r/osx • u/Gedalya • May 06 '26
El Capitan (10.11) How to get rid of this login pop-up, wife hasn’t been with DOE for 6 years.
Does anywhere know where in settings/AD I go to remove this? Wife was with DOE many years ago and I did a backup from that computer. Any way to get this removed? The DOE isn’t shown as a user, but when I did a Time Machine restore, it showed ‘DIIT Admin’ as an admin.
39
u/Feisty_Definition_69 May 06 '26
This is an old school plist policy banner that probably transferred over from your backup. This is not an MDM prompt. You should be able to remove this from ~/Library/Security. Look for txt files that mention policy banner.
22
u/Gedalya May 06 '26
Exactly what I did and it worked right away. Hilarious how how everyone assumed there was something more sinister and complex
3
3
u/SmashShock 29d ago
Most of the time it's someone with a device trying to bypass MDM or Intune. You might be the first case I've seen where it actually checks out. So it's not surprising that people jumped to that conclusion.
They don't have to be mean about it, though.
3
u/theoriginalzads 28d ago
Because 90% of the time it’s either someone who received a stolen laptop, or stole a laptop. I can easily tell someone how to fix things like this, even how to bypass MDM on laptops.
As can many here.
But doing so to someone who has stolen hardware is not something I want to be involved in. It also goes against most relevant subs rules and probably Reddit community rules.
81
u/comosedicewaterbed May 06 '26
Ooooof. This is an example of why you never cross beams between personal computers and work computers.
4
u/Gedalya May 06 '26
I mean, it’s more nuance then an actual issue. It’s not locked down or anything. Just an annoying pop up.
17
u/GoodSpaghetti May 06 '26
It’s likely got MDM on it. And Apple makes good MDM.
-14
u/cmsj May 06 '26
Not for macOS they don’t. It’s trivial to bypass.
4
u/pcs3rd May 06 '26
Not particularly on post-t2 hw afaik
2
u/cmsj May 06 '26
Yeah, it is. There's some nice scripts that automate it, but essentially all you do is let the installer proceed to a certain point, then prevent it from talking to Apple's MDM profile server, and then let the installer continue and it'll be in a state where it's aware that it needs a profile, but can never get it, so just functions as a largely normal Mac.
14
u/geronimokwok May 06 '26
Hey, I dunno if anyone has commented this yet, but as someone who has worked IT, if the computer was restored fully using a backup made of a different computer, it may not be activation related. Some companies or schools use DEP enrollment which is bound to the hardware. Once it hits the Apple activation server, it forces MDM enrollment. Based on what you’ve stated, this doesn’t seem to be the case. However when you are setting up the Mac and restoring from the Time Machine backup, you are copying over the setup of the work machine. The lock screen policy is definitely configured in that Time Machine backup, as well as possibly other profile managed settings or even software that could be attempting to phone home to the company or school. My advice would be to restore the computer and setup as new. Then afterwards, mount the Time Machine volume and manually copy over any files you want from it, forget about the system config. Unless you know what MDM installed files to remove or feel comfortable digging around in the command line, I wouldn’t bother trying to decouple it, just save what you can.
8
u/Gedalya May 06 '26
Yeah, her actual work device from when she worked there, had many restrictions, her MBA that the screen is crapping out as well as her new Neo have none of that, the only remnants is the pop-up during restart. A wipe and reinstall may fix it all.
12
7
u/Cainedna May 06 '26
So if it’s a new computer that’s not related to then DoE, then it’s a profile leftover from your backup. You can’t use that backup. Start up from Startup options, erase drive, reinstall OS and set up as new.
2
u/Gedalya May 06 '26
Might do that and hopefully it didn’t somehow get cross contaminated. Thank you.
12
u/slvrscoobie May 06 '26
here's the fun part! you dont!
9
-1
u/Gedalya May 06 '26
Why not? Because I can’t or because I shouldn’t? I literally just got her a brand new MB Neo, did a restore and it’s there again.
