Turning off Device Enrollment Notifications on MacBook Pro

macos macbook-pro device-enrollment-program mobile-device-management configuration-profiles

I have purchased a MacBook Pro a year ago and after upgrading to Sierra started to receive notifications from a company that owned a laptop before. I have tried contacting Apple Service and the actual company, no luck so far. I have learned that I need to find two files:

/System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist

But I can't move them (and even create folders where they can be moved): /Library/LaunchAgentsDisabled and /Library/LaunchDaemonsDisabled

Can anyone please help how I can turn off device enrollment notifications?


Solution 1:

I found an easy solution to get rid of the notification that worked in my case (not sure if it'll work in every case) and that didn't required to disable SIP nor go into recovery was (I'm in Big Sur v11.5):

First, block your Mac from reaching the domain iprofiles.apple.com. I use LittleSnitch as my firewall, so I blocked it there, but you can also use your hosts file like:

sudo echo "0.0.0.0 iprofiles.apple.com" >> /etc/hosts

Then, I checked the current enrollment profile

sudo profiles show -type enrollment

This will show you the current enrollment configuration your Mac has, you can even block the domain mentioned in ConfigurationURL just to be safe.

After than, I proceed to delete the profile, in my regular session, not recovery, although it would probably also work in recovery:

sudo profiles remove -all

Keep in mind that this command will delete all other profiles you may have, in my case, I didn't more.

Finally, you can check for the enrollment profile again, I would get an error saying that it could not retrieved given that I blocked the domain from where it's retrieved:

sudo profiles show -type enrollment
Error fetching Device Enrollment configuration: (34000) Error Domain=MCCloudConfigurationErrorDomain Code=34000 "The device failed to request configuration from the cloud." UserInfo={NSLocalizedDescription=The device failed to request configuration from the cloud., CloudConfigurationErrorType=CloudConfigurationFatalError}

And the notification is gone for good. I'll report back in the next OS upgrade to see if it comes back.

Solution 2:

Just in case you're still confused about this issue, restart your mac in recovery mode, in terminal, type in command:

csrutil disable; reboot

This will disable system integrity protection and restart your mac.

Open your terminal again, type in command:

sudo mv /System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist /Library/LaunchAgentsDisabled
sudo mv /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist /Library/LaunchDaemonsDisabled

This should do the trick.

However, don't for get to re-enable your system integrity protection by restarting your mac in recovery mode, typing in command:

csrutil enable

You can check your SIP status with command:

csrutil status

Good luck!

Solution 3:

On Big Sur, these solutions become problematic because disabling SSV (Signed System Volume) will prevent useful features, such as FileVault, from working.

Instead, I believe that you can prevent the ManagedClientAgent from being "helpful" by simply creating the file:

/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled

e.g. disable SIP then

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled

Solution 4:

This works for macOS Big Sur to Disable MDM notifications

  1. Restart in Recovery Mode Restart your Mac then hold down the Command & R keys together until you're in the Recovery Mode menu (Command+R)
  2. Click on Utilities (top menu bar) then select: Startup Security Utility
  3. A 3-choices popup appears: select (No security) (there is no confirmation button to press)
  4. Restart again in Recovery Mode (Command+R)
  5. Click on Utilities (top menu bar) then select Terminal
  6. type in: mount then press enter/return
  7. A list of things will show up once you enter in (mount) in Terminal Write down the disk associated with /Volumes/Macintosh HD (mine was /dev/disk2s5) Note: it's not /, and it's not /Volumes/Macintosh HD - Data
  8. Next, in Terminal, write: umount /Volumes/Macintosh\ HD
  9. then: mkdir /Volumes/Macintosh\ HD
  10. then: mount -t apfs -rw /dev/disk2s5 /Volumes/Macintosh\ HD
  11. then: cd /Volumes/Macintosh\ HD/System/Library/LaunchAgents
  12. then: mkdir xtemp
  13. then: mv com.apple.ManagedClientAgent.* xtemp/
  14. then: mv com.apple.mdmclient.* xtemp/
  15. then: cd ../LaunchDaemons
  16. then: mkdir xtemp
  17. then: mv com.apple.ManagedClient.* xtemp/
  18. then: mv com.apple.mdmclient.* xtemp/
  19. then: csrutil authenticated-root disable (this will Turn off Signed System Volume SSV)
  20. then lastly: bless --folder /Volumes/Macintosh\ HD/System/Library/CoreServices --bootefi --create-snapshot
 (this will Save the current disk status in the boot snapshot)
  21. Now you can restart your Mac, DEP notification is disabled.

Related

Uninstall Java Mountain Lion [duplicate]
Install Sierra as guest OS in VM with Parallels 12
Can I run two 4k (3840x2160) displays at 60hz on a Macbook Pro 13" 2015 [duplicate]
Where is nmblookup in Lion?
How to automount SMB share in OS X
Is it possible to mount SharePoint as a volume in 10.6?
How can I download all MP3 files from a web site?
Proxy settings for iPhone, 3G connection
So my Yosemite install is slow - what to do?
How can I make my microSD card writable?
Is it possible to run Snow Leopard on a LATE 2011 MacBook Pro?
Change Terminal.app's Default Shell to BASH