Trans: Latin prefix implying "across" or "Beyond", often used in gender nonconforming situations – Scend: Archaic word describing a strong "surge" or "wave", originating with 15th century english sailors – Survival: 15th century english compound word describing an existence only worth transcending.

Obliterate non-removable MDM profiles enforced by Apple’s Device Enrollment Program

Or, when life gives you apples, use Linux

Seemingly harder to remove with every eye-glazing gist and thread… A mac plagued with an is_mdm_removable=false Mobile Device Management profile: the worst! 🙂

First, boot into recovery mode by rebooting while holding down the Command & R keys.

At this stage, you’ll need to connect to the internet briefly to download the recovery OS. This provides a few tools including like disk utility, support, an osx reinstaller- at the top menu, you’ll find an option to access a terminal.

Once in there, you’ll want to:

Disable SIP:

csrutil disable

Then reboot:

reboot now

While holding down Command + Option + P + R to start afresh with cleared NVRAM.

Reboot once again while holding down the Command & R keys to return to the recovery OS. Reinstall whatever version of OSX it offers- instead of trying to deal with the slippery, network connected DEP plists & binaries contained within the various LaunchAgents and LaunchDaemons found in the /System/Library directories directly, we’ll let Apple finish with the ConfigurationProfiles first, then sneak in and remove them.

While this stuff is cooking, get yourself a usb stick and a penguin, such as Budgie:

wget -nd http://cdimage.ubuntu.com/ubuntu-budgie/releases/20.04.1/release/ubuntu-budgie-20.04.1-desktop-amd64.iso
umount /dev/sdc 2>/dev/null || true
sudo dd if=ubuntu-budgie-20.04.1-desktop-amd64.iso of=/dev/sdc bs=1048576 && sync

Boot up again, this time holding the Option key for the bootloader menu. Once in the live usb system, make sure you can read Apples HFS filesystem:

sudo apt-get install hfsprogs

For me at least, I needed to run a quick fsck to fix up the headers before I could mount the osx filesystem living at /dev/sda2 (sda1 is the efi partition):

sudo fsck.hfsplus /dev/sda2

Now, lets go in there and remove those ConfigurationProfiles:

mkdir badapple
sudo mount -o force /dev/sda2 badapple
cd badapple
sudo rm -rf private/var/db/ConfigurationProfiles/*

🙂

14 Comments

  1. Joseph

    Could you please go into a little more step-by-step on how to do this? I understand until you get to the Budgie part. I downloaded it, now do what with it? Some more plain English directions, please. Thank you!

    • Jess

      Sure!
      You’ll first want to burn that Budgie disk image to an external drive of some kind, like a thumb drive. The method in my post just uses the built in `dd` utility in Mac’s terminal; If you’ve inserted a single usb stick into your mac, the command:
      umount /dev/sdc 2>/dev/null || true
      sudo dd if=ubuntu-budgie-20.04.1-desktop-amd64.iso of=/dev/sdc bs=1048576 && sync
      …would burn the “ubuntu-budgie-20.04.1-desktop-amd64.iso” disk image onto usb device “/dev/sdc”.
      Lots of other ways to do this too, like with this nifty tool https://www.balena.io/etcher/
      Then, by rebooting while holding the “option” key you’ll be able to boot into Budgie instead of Mac OS from the usb stick. Wait for everything to load, might take a while. Ignore any install or welcome prompts if from Budgie if it asks, instead go straight to the `Tilix` shell by hitting the “Command” key then typing in “Tilix” and then hitting “Enter”.

      From here:
      sudo apt-get install hfsprogs -y
      – This driver lets budgie know how to read apple’s hfs file system.
      sudo fsck.hfsplus /dev/sda2
      – This normalizes the volume headers in the main Mac OS partition.
      mkdir badapple
      – This command makes a new folder in Budgie, where we’ll mount that Mac OS partition
      sudo mount -o force /dev/sda2 badapple
      – this mounts everything in that main Mac partition in the new folder /badapple/
      cd badapple
      – here we enter ./badapple/
      sudo rm -rf private/var/db/ConfigurationProfiles/*
      – here we forcibly delete all ConfigurationProfiles
      cd ~
      – here we’ve left the ./badapple/ directory

      you might then:
      sudo umount -f /dev/sda2
      sudo shutdown now
      …to unmount and shutdown.
      Remove the usb stick and reboot.

      Hope this helps!
      -Jess

  2. Jamie M

    Is this a way to remove a MDM profile forever? Or will it still prompt when wiping the disk again.

    Cheers Jamie

    • Jess

      Hey Jamie,
      Yes! By removing the profiles in `private/var/db/ConfigurationProfiles/*` (from a proper shell with permission to do it; this is I’m going in mounting and deleting them from a shell in Budgie / Ubuntu) your mac will no longer have any mdm profile services to talk to, so it shouldn’t be able to get them back 🙂

      Cheers!
      -Jess

      • Jamie Kirwan

        Hello Jess,
        Thanks for your reply greatly appreciated.
        Does budgie still need to be installed for it too remember that it was removed.

        I’m really asking is when I’ve done all this which I’ll try this evening can I wipe everything on mac disk utility and install just mac os big sur so it’s ready too sell on to a new user.

        Cheers Jamie

        • Jess

          Hey Jamie,
          I am using Ubuntu Budgie here from a usb stick (not to be installed on the mac- boot from a usb stick by holding alt/option on startup) just so we can mount –> remove the offending mac os directories from a system privileged to do so (any os will do, just not mac os!). Once the profiles and mdm bits are gone, one hop back over to mac os, upgrade to big sur / catalina etc- the mac should be none the wiser, and should not have any reason to ding the profile service. hope this helps!

  3. Daniel

    Sorry I meant to say “unknown filesystem type apfs”

    After I give command;
    sudo mount -o force /dev/sda2 badapple

    How did you go around that, I tried both formats apfs and extended journaled

    • Jess

      Hola Daniel,
      From Budgie / Ubuntu, you can install an APFS driver like this:
      `sudo apt-get install libfsapfs-utils -y`

      Then mount the filesystem like this:
      `sudo fsapfsmount -f 1 /dev/sda2 badapple`

      Hope this helps,
      -Jess

  4. Frank

    Any way to do this on Big Sur – that has an APFS filesystem?

    • Jess

      Hey Frank,
      There is a sort of experimental linux driver you can use to mount APFS on debian / ubuntu-
      From Budgie / Ubuntu, install it like this:
      `sudo apt-get install libfsapfs-utils -y`

      Then mount the filesystem like this:
      `sudo fsapfsmount -f 1 /dev/sda2 badapple`

      Hope this helps!
      -Jess

  5. Eric

    This was so helpful!

    I found a showstopper. If ‘Startup Security Utility’ is set to prohibit booting from external media, it won’t boot from the USB drive.

    • onejay

      Hey Eric, I also encountered this hurdle but was able to clear it, but you’ll need the password for an admin user on the Mac. Reboot your Mac and hold down command R to get into Recovery mode, then from the Utilities menu item, select Start Security Utility, enter the admin password, and you should be able to select the option to Allow booting from external media

  6. Mike

    Hi. I’m getting “missing mount point” when I run the command: `sudo fsapfsmount -f 1 /dev/sda2 badapple`

    Please advise.

Leave a Reply to Jess Cancel reply

Your email address will not be published. Required fields are marked *

© 2024 Trans Scend Survival

α wιρ Σ ♥ by Jess SullivanUp ↑