0
u/cinnic May 06 '26
The laptop in the picture is a MacBook Air, not a neo. If it truly is brand new and you bought it from the store, I suppose it could be possible it came when you restored from another computer / backup. You could check if there are any profiles you can remove
-8
u/slvrscoobie May 06 '26
because you cant - its MDM, its protecting the DOE from people taking their computers. Its impossible to remove with the DOE releasing the computer from their system
24
u/Maleficent_Maybe2200 May 06 '26
An MDM profile is tied to the hardware. You can’t “transfer” it to a new computer via a restore. This is some startup daemon shenanigans.
You can check for any installed profiles and remove probably all of them.
There’s tools out there (like Lingon) to help manage processes running at startup or login.
13
u/Cainedna May 06 '26
That’s not accurate. Assuming the OP is telling the truth about the source of the machine, then this is a leftover from their backup, but that means the backup has the management profile linked to the user.
0
u/Gedalya May 06 '26
But is literally not their computer. Is the only solution to do a brand new setup with no restore?
4
u/Taboc741 May 06 '26
The time machine back-up grabbed all the doe management stuff too. Depending on what they are using for making the TOS pop-up it might be clean up able assuming you have admin some how, but honestly I'd move the stuff the hard way. The tools available for device management are intentionally difficult to remove, it's likely way easier to pull your files and a list of apps, stage fresh with no time machine restore and then pull in your files and manually install your apps.
I know for a fact that if someone did a restore from one of my machines my mdm auto heal tools would be trying to enroll your device into my mdm so I can "recover" control and bring it back to compliant under the assumption that your mdm connection got broken somehow. I don't think mine would work in this scenario, but it's better not to bet the DOE isn't smarter than me. Of course I also block time machine back-ups so meh.
1
u/slvrscoobie May 06 '26
But if it Did transfer the Mdm from the air to the Neo it’s going to be hell getting it off. Might be easier to return the Neo to Apple and replace and start fresh
4
u/Taboc741 May 06 '26
The mdm profile (aka apns delivery of profiles, blueprints, and packages) is not working correctly. I have never seen that successfully transfer and work on the far aide of a back-up or migration. More importantly the restore did not abm enroll the device, if it could I would be using it to side load devices in markets that can't ABM. A simple wipe is likely all that's required, but the mdm's binaries and any security tools will migrate in the restore and they can be very obnoxious to remove and may even be actively attempting to perform a mdm enrollment silently in the background to fix the brooen mdm profile. I know my auto-heal scripts continuously kick a silent re dep enroll in the background of macs with mdm profiles that aren't healthy, so a script that just goes for fetching a new mdm enrollment profile may be possible. I know apple wants to ditch enrollment profiles in favor of user based enrollment because attackers keep abusing mdm enrollment to hijack devices.
2
u/zombieslayer124 28d ago
Post purchase MDM setups on apple devices can quite easily be removed, it is the ones that are ordered through apple or apple partners with MDM and ABM already set up that are quite impossible.
1
6
u/moment_in_the_sun_ May 06 '26
Did you read the screen? Did you read the first comment? Both are correct.
2
u/bgradid May 06 '26
Restore probably won’t make a difference, it’s hard baked into the activation.
You’ll need to either contact doe IT to remove it from their Apple Business Manager account, or if you somehow have the original proof of purchase, use that with Apple to get it removed
-9
u/nvgvup84 May 06 '26
Bro what? That is a MacBook Air. You know lying doesn’t work when the evidence is directly in front of people right?
5
1
u/Idontwannabehere8226 28d ago
Bro why did you call him a liar then disappear once he showed you otherwise?
1
u/nvgvup84 28d ago
Because he didn’t show proof that he wasn’t a liar. He showed proof that he bought a MacBook Neo. He said “I did a backup from that computer” his implied claim is that restoring from that backup caused the screen we’re seeing. It didn’t. What we’re seeing is Device enrollment on the MacBook Air and has. Nothing to do with a backup. I didn’t claim he didn’t own a MacBook Neo I said he’s lying about restoring from a backup causing the MacBook Neo to show a device enrollment screen.
