May 182017
 

Recently my employer gave me a brand new MacBook. Never had one, but so far I’m impressed and I like it a lot. One thing to know is that MacBooks or MacOS in particular, are not supported by my employer. You can get one, but basically you’re on your own if something breaks (software, hardware is covered).

The first day of using the machine, I noticed a recurring popup, asking me to participate in my employers Device Enrollment Program. Which is weird. The device enrollment program enables organisations to remotely manage the device, so deployment of new software for example is made possible that way. But….MacOS is not supported by my employer, so why the popup?

After some inquiries I learned that I could “safely ignore the popup”. Right. Everytime an annoying popup, distracting me from what I am doing at that moment, cancelling it by clicking on it. And repeat that every ten minutes or so. Not the answer I was hoping for.

There is a way to disable the popup. You need administrator rights and it involves a couple of reboots, but after that, it’s gone. Here’s how.

– Reboot the machine in recovery mode. This can be done by pressing and holding COMMAND + R when the machine reboots
– In recovery mode choose Terminal from the Utilities menu
– In the terminal window, run the command “csrutil disable” and reboot the machine when asked
– After logging in, open a terminal window and give the following commands:
-> sudo mkdir /Library/LaunchAgentsDisabled
-> sudo mkdir /Library/LaunchDaemonsDisabled
-> sudo mv /System/Library/LaunchAgents/com.apple.ManagedClientAgent.enrollagent.plist /Library/LaunchAgentsDisabled/
-> sudo mv /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist /Library/LaunchDaemonsDisabled/
– Now reboot the machine, again in Recovery mode by pressing and holding COMMAND + R while restarting
– From the Utilities menu start a Terminal again, and run the command “csrutil enable”. Reboot the machine when asked

This should do it. You can check if the popup is gone by issuing the following command in a Terminal window:

-> launchctl list | grep enroll

This should come up with no (empty) results.

The “csrutil” tool is to disable or enable the System Integrity Protection. You should re-enable it (so don’t skip the last step), because it gives your system an extra layer of protection.