Disable Device Enrollment Program (DEP) notification on macOS Ventura.md

Disable Device Enrollment Program (DEP) notification on macOS Ventura.md

Ventura docs for M2 Macs in this comment: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd?permalink_comment_id=4555340#gistcomment-4555340

Old Monterey docs in this old revision: https://gist.github.com/henrik242/65d26a7deca30bdb9828e183809690bd/32c410e3a1de73539c76fa13ea5486569c4e0c5d

Solution for Sonoma: https://gist.github.com/sghiassy/a3927405cf4ffe81242f4ecb01c382ac

thanks @gwshaw for the edits!
Here is how you can bypass MDM completely ...
Boot to Recovery
Open Terminal and enable the root user and give it a password:
Enter the command below and press Enter
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root
There might be a slight directory difference between Intel/Silicon. If the command above does not work try using one of these variations:
/Volumes/Macintosh\ HD\ -\ Data/ or /Volumes/Data/
Enter a new password for root user. Note * If you choose a simple password be aware that the root user will be available as a user that can log into macOS which could present a risk to the security of the device.
Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.
Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.
Click the Apple logo > System Settings -> Users & Groups
Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "root" and use the password you created earlier in Terminal.
Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.
Boot to Recovery again.
Open Terminal and enter the command below and press Enter.
touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone
Then type Reboot and press Enter or force off your Mac again using the steps above.
If you found this helpful please donate! https://pay.siliconbypass.com

This method worked for me with a few tweaks. M2 running Ventura 13.4.1 For whatever reason, I was unsuccessful in changing the root password. Ended up creating a new user via command line and using that user to create the user in system preferences.

1. Boot to Recovery (Hold down power button on M2.
2. Open Terminal and create a new user using the below commands. Note that the volume name may vary. This example creates an admin user called "test"

dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test UserShell /bin/bash
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test RealName "Lucius Q. User"
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test UniqueID "1010"
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test PrimaryGroupID 80
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -create /Local/Default/Users/test NFSHomeDirectory /Users/luser
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -append  /Local/Default//Groups/admin GroupMembership test
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/test

5. Enter a new password for the user.
6. Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.
7. Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.
8. Click the Apple logo > System Settings -> Users & Groups
9. Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "test" and use the password you created earlier in Terminal.
10. Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.
11. Boot to Recovery again.
12. Open Terminal and enter the command below and press Enter.
    touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone
13. Then type Reboot and press Enter or force off your Mac again using the steps above.
14. Enjoy your stolen laptop jk

A 1000 THANKS!!! So is this permanent solution or i need to do it every time i update, reinstall or format ssd?

in this case I can update it well and it doesn't pull anything but, for security, I would do it from scratch so I don't have a problem. when updated and updates the system well and does not pull the mdm

I was sure I posted a question here a few days ago, but it doesn't seem to be here which is totally weird. Anyway, I have an M1 Macbook Air being used by the person that I sold it to, with no issues for three months. Then he started having trouble with the touchID so he did a macOS update and suddenly it popped up a lock which appears to be an MDM lock. I checked the machine status on SickW website and it has no iCloud lock but does indeed have an MDM lock (see here) If I hold the start button until I canget into recovery it just comes back to the lock screen. Any help appreciated please.

That is the bios or EFI Lock Screen. It is not set by DEP and is a feature of the bios separately.  Sent from my iPhoneOn Aug 12, 2023, at 9:13 AM, Pedro ***@***.***> wrote:Re: henrik242/Disable Device Enrollment Program (DEP) notification on macOS ***@***.*** commented on this gist.I was sure I posted a question here a few days ago, but it doesn't seem to be here which is totally weird. Anyway, I have an M1 Macbook Air being used by the person that I sold it to, with no issues for three months. Then he started having trouble with the touchID so he did a macOS update and suddenly it popped up a lock which appears to be an MDM lock. I checked the machine status on SickW website and it has no iCloud lock but does indeed have an MDM lock (see here) If I hold the start button until I canget into recovery it just comes back to the lock screen. Any help appreciated please.—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you commented on the thread.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

That is the bios or EFI Lock Screen. It is not set by DEP and is a feature of the bios separately.

Thanks, yes it certainly looks like an EFI lock doesn't it, but as you can see from the screenshot of the lockscreen it mentions an "organisation" It must be an EFI lock set by that company, but it perplexes me that the other attached screenshot showing the status of the machine on sickw site (which must come via some backdoor from Apples servers?) distinctly says that the machine has an MDM lock. Very weird and annoying.

