User profile for user: BrutalBlondie
BrutalBlondie Author
User level: Level 1
5 points

Unaffiliated Remote Management Requirement on MacBook Pro after Ventura Upgrade

I attempted a clean-install of Ventura on my 2019 MacBook Pro (Intel chip) which was purchased by my company from Apple in 2020. It is a genuinely-purchased machine, not refurbished, and until now I had full admin privileges. Before the clean-install, I was running Monterey with my organization's DEP enrollment profile configured.


Much to my surprise, after the Ventura clean-install I was blocked from completing the user setup by the "Remote Management Requirement" step which pointed to an organization completely unaffiliated to my company.


  • Since I naturally could not provide the organization's credentials, I removed Ventura and installed Catalina via Internet Recovery Mode. I was able to successfully setup an admin user setup by removing all network connections so that the RMR step could be bypassed (an option unavailable under Ventura). Additionally, I made sure all sharing options for the admin user were removed including Remote Management:



  • Once again, I was blocked from completing the Ventura user setup by the same RMR. I assume I can update Catalina directly to Ventura within my working boot volume, but after this experience I am less interested in actually upgrading to Ventura and more concerned as to why and how a foreign DEP enrollment configuration was installed on my system (and how I can remove it!).


  • To investigate further, I thought it might be possible to manually remove the DEP enrollment profile via the Catalina admin user. At first, it appeared as though there were no profiles configured:


BrutalBlondie~$ sudo profiles list
There are no configuration profiles installed in the system domain


  • However, trying a more sophisticated check I located the rouge profile which is written as non-removable (see additional text, organization information redacted for their privacy):
Unaffiliated DEP Profile Located and Unremovable



  • At my wits-end, I actually called the organization in question as a hail-Mary and asked if it was possible that my machine was once under their system management. Their IT department was incredibly helpful and confirmed that my MacBook's serial number was never registered as one of their machines. To add another layer of mystery, they did find a serial number registered that was only 1 letter off from my own (a 'v' vs. a 'w'). I searched both serial numbers in the Mac registry database and confirmed both numbers are indeed real and different machines. This led us to wonder if there might be a bug in the serial read-in that causes RMR to point to the wrong DEP enrollment profile during clean-install user setup.


To summarize, my main questions are:


  1. Why did a clean-install of Ventura result in the presence of a foreign Remote Management Requirement which prohibits any new user setup when connected to a network?
  2. How was a foreign organization's DEP enrollment profile installed on my machine without my or my organization's consent or knowledge?
  3. Is it possible to remove the profile without having access to the organizations credentials?
  4. Could the similarity in serial numbers between my machine and the foreign organization's machine be related to this issue?
  5. What greater security concerns does this experience imply for the future safety of my machine and the Ventura upgrade in general?


Any solutions or ideas are extremely appreciated!

(Thank you for getting through my rant if you made it this far ^_^)

MacBook Pro (2017 – 2020)

Posted on Apr 13, 2023 4:49 PM

Reply

Similar questions

3 replies
User profile for user: BrutalBlondie
BrutalBlondie Author
User level: Level 1
5 points

Apr 13, 2023 5:54 PM in response to BrutalBlondie

Forgot to mention my current disk structure - ran Disk Utility First Aid on all volumes/containers without errors.


BrutalBlondie~$ diskutil list
/dev/disk0 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *1.0 TB     disk0
   1:                        EFI EFI                     314.6 MB   disk0s1
   2:                 Apple_APFS Container disk1         894.0 GB   disk0s2
   3:       Microsoft Basic