Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Remove Individual OS X Configuration Profile via Command Line

Hoping to get some assistance from the knowledge of the JAMF Nation. I am struggling to remove an individual configuration profile, that was installed manually, via the command line. Testing on Mavericks 10.9.1 currently. Used the profiles man page and this: https://developer.apple.com/library/mac/documentation/darwin/Reference/ManPages/man1/profiles.1.html

Commands I've tried:

sudo profiles -R -F /tmp/profilename.mobileconfig
sudo profiles -R -p profileidentifier
sudo profiles -R -p profileidentifier -U username

No dice so far. Use case is that a profile is installed manually and it needs to be removed without removing all profiles. Any thoughts out there?

Thanks!
Ben

Like Comment
SOLVED Posted: 1/21/14 at 1:02 PM by nessts

i use the profiles -R -p profileidentifier all the time
use profiles -P to get the identifier before hand, maybe you are using the wrong identifier.

Like
SOLVED Posted: 1/22/14 at 6:30 PM by Bauer

We've had to do the same thing in our environment, and I found the uninstall has to be formatted like:

profiles -R -p com.apple.mdm.server.corp.company.com.123af456-78e9-112-123a-123a456789.alacarte

...and like @nessts said, you'll need to get that whole identifier string from the

```
profiles -P
``` command. If you have a password required to uninstall the profile, that'll still be necessary from the command line, like it would through the gui. Hope that helps!

Like
SOLVED Posted: 9/3/14 at 4:27 PM by Sonic84

Is there a way to remove user level MDMs from multiple users (Like SCEP or AD Certs)?

Like
SOLVED Posted: 9/8/14 at 9:35 AM by relliott

From what I have found out, apparently not. I am looking for the same thing myself. An woeful omittance on behalf of Apple i think.

Like
SOLVED Posted: 9/8/14 at 12:38 PM by scottb

Has anyone read about changes in 10.10 that might make this more versatile? Just curious. No NDA breakage, just wondering if anyone has read anything about it?

Like
SOLVED Posted: 9/8/14 at 12:56 PM by ctangora

This is what I wrote to remove a MDM based on the name. Profile name being the fourth variable passed.

#!/bin/bash

## Get UUID of requested MDM Profile
MDMUUID=`profiles -Lv | grep "name: $4" -4 | awk -F": " '/attribute: profileIdentifier/{print $NF}'`

## Remove said profile, identified by UUID
if [[ $MDMUUID ]]; then
    profiles -R -p $MDMUUID
else
    echo "No Profile Found"
fi

sleep 5
Like
SOLVED Posted: 3/29/15 at 10:55 PM by Look

Just because I needed it today...
I have created a script to look for a profile name starting with MDM (which seems to be what our evnironment has), it then removes it and runs jamf manage to get it back again.
I have set this in Self Service as a way for people who for whatever reason weren't getting updated policies.
It's not particularly elegant and would probably remove the first profile starting with MDM, so if you have other policies so named it's probably not for you...

#!/bin/bash
echo

MDM_UUID=$(profiles -Lv | awk '/attribute: name: MDM/,/attribute: profileUUID:/' | awk '/attribute: profileUUID:/ {print $NF}')
echo $MDM_UUID
if [ -z "$MDM_UUID" ]
then
echo "-MDM profile NOT found. Attempting to manage-"
jamf manage
else
echo "-MDM profile found. Removing MDM before attempting to manage-"
profiles -R -p "$MDM_UUID"
sleep 5
jamf manage
fi

echo
exit 0
Like
SOLVED Posted: 2/6/16 at 6:36 AM by Jand99

Even as a root/admin user the profiles cannot be removed. Any suggestions?

_computerlevel[1] attribute: profileIdentifier: 00000000-0000-0000-A000-3A414D460003
>>profiles -v -R -p 00000000-0000-0000-A000-3A414D460004
profiles: verbose mode ON
profiles uninstall for identifier:'00000000-0000-0000-A000-3A414D460004' and user:'root' returned -205 (Unable to locate configuration profile.)
profiles: returned error: -205

Like
SOLVED Posted: 2/27/16 at 4:52 PM by rqomsiya

@Jand99 I'm having the same issue. Running into error -205. Did you find a solution??

