Disable Device Enrollment Program (DEP) notification on macOS Ventura.md

Disable Device Enrollment Program (DEP) notification on macOS Ventura.md

Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340

Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d

Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac

You need to Restart and try it again.

…

On Jul 28, 2023, at 7:08 PM, bagofcig ***@***.***> wrote: or to setup completing, so on a fresh install. But you have to first start the Mac after an erase and reinstall, then let it get to the Welcome screen, then power it off and startup to recovery and perform the steps. IF you are already in the macOS logged into your user

You need to Restart and try it again.
…

I tried couple more times but it did not work.

The command has to be run prior to setup completing, so on a fresh install. But you have to first start the Mac after an erase and reinstall, then let it get to the Welcome screen, then power it off and startup to recovery and perform the steps. IF you are already in the macOS logged into your user and you are getting the notification for MDM enrollment you can do this… Reboot to Recovery and open Terminal, enter the command “csrutil disable” then “restart” but hold the power button down so you can go right back into Recovery. Once in Recovery open Terminal again and navigate to /Volumes/Macintosh HD/var/db/ConfigurationProfiles and then delete the Settings and Store folders with the commands “rm -R settings”. “rm -R stores”. Then navigate to /Volumes/Macintosh HD/etc and edit the hosts file to add the following: 0.0.0.0 alfred.apple.com 0.0.0.0 iprofiles.apple.com http://iprofiles.apple.com/ Then save the file and issue “csrutil enable” then “restart”. All should be well now.
…

I have erased and install the macOS, and before going through the setup (welcome screen).
i shutdown the mac and enter the recovery mode and enter the command, i took another step to make sure that i follow the steps right, after getting the same error, i tried to figure out what i’m missing i used the “cd” command , and it seems that there is no “db” file.
Please help me out here i still did not finish the setup waiting for your instruction.
When i try csrutil disable, i have been asked to enter a password?! How is that happening

> macos12

1. reset root password
2. in hello make user use root account
3. touch appledone file
4. disable sip
5. touch file

This is the complete step. The specific information is mentioned in front. Don't bother others.

---

别BB，自己看前面的信息，OK？

有人知道怎么看监管剩余时间或者是否已失效嘛

---

Does anyone know how to look at the remaining time of supervision or whether it has expired?

You need to Restart and try it again.
…

Please tell you got any idea

This method worked for me with a few tweaks. M2 running Ventura 13.4.1 For whatever reason, I was unsuccessful in changing the root password. Ended up creating a new user via command line and using that user to create the user in system preferences.

1. Boot to Recovery (Hold down power button on M2.
2. Open Terminal and create a new user using the below commands. Note that the volume name may vary. This example creates an admin user called "test"

dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test UserShell /bin/bash
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test RealName "Lucius Q. User"
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test UniqueID "1010"
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test PrimaryGroupID 80
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test NFSHomeDirectory /Users/luser
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -append  /Local/Default//Groups/admin GroupMembership test
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/test

5. Enter a new password for the user.
6. Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.
7. Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.
8. Click the Apple logo > System Settings -> Users & Groups
9. Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "test" and use the password you created earlier in Terminal.
10. Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.
11. Boot to Recovery again.
12. Open Terminal and enter the command below and press Enter.
    touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone
13. Then type Reboot and press Enter or force off your Mac again using the steps above.
14. Enjoy your stolen laptop jk

This worked a treat for me mate, thanks so much!

I have an M2 MacBook Air and after updating to Sonoma it forced the DEP to overlay on top of the Desktop and it would not Force Quit or allow you to use the Mac at all. To overcome this you have to reboot to recovery and perform a csrutil disable in Terminal, then Restart back to Recovery once again, and then navigate to /Volumes/Macintosh HD Data/var/db and use the command “rm -r" on the ConfigurationProfiles folder to delete it. Then you can reenable SIP with “csrutil enable” restart and this should prevent the MDM from starting up again. If that doesn’t work you may have to remove some LaunchAgents found in System but I do not think I had to do that - it was just the removal of that ConfigurationProfiles folder that resolved the issue.