It looks like Apple Silicon does not have that screen you are showing which is weird…but MDM can set that feature after all it seems.   All is in the link ….You Had One Job! Apple Silicon Macs Can't Be Locked Using MDM Lock Command | Nathaniel Straussnwstrauss.comSent from my iPhoneOn Aug 12, 2023, at 9:32 AM, Pedro ***@***.***> wrote:Re: henrik242/Disable Device Enrollment Program (DEP) notification on macOS ***@***.*** commented on this gist.That is the bios or EFI Lock Screen. It is not set by DEP and is a feature of the bios separately.Thanks, yes it certainly looks like an EFI lock doesn't it, but as you can see from the screenshot of the lockscreen it mentions an "organisation" It must be an EFI lock set by that company, but it perplexes me that the other attached screenshot showing the status of the machine on sickw site (which must come via some backdoor from Apples servers?) distinctly says that the machine has an MDM lock. Very weird and annoying.—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you commented on the thread.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

It looks like Apple Silicon does not have that screen you are showing which is weird…but MDM can set that feature after all it seems.   All is in the link ….

sorry, what link are you referring to please?

Sorry …You Had One Job! Apple Silicon Macs Can't Be Locked Using MDM Lock Command | Nathaniel Straussnwstrauss.com//nwstrauss.com/posts/2020-12-17-apple-silicon-lock-command/Sent from my iPhoneOn Aug 12, 2023, at 6:12 PM, Pedro ***@***.***> wrote:Re: henrik242/Disable Device Enrollment Program (DEP) notification on macOS ***@***.*** commented on this gist.It looks like Apple Silicon does not have that screen you are showing which is weird…but MDM can set that feature after all it seems.   All is in the link ….sorry, what link are you referring to please?—Reply to this email directly, view it on GitHub or unsubscribe.You are receiving this email because you commented on the thread.Triage notifications on the go with GitHub Mobile for iOS or Android.                                                           

You lost me I asked about a link, but thanks for your thoughts anyway

https://nwstrauss.com/posts/2020-12-17-apple-silicon-lock-command

Good lord if I had known my email replies were posting like that…garrrrr….

Thanks guys

@Pedro147 May I ask which url you used to query this picture?

https://imgur.com/upload

@Pedro147 I'm talking about the content of this picture

MDM_LOCAL: on

You mean to query the info in the picture, so https://sickw.com/?page=services&service=11

tks,@Pedro147

general question on stopping DEP reminders in macOS Ventura
Hello, I have found this thread helpful in stopping DEP reminders in Monterey, and just received a Mac Studio (still in the box) from Apple and was hoping that you could recommend preventing DEP reminders. My institution puts a lot of rather invasive software on Macs including blocking naming of the computer and blocking the root user. Thanks!

I did not quite understand. Why is this necessary? Explain someone briefly

pretty cool, how can i make sure the mdm enrollment prompt is fully closed ? need some time to confirm ?

👍😍😍

@sonomadep looks like those files don't exist actually..

Mine were located in /Volumes/Macintosh\ HD\ -\ Data/private/var.. in case it helps anyone else

@sonomadep looks like those files don't exist actually..

Mine were located in /Volumes/Macintosh\ HD\ -\ Data/private/var.. in case it helps anyone else

Hmm… My MCP i5 lets me install Catalina, but anything higher shows greyish SSD and info "This disk is locked". Root user is working normally, but the disk has some way of security in higher versions of macOS.

edit: I will check if I have proper Secure Boot options enabled and let u know if that solved the problem.

Awesome! It work for me, now the nagging DEP popup won't show anymore. Thank you.

May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?

May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?

Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14)
Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.

The Workaround

(1) Disable SIP in 1 True Recovery

(2)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord

sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound

(3) you're all set. enjoy this boring upgrade

May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?

Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14) Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.

The Workaround

(1) Disable SIP in 1 True Recovery

(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord

sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound

(3) you're all set. enjoy this boring upgrade
I am currently on macOS 12, and I want to reinstall, disable MDM, and then upgrade to the newer version. How should I proceed? I've been trying to figure this out for a while
How to disable SIP

May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?

Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14) Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
I am currently on macOS 12, and I want to reinstall, disable MDM, and then upgrade to the newer version. How should I proceed? I've been trying to figure this out for a while
How to disable SIP

Disable System Integrity Protection Temporarily

To disable SIP, do the following:

Restart your computer in [Recovery mode] (https://support.apple.com/en-us/HT201314).

Launch Terminal from the Utilities menu.

Run the command csrutil disable.

Restart your computer.

Hello, is it a good choice to buy a MacBook MDM for the next two years?

What should I check when buying a MacBook MDM?

I've already had a MacBook pro 2020 M1 MDM, but now I'm hesitating between a MacBook Pro 2021 M1 Pro 16/512 No MDM and a MacBook Pro 2021 M1 Pro 32/1T MDM for same price.

Where can I buy a MDM macbook for a good price？