stops your computer from accessing these domains on the internet - where the mdm information is stored on Apple's servers.#block mdm connect 0.0.0.0 iprofiles.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 deviceenrollment.apple.com 0.0.0.0 gdmf.apple.com 0.0.0.0 acmdm.apple.com 0.0.0.0 albert.apple.comIt is also worth mentioning that I had my internet turned off for the duration of this process. Even if you can get your WiFi turned off before the popup blocks you, that isn't good enough. It is still possible for your Macbook to auto connect to a known WiFi network at boot - even if you have turned that network off. I've heard people say that it can still connect even if you've forgotten the network as well. To be thorough I blacklisted my macbook from accessing the internet from my router's configuration. If your router doesn't have that functionality or you don't want to figure out how to do that, just unplugging your router for the duration of the process would work as well. Again, I'm not sure if completely staying of the internet was necessary but I did it to be safe.
Thank you to all above that contributed, you really saved my butt!
Using this workaround it is safe to upgrade directly to 14.3.1 from 14.2.1?
it's mine question too :( no any update on this
Updated to 14.3.1, works for me, remove gdmf.apple.com from hosts before updating(in another way it wouldn't find updates). After updating finished, back it to hosts. Nothing special is needed if you are on 14.1.* - 14.2.* you can update your OS via UI (Software Update).
Just for info, for who had disk errors during the script run, it is updated with a fixed disk naming issue
https://github.com/skipmdm-phoenixbot/skipmdm.com/blob/main/Autobypass-mdm.sh
The pinned guide didn't work for me (Sonoma 14.3, MBP M3). I couldn't edit the .plist files as instructed (the file is read-only and sudo didn't help). What worked for me though was this very simple guide.
csrutil disable and reboot in normal modesudo su
cd /var/db/ConfigurationProfiles
rm -rf *
mkdir Settings
touch Settings/.profilesAreInstalledcsrutil enable. Reboot to normal mode. You shouldn't see the unremovable profiles again in System Preferences/Profiles
Hope this comment is now visible - it got hidden due to a problem with my account.
(Cross post to https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4912658#gistcomment-4912658).
I managed getting rid of spyware and worse w/ Sonoma (14.3.1). So any statement that's not possible at all is wrong.
System Info (redacted, personal information filtered)
>sudo sysinfo Software: System Software Overview: System Version: macOS 14.3.1 (23D60) Kernel Version: Darwin 23.3.0 Boot Volume: Macintosh HD Boot Mode: Normal Computer Name: <> User Name: System Administrator (root) Secure Virtual Memory: Enabled System Integrity Protection: Enabled Time since boot: <> Hardware: Hardware Overview: Model Name: MacBook Pro Model Identifier: Mac15,9 Model Number: <> Chip: Apple M3 Max Total Number of Cores: 16 (12 performance and 4 efficiency) Memory: 128 GB System Firmware Version: 10151.81.1 OS Loader Version: 10151.81.1 Serial Number (system): <> Hardware UUID: <> Provisioning UDID: <> Activation Lock Status: Disabled>sudo profiles list There are no configuration profiles installed in the system domain >sudo profiles show -type enrollment Error fetching Device Enrollment configuration: We can't determine if this machine is DEP enabled. Try again later.Approach: Clean Wipe, Router Filter, skipmdm.com Script
This approach assumes you are able to create a bootable installer and wipe your system disk (be sure to have a backup in place!).
Prerequisites
- Create bootable installer (I followed these instructions: https://mrmacintosh.com/how-to-create-a-macos-sonoma-usb-boot-disk-installer-in-5-min/)
- Have another external drive (e.g. USB stick) at hand and save the skipmdm.com script (https://raw.githubusercontent.com/skipmdm-phoenixbot/skipmdm.com/main/Autobypass-mdm.sh) on it.
- You have access to the internet router you use to activate macOS.
Block Apple URLs
Before starting at all, make sure you block the following URLs in the internet router. I used a Fritz!Box and here the ("Blocked websites" filter) to block these URLs:
iprofiles.apple.com mdmenrollment.apple.com deviceenrollment.apple.com gdmf.apple.com acmdm.apple.com albert.apple.comMake sure the blocker works (i.e. ping from another device)!
Clean Install
In recovery mode, wipe the hard disk and start a clean install with the bootable installer.
Activate the system
Connect to the internet once to activate the system (I could not proceed without). As the installer fails to connect to the enrollment servers, an error message will be displayed indicating that the status of the enrollment could not be verified.
Run the Script
In recovery mode, open Terminal and e.g. try to delete /var/db/ConfigurationProfiles/Settings - you should get a prompt for the installation user (starting w/ "_m...") - which is a good sign (no other users set up so far)!
