macOS Guest Picking up JAMF Management from Host

Discussion in 'macOS Virtual Machine' started by Andrew54, Aug 17, 2021.

  1. Andrew54

    Andrew54 Bit poster

    Messages:
    1
    Hi there, a little confused by this one.
    I'm on a corporate machine being managed by my company. If you're familiar with corporate management, you'll know that once a Mac is registered with Apple it stays registered and persists across complete reinstallation. If you were to do a fresh install of macOS on a host system (read: my laptop) that had been registerd with Apple, you would see a message like this: https://apple.stackexchange.com/que...e-management-step-when-installing-high-sierra
    That is all well and good and expected.
    So I have Parallels 15 installed and I'm trying to install macOS Big Sur from an ISO that has no traces of my company's MDM solution or the Apple Registration. It's a bone-stock ISO of Big Sur. I ask Parallels to setup a new VM, point it at the ISO, and the installation completes. When the guest VM boots up, it has somehow assumed the management profile of the host (my laptop) and a see a "Remote Management" message similar to the one I linked above.
    Is this expected?
    I'm setting up a lab to test malware so the system needs to be standalone. Any thoughts?
     
  2. AlexR16

    AlexR16 Junior Member

    Messages:
    14
    Hi
    Don't know if this will work, but I used to manage iPads via Apple School Manager and all that was required to add a device to enforce management on a blank device was the devices serial number. Parallel guests by default take on the serial number of the host, so if the host is managed, a guest will be too. My guess would be simply changing the serial number to something else would allow the guest to be unmanaged. It appears that a boot flag in the guest config can be used to set the guest serial number

    https://kb.parallels.com/123455
     
  3. BrianToby

    BrianToby Junior Member

    Messages:
    10
    I had the same problem as described by @Andrew54 (except that I was installing from my restore partition) and indeed overriding the default serial number as described above by @AlexR16 was exactly what was needed to avoid picking up the remote management hook.
     
  4. jacob brian

    jacob brian Jacob Brian

    Messages:
    1
    If a macOS guest is picking up JAMF management settings from the host machine, it's likely due to the way JAMF management profiles are applied and enforced. JAMF is designed to manage devices across an organization, and if both the host and guest machines are enrolled in the same JAMF environment, it's possible for management profiles to propagate to the guest.

    To address this issue, you can take several steps:

    1. Review Configuration: Check the JAMF configuration settings on both the host and guest machines. Ensure that the guest machine is properly configured and enrolled in the correct JAMF instance.

    2. Isolation: If the guest machine shouldn't be managed by JAMF, ensure it's properly isolated from the JAMF management environment. This might involve removing it from the JAMF instance or adjusting JAMF policies to exclude the guest.

    3. Profile Removal: On the guest machine, remove any JAMF management profiles that are not supposed to be there. This can usually be done through System Preferences > Profiles.

    4. Enforcement Settings: Review the JAMF enforcement settings to ensure that they are correctly configured to apply only to intended devices.

    5. Contact Support: If the issue persists or if you're unsure about the steps to take, reach out to JAMF support for further assistance. They can provide guidance tailored to your specific setup and requirements.
    By following these steps, you should be able to resolve the issue of a macOS guest picking up JAMF management from the host.
     
  5. BrianToby

    BrianToby Junior Member

    Messages:
    10
    At least in my case, I was getting stuck in the initial OS install when the JAMF settings were being picked up and at that point the install would not progress, so getting to the system preferences on the guest OS was not an option. Also, it did not matter if I was outside my employer's network or VPNed in. I did not try without a network connection.
     

Share This Page