Remove Individual OS X Configuration Profile via Command Line

i use the profiles -R -p profileidentifier all the time
use profiles -P to get the identifier before hand, maybe you are using the wrong identifier.

We've had to do the same thing in our environment, and I found the uninstall has to be formatted like:

profiles -R -p com.apple.mdm.server.corp.company.com.123af456-78e9-112-123a-123a456789.alacarte

...and like @nessts said, you'll need to get that whole identifier string from the

```
profiles -P
``` command. If you have a password required to uninstall the profile, that'll still be necessary from the command line, like it would through the gui. Hope that helps!

Is there a way to remove user level MDMs from multiple users (Like SCEP or AD Certs)?

From what I have found out, apparently not. I am looking for the same thing myself. An woeful omittance on behalf of Apple i think.

Has anyone read about changes in 10.10 that might make this more versatile? Just curious. No NDA breakage, just wondering if anyone has read anything about it?

This is what I wrote to remove a MDM based on the name. Profile name being the fourth variable passed.

#!/bin/bash

## Get UUID of requested MDM Profile
MDMUUID=`profiles -Lv | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}'`

## Remove said profile, identified by UUID
if [[ $MDMUUID ]]; then
    profiles -R -p $MDMUUID
else
    echo "No Profile Found"
fi

sleep 5

Just because I needed it today...
I have created a script to look for a profile name starting with MDM (which seems to be what our evnironment has), it then removes it and runs jamf manage to get it back again.
I have set this in Self Service as a way for people who for whatever reason weren't getting updated policies.
It's not particularly elegant and would probably remove the first profile starting with MDM, so if you have other policies so named it's probably not for you...

#!/bin/bash
echo

MDM_UUID=$(profiles -Lv | awk '/attribute: name: MDM/,/attribute: profileUUID:/' | awk '/attribute: profileUUID:/ {print $NF}')
echo $MDM_UUID
if [ -z "$MDM_UUID" ]
then
echo "-MDM profile NOT found. Attempting to manage-"
jamf manage
else
echo "-MDM profile found. Removing MDM before attempting to manage-"
profiles -R -p "$MDM_UUID"
sleep 5
jamf manage
fi

echo
exit 0

Even as a root/admin user the profiles cannot be removed. Any suggestions?

_computerlevel[1] attribute: profileIdentifier: 00000000-0000-0000-A000-3A414D460003
>>profiles -v -R -p 00000000-0000-0000-A000-3A414D460004
profiles: verbose mode ON
profiles uninstall for identifier:'00000000-0000-0000-A000-3A414D460004' and user:'root' returned -205 (Unable to locate configuration profile.)
profiles: returned error: -205

@Jand99 I'm having the same issue. Running into error -205. Did you find a solution??

Thanks,
R

Solution is simple if you have admin rights.
Assuming that "sudo jamf removeFramework" did not work you can try this:
Start terminal and type:
sudo -i
cd /var/db/
mv ConfigurationProfiles ConfigurationProfilesOLD

then reboot. A new empty ConfigurationProfiles folder will be created automatically.

NOTE: If you need to keep some special configuration profiles in that folder it may be better to only delete the file in /var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist file.

Well i actually have a config profile that is for wi-fi access. We manually packaged it and installed via script. However, i can't remove it. I keep getting the -205 error. I'm running the simple command

#!/bin/sh

profiles -R -p UUID (of the file in question)

passcode protected?

Related question: When a configuration profile has been removed from a JAMF Managed Mac manaully (command or script), will the profile get reinstalled automatically via MDM at some point (assuming the target Mac is still scoped for that particular profile etc)?

@dstranathan will until out of scope

@Jand99 You're a genius, that was the answer I was looking for. I ran your commands after doing -removeFramework and then re-enrolled with a QuickAdd and WIN!

Thanks a bunch.

+1 for @Bauer from way-back-when, had a manually- (not JAMF-) distributed config profile which just wouldn't go away. Syntax is everything!

Just to clear up a question I had when reading this post all this time later. For those using secured, manually installed profiles. Removal of such a profile using a command:

sudo profiles -R -F /tmp/profilename.mobileconfig

requires the profilename.mobileconfig to be loaded into /tmp/ again. For most of you, this is totally obvious as the command calls for it. This means if your original install policy copied the "profilename.mobileconfig" to the /tmp/ directory to install it, you will need to again copy the "profilename.mobileconfig" to the /tmp/ directory before you can uninstall it.

Just to help future newbies!

Hey everyone,

I need to remove a specific Configuration Profile that was installed via the server on my 10.11.6 machines. I need to remove it via command line in a script for a very particular purpose. Since the Config Profile was installed via the JSS, the simple [ /usr/bin/profiles -R -F] will not work. Does anyone know how to remove a server installed Config Profile via terminal?

Thanks!

@cdenoia Have you tried using sudo profiles -R -p UUID as shown in some of the posts above? The UUID is the identifier string that you can get by running sudo profiles -P in Terminal.

Hey @mm2270 ,

Yes, I attempted to issue command: /usr/bin/profiles -R -p <UUID>
Error = "return 101 (profile is not removable)"

Any other ideas??

Try adding -U "creatorofprofile" at the end of the command

sudo profiles -R -p UUID -U magicname

That worked for me.

What do you mean by creator of profile?

Sorry for delay, If a profile was installed under a particular username when you run profile -P you should see the username at the start of the string, if you take that username and add it to the end of your command it should remove the profile so if the username was ted your command would look like this

sudo profiles -R -p UUID -U ted

Just to confirm, @alexmcclements command works.

To put it in a script, you just need to grab the logged in user's username from /dev/console for ex.

user=stat -f "%Su" /dev/console
profiles -R -p "UUID HERE" -U $user