…

On Mar 28, 2023, at 2:43 PM, Craig Bassett ***@***.***> wrote: @cadriel commented on this gist. Yes, I understand manual updates work - and have done this. I however would like to know if we can re-enable automatic updates. — Reply to this email directly, view it on GitHub <https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd#gistcomment-4518741> or unsubscribe <https://github.com/notifications/unsubscribe-auth/ANIV4G5QLPREWNHE4ZFEILDW6MWNFBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTAMBRGYYTCMRSU52HE2LHM5SXFJTDOJSWC5DF>. You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

thanks @gwshaw for the edits!
Here is how you can bypass MDM completely ...
Boot to Recovery
Open Terminal and enable the root user and give it a password:
Enter the command below and press Enter
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root
There might be a slight directory difference between Intel/Silicon. If the command above does not work try using one of these variations:
/Volumes/Macintosh\ HD\ -\ Data/ or /Volumes/Data/
Enter a new password for root user. Note * If you choose a simple password be aware that the root user will be available as a user that can log into macOS which could present a risk to the security of the device.
Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.
Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.
Click the Apple logo > System Settings -> Users & Groups
Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "root" and use the password you created earlier in Terminal.
Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.
Boot to Recovery again.
Open Terminal and enter the command below and press Enter.
touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone
Then type Reboot and press Enter or force off your Mac again using the steps above.
If you found this helpful please donate! https://pay.siliconbypass.com

This method worked for me with a few tweaks. M2 running Ventura 13.4.1 For whatever reason, I was unsuccessful in changing the root password. Ended up creating a new user via command line and using that user to create the user in system preferences.

1. Boot to Recovery (Hold down power button on M2.
2. Open Terminal and create a new user using the below commands. Note that the volume name may vary. This example creates an admin user called "test"

dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test UserShell /bin/bash
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test RealName "Lucius Q. User"
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test UniqueID "1010"
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test PrimaryGroupID 80
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test NFSHomeDirectory /Users/luser
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -append  /Local/Default//Groups/admin GroupMembership test
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/test

5. Enter a new password for the user.
6. Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.
7. Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.
8. Click the Apple logo > System Settings -> Users & Groups
9. Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "test" and use the password you created earlier in Terminal.
10. Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.
11. Boot to Recovery again.
12. Open Terminal and enter the command below and press Enter.
    touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone
13. Then type Reboot and press Enter or force off your Mac again using the steps above.
14. Enjoy your stolen laptop jk

Once doing all of this do I need to keep the users on the Mac or can I remove them? @gboy13

if I do the process the corporation can still track the notebook

Unless you accept and enroll the device into the MDM program the company cannot track anything.  The only thing the Mac does is ask the Apple server if a business has registered a device with Apple and if yes checks to see what profile should be offered to the Mac, outside of that I do not think the company actually has any visibility into even that information…Sent from my iPhoneOn Aug 7, 2023, at 11:23 AM, tecnicalaaple ***@***.***> wrote:Re: henrik242/Disable Device Enrollment Program (DEP) notification on macOS ***@***.*** commented on this gist.if I do the process the corporation can still track the notebook—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you commented on the thread.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

thanks @gwshaw for the edits!
Here is how you can bypass MDM completely ...
Boot to Recovery
Open Terminal and enable the root user and give it a password:
Enter the command below and press Enter
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root
There might be a slight directory difference between Intel/Silicon. If the command above does not work try using one of these variations:
/Volumes/Macintosh\ HD\ -\ Data/ or /Volumes/Data/
Enter a new password for root user. Note * If you choose a simple password be aware that the root user will be available as a user that can log into macOS which could present a risk to the security of the device.
Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.
Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.
Click the Apple logo > System Settings -> Users & Groups
Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "root" and use the password you created earlier in Terminal.
Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.
Boot to Recovery again.
Open Terminal and enter the command below and press Enter.
touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone
Then type Reboot and press Enter or force off your Mac again using the steps above.
If you found this helpful please donate! https://pay.siliconbypass.com

This method worked for me with a few tweaks. M2 running Ventura 13.4.1 For whatever reason, I was unsuccessful in changing the root password. Ended up creating a new user via command line and using that user to create the user in system preferences.

1. Boot to Recovery (Hold down power button on M2.
2. Open Terminal and create a new user using the below commands. Note that the volume name may vary. This example creates an admin user called "test"

dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test UserShell /bin/bash
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test RealName "Lucius Q. User"
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test UniqueID "1010"
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test PrimaryGroupID 80
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test NFSHomeDirectory /Users/luser
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -append  /Local/Default//Groups/admin GroupMembership test
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/test

5. Enter a new password for the user.
6. Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.
7. Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.
8. Click the Apple logo > System Settings -> Users & Groups
9. Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "test" and use the password you created earlier in Terminal.
10. Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.
11. Boot to Recovery again.
12. Open Terminal and enter the command below and press Enter.
    touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone
13. Then type Reboot and press Enter or force off your Mac again using the steps above.
14. Enjoy your stolen laptop jk

A 1000 THANKS!!! So is this permanent solution or i need to do it every time i update, reinstall or format ssd?

in this case I can update it well and it doesn't pull anything but, for security, I would do it from scratch so I don't have a problem. when updated and updates the system well and does not pull the mdm

I was sure I posted a question here a few days ago, but it doesn't seem to be here which is totally weird. Anyway, I have an M1 Macbook Air being used by the person that I sold it to, with no issues for three months. Then he started having trouble with the touchID so he did a macOS update and suddenly it popped up a lock which appears to be an MDM lock. I checked the machine status on SickW website and it has no iCloud lock but does indeed have an MDM lock (see here) If I hold the start button until I canget into recovery it just comes back to the lock screen. Any help appreciated please.