Now just run the script from the USB stick. Hint: directly enter the username you'd like to use later (instead going w/ Apple:1234 - saves some time). The script should run without any errors (despite the long previous discussions).
Postwork
Block URLs in /etc/hosts
Before you proceed with the installation, reboot in recovery mode and change /etc/hosts by adding:
0.0.0.0 iprofiles.apple.com 0.0.0.0 mdmenrollment.apple.com 0.0.0.0 deviceenrollment.apple.com 0.0.0.0 gdmf..apple.com 0.0.0.0 acmdm.apple.com 0.0.0.0 albert.apple.comDisable agents
>sudo launchctl disable system/com.apple.ManagedClientAgent.enrollagent >sudo launchctl disable system/com.apple.mdmclient.daemon >sudo launchctl disable system/com.apple.devicemanagementclient.teslad # You might check other services and disable them - know what you do! >sudo launchctl print system | sort | grep enabledLittle Snitch
Finally a firewall comes in handy to possibly add even more security: I blocked
/usr/libexec/teslad /usr/libexec/mdmclient(for both user + system).
This works well for me and shows that it's possible to stop companies from installing spyware on their employees' devices - even on M3. B.t.w. - in many countries these practices are unlawful, so I see following this approach justified as a way of self-defense.
FWIW, this worked for me. Some of the steps might need to be more prescriptive for folks not very familiar with Macs, but I got it working in one pass. If you want a different drive name than "Macintosh HD" you will need to edit the global constant lines of Autobypass-mdm.sh to reflect the drive name you want.
I did have to connect to the internet to activate as well, but as soon as I hit the "This device is owned by an organization" page, I hit COMMAND-Q, booted in to Recovery Mode, then picked up the instructions from there and ran the script.
After using the method above to get to 14.3.1, how should I proceed to get to 14.4 or future 14.x updates?
Edit-
After no responses, I decided to try using the System Settings Software Updater, that seems to have worked as expected, and so far no enrollment screens after a couple days.
Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14)
Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
Can’t believe it but I think it worked! Thank you so much!
After using the method above to get to 14.3.1, how should I proceed to get to 14.4 or future 14.x updates?
Edit-
After no responses, I decided to try using the System Settings Software Updater, that seems to have worked as expected, and so far no enrollment screens after a couple days.
How did you manage to see the update in System Settings? Mine just says "your Mac is up to date"....
/etc/hosts
Check your host file and deblock "gdmf.apple.com"
/etc/hosts
Check your host file and deblock "gdmf.apple.com"
It worked, I can see the update to 14.4 now. Can this be left unlocked for the future updates?
FWIW, I had the following FQDNs blocked at the router:
iprofiles.apple.com
mdmenrollment.apple.com
deviceenrollment.apple.com
gdmf.apple.com
acmdm.apple.com
albert.apple.com
I had them blocked in /etc/hosts as well. Still was able to update. Based on a quick search, gdmf.apple.com is specifically for MDM-managed devices.
Here is a list of all the FQDNs for the various services Apple devices might use
I have an unmanaged iMac and a used-to-be-managed Macbook Pro on my home network. My employer sends out alerts when there are major MacOS updates, critical updates, & patches. When the 14.4 notice came out, I went in to Software Update on both systems, and the 14.4 update showed up automagically as expected. No unblocking on my part.
If you truly do HAVE to unblock gdmf.apple.com to get updates, your machine may actually still be enrolled, but some other step in one of the techniques here suppresses the nag messages.
To check that, open Terminal and enter the following command:
profiles status -type enrollment
Your results should be :
Enrolled via DEP: No
MDM enrollment: No
To check that, open Terminal and enter the following command:
profiles status -type enrollment
I run the command and I see "No" to all...
Greetings, Do you know if there is a way to log in with this Macbook Air 2020 with Intel, it has remote administration with Jamf, it asks me to log in with a Microsoft business account when using a personal account it does not allow it and when giving local login it asks me for a password but I do not have it.
If there is any option?
FWIW, this worked for me. Some of the steps might need to be more prescriptive for folks not very familiar with Macs, but I got it working in one pass. If you want a different drive name than "Macintosh HD" you will need to edit the global constant lines of Autobypass-mdm.sh to reflect the drive name you want.
I did have to connect to the internet to activate as well, but as soon as I hit the "This device is owned by an organization" page, I hit COMMAND-Q, booted in to Recovery Mode, then picked up the instructions from there and ran the script.
Just adding that this post in reply to the above method is what got me sorted out. Clean install (didn't have to use USB), reboot to recovery at the MDM screen, run bypass script and reboot. Dead simple.
what’s supposed to be done ?
I read above that the blocks shouldn't affect Messages or FaceTime but I can't get either of them to log in. No issues with other iCloud services.
Any help or guidance?