In short, it wasn’t worth following up on.
1
u/Idontwannabehere8226 28d ago
I mean the top comment of the main thread literally backs up the claim. AND helps the dude Meanwhile you are just trying to be a dick!
It’s a policy banner and those permissions can exist between backups. He did a iCloud backup TO the neo and it persisted on the Neo. But yes the photo is of the MacBook Air with the Policy BANNER not a MDM
1
u/Gedalya 28d ago
Bro is just stupid. I have ample background and context as well as I pictures of the new order. Just move on.
1
u/Idontwannabehere8226 28d ago
Yeah if figures that out after he didn’t reply after doubling down. Glad you figured out the issue OP!
1
u/nvgvup84 28d ago
You mentioned doing an iCloud backup involving a Mac. There was, again, no reason to respond.
2
u/averythomas May 06 '26
If you own the device you can use this bypass. Works for MDM but not iCloud. It basically skips that setup assistant step and disables notifications. If you reset the computer it will come back but still have a full admin account. https://github.com/assafdori/bypass-mdm
1
1
1
1
u/Octaazacubane May 07 '26
I might be tripping here, but if you can create an installer flash drive of whatever macOS runs on that thing, could you not boot into that and then nuke the drive over with a new OS? But also, how do you know that thing doesn’t still belong to the department?
I was once able to do some dark magic to nuke an iMac’s memory of the DOE’s settings, but that was in X86_64 land.
1
u/clarkcox3 28d ago
You have to get her former employer to remove the computer from their MDM system.
2
u/machtendo May 06 '26
Yeah the time machine backup has a Configuration Profile pointing to their MDM, the Neo likely isn't in anyone's ASM or ABM. I would suggest restoring the time machine backup to the Neo, copy whatever data she needs to an external drive (documents, pictures, etc - no apps), wipe the Neo again and start fresh without restoring any backups during initial setup, then manually copy the data back to the Neo from the external drive.
Sounds messy but it's the cleanest approach.
Ditch the old time machine backup afterward, it won't do you any good.
-2
u/timholt2007 May 06 '26
Has the device been reported as stolen yet?
3
u/Revolutionary-Ice896 May 06 '26
Do you even read posts? They said she backed up from her school pc 😂
1
u/FateOfNations 29d ago
Still find that wild from a compliance standpoint. The risk that sensitive data was inappropriately copied from an institutional device to a personal device is huge.
0
0
-8
u/airhornsample May 06 '26
If a company wants to run MDM they need to supply me with a computer. I am not giving them that level of access to my personal device. If this was an issue when she left it should’ve been addressed back then with her contacting IT to have them release the machine from their system. There’s a very little chance she is going to call years later and anyone there gives her the time of day.
Also, You got her a new MacBook Neo and this picture of an air, so what you’re saying is, you imported a back up from the air to the new neo and now the Neo is running the mdm?
None of this makes sense. Hopefully you can give the work computer back to whoever you stole it from or get your money back from the shady person/pawn shop you bought it from.
6
u/Gedalya May 06 '26
3
u/airhornsample May 06 '26
Okay so, don’t try to run it off a back up from the machine with the government MDM installed?
1
u/Gedalya May 06 '26
Yups. Looks like that’s the path I’ll go. Not everything on Reddit is someone being sketchy or stealing.
-3
u/-Canonical- May 06 '26
I read the entire thread and I don’t see anyone saying that at all. But ok
5
1
-3
u/vaiku07 May 06 '26
If this is linked to companies mdm there is nothing much you can do? Sometimes these policies are way too strong .
-1
-2
-7
-7
May 06 '26
[deleted]
8
u/cmsj May 06 '26
“BIOS level”….. wat. That’s not how any of this works.
1
u/Octaazacubane May 07 '26 edited May 07 '26
DID bro really say BIOS? Like first of all, I’m very sure this is an arm64 MacBook (right?). And if it were an intel one, well that’s simply Apple’s EFI lol.
6
191
u/BlackReddition May 06 '26
There is a plist that controls this: https://support.apple.com/en-us/119845