That is the bios or EFI Lock Screen. It is not set by DEP and is a feature of the bios separately.  Sent from my iPhoneOn Aug 12, 2023, at 9:13 AM, Pedro ***@***.***> wrote:Re: henrik242/Disable Device Enrollment Program (DEP) notification on macOS ***@***.*** commented on this gist.I was sure I posted a question here a few days ago, but it doesn't seem to be here which is totally weird. Anyway, I have an M1 Macbook Air being used by the person that I sold it to, with no issues for three months. Then he started having trouble with the touchID so he did a macOS update and suddenly it popped up a lock which appears to be an MDM lock. I checked the machine status on SickW website and it has no iCloud lock but does indeed have an MDM lock (see here) If I hold the start button until I canget into recovery it just comes back to the lock screen. Any help appreciated please.—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you commented on the thread.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

That is the bios or EFI Lock Screen. It is not set by DEP and is a feature of the bios separately.

Thanks, yes it certainly looks like an EFI lock doesn't it, but as you can see from the screenshot of the lockscreen it mentions an "organisation" It must be an EFI lock set by that company, but it perplexes me that the other attached screenshot showing the status of the machine on sickw site (which must come via some backdoor from Apples servers?) distinctly says that the machine has an MDM lock. Very weird and annoying.

It looks like Apple Silicon does not have that screen you are showing which is weird…but MDM can set that feature after all it seems.   All is in the link ….You Had One Job! Apple Silicon Macs Can't Be Locked Using MDM Lock Command | Nathaniel Straussnwstrauss.comSent from my iPhoneOn Aug 12, 2023, at 9:32 AM, Pedro ***@***.***> wrote:Re: henrik242/Disable Device Enrollment Program (DEP) notification on macOS ***@***.*** commented on this gist.That is the bios or EFI Lock Screen. It is not set by DEP and is a feature of the bios separately.Thanks, yes it certainly looks like an EFI lock doesn't it, but as you can see from the screenshot of the lockscreen it mentions an "organisation" It must be an EFI lock set by that company, but it perplexes me that the other attached screenshot showing the status of the machine on sickw site (which must come via some backdoor from Apples servers?) distinctly says that the machine has an MDM lock. Very weird and annoying.—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you commented on the thread.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

It looks like Apple Silicon does not have that screen you are showing which is weird…but MDM can set that feature after all it seems.   All is in the link ….

sorry, what link are you referring to please?

Sorry …You Had One Job! Apple Silicon Macs Can't Be Locked Using MDM Lock Command | Nathaniel Straussnwstrauss.com//nwstrauss.com/posts/2020-12-17-apple-silicon-lock-command/Sent from my iPhoneOn Aug 12, 2023, at 6:12 PM, Pedro ***@***.***> wrote:Re: henrik242/Disable Device Enrollment Program (DEP) notification on macOS ***@***.*** commented on this gist.It looks like Apple Silicon does not have that screen you are showing which is weird…but MDM can set that feature after all it seems.   All is in the link ….sorry, what link are you referring to please?—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you commented on the thread.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

You lost me I asked about a link, but thanks for your thoughts anyway

https://nwstrauss.com/posts/2020-12-17-apple-silicon-lock-command

Good lord if I had known my email replies were posting like that…garrrrr….

Thanks guys

@Pedro147 May I ask which url you used to query this picture?

https://imgur.com/upload

@Pedro147 I'm talking about the content of this picture

MDM_LOCAL: on

You mean to query the info in the picture, so https://sickw.com/?page=services&service=11

tks,@Pedro147

general question on stopping DEP reminders in macOS Ventura
Hello, I have found this thread helpful in stopping DEP reminders in Monterey, and just received a Mac Studio (still in the box) from Apple and was hoping that you could recommend preventing DEP reminders. My institution puts a lot of rather invasive software on Macs including blocking naming of the computer and blocking the root user. Thanks!

I did not quite understand. Why is this necessary? Explain someone briefly