Apple's Device Enrollment Program (DEP) allows for the Addigy agent to be installed on the device during the initial setup process. Sometimes, it's necessary to force a device to repeat this DEP enrollment process.


Renewing an Enrolled Device

Renewing the DEP status of the device will allow your device to reacquire and settings and software that would normally happen during the inital Apple Setup Assistant.


For up-to-date Macs running macOS 10.13.4 High Sierra and newer, run this command to renew DEP on the device.


sudo profiles renew -type enrollment


For devices running macOS 10.13.3 High Sierra or older, the above command had not yet been implemented. Try this command to renew DEP.


sudo /usr/libexec/mdmclient dep nag



Resetting the DEP Enrollment on a Device

Rarely, you may need to completely clear out the enrollment settings of a device. Use these commands to clear the DEP status from your device.


# The 'sudo' requires and admin password if run from the device's Terminal.app, but is
#    not needed if run from within Addigy.

sudo rm /var/db/.AppleSetupDone
sudo rm /Library/Keychains/apsd.keychain
sudo rm -rf /var/db/ConfigurationProfiles/


Note: in macOS 10.13 High Sierra and newer, the /var/db/ConfigurationProfiles directory will be protected. System Integrity Protection (SIP) must be disabled to run the above commands successfully. We strongly recommend against disabling SIP as it can be considered a major security vulnerability. The only Apple-recommended method for resetting DEP is by wiping the device and completing a fresh install of macOS.

       

To get some additional guidance running commands like these, see our article Creating and Running Scripts.

To get some additional guidance setting up the DEP Integration, see our article Configuring Apple's Device Enrollment Program (DEP) Integration with Addigy.