Thanks,
R

Like
SOLVED Posted: 2/29/16 at 1:28 PM by Jand99

Solution is simple if you have admin rights.
Assuming that "sudo jamf removeFramework" did not work you can try this:
Start terminal and type:
sudo -i
cd /var/db/
mv ConfigurationProfiles ConfigurationProfilesOLD

then reboot. A new empty ConfigurationProfiles folder will be created automatically.

NOTE: If you need to keep some special configuration profiles in that folder it may be better to only delete the file in /var/db/ConfigurationProfiles/MDM_ComputerPrefs.plist file.

Like
SOLVED Posted: 2/29/16 at 2:13 PM by rqomsiya

Well i actually have a config profile that is for wi-fi access. We manually packaged it and installed via script. However, i can't remove it. I keep getting the -205 error. I'm running the simple command

#!/bin/sh

profiles -R -p UUID (of the file in question)
Like
SOLVED Posted: 4/7/16 at 12:37 AM by Malcolm

passcode protected?

Like
SOLVED Posted: 8/25/16 at 9:19 AM by dstranathan

Related question: When a configuration profile has been removed from a JAMF Managed Mac manaully (command or script), will the profile get reinstalled automatically via MDM at some point (assuming the target Mac is still scoped for that particular profile etc)?

Like
SOLVED Posted: 8/25/16 at 10:27 AM by donmontalvo

@dstranathan will until out of scope

Like
SOLVED Posted: 12/6/16 at 5:15 PM by jouwstrab

@Jand99 You're a genius, that was the answer I was looking for. I ran your commands after doing -removeFramework and then re-enrolled with a QuickAdd and WIN!

Thanks a bunch.

Like
SOLVED Posted: 12/22/16 at 1:44 PM by trademarkable

+1 for @Bauer from way-back-when, had a manually- (not JAMF-) distributed config profile which just wouldn't go away. Syntax is everything!

Like
SOLVED Posted: 1/3/17 at 6:43 AM by Chris_Hafner

Just to clear up a question I had when reading this post all this time later. For those using secured, manually installed profiles. Removal of such a profile using a command:

sudo profiles -R -F /tmp/profilename.mobileconfig

requires the profilename.mobileconfig to be loaded into /tmp/ again. For most of you, this is totally obvious as the command calls for it. This means if your original install policy copied the "profilename.mobileconfig" to the /tmp/ directory to install it, you will need to again copy the "profilename.mobileconfig" to the /tmp/ directory before you can uninstall it.

Just to help future newbies!

Like
SOLVED Posted: 4/22/17 at 1:49 PM by cdenoia

Hey everyone,

I need to remove a specific Configuration Profile that was installed via the server on my 10.11.6 machines. I need to remove it via command line in a script for a very particular purpose. Since the Config Profile was installed via the JSS, the simple [ /usr/bin/profiles -R -F] will not work. Does anyone know how to remove a server installed Config Profile via terminal?

Thanks!

Like
SOLVED Posted: 4/23/17 at 6:32 PM by mm2270

@cdenoia Have you tried using sudo profiles -R -p UUID as shown in some of the posts above? The UUID is the identifier string that you can get by running sudo profiles -P in Terminal.

Like
SOLVED Posted: 4/23/17 at 8:33 PM by cdenoia

Hey @mm2270 ,

Yes, I attempted to issue command: /usr/bin/profiles -R -p <UUID>
Error = "return 101 (profile is not removable)"

Any other ideas??

Like
SOLVED Posted: 5/28/17 at 1:36 AM by alexmcclements

Try adding -U "creatorofprofile" at the end of the command

sudo profiles -R -p UUID -U magicname

That worked for me.

Like
SOLVED Posted: 5/28/17 at 1:55 AM by rqomsiya

What do you mean by creator of profile?

Like
SOLVED Posted: 6/12/17 at 2:54 AM by alexmcclements

Sorry for delay, If a profile was installed under a particular username when you run profile -P you should see the username at the start of the string, if you take that username and add it to the end of your command it should remove the profile so if the username was ted your command would look like this

sudo profiles -R -p UUID -U ted

Like
SOLVED Posted: 6/14/17 at 3:38 PM by bbot

Just to confirm, @alexmcclements command works.

To put it in a script, you just need to grab the logged in user's username from /dev/console for ex.

user=stat -f "%Su" /dev/console
profiles -R -p "UUID HERE" -U $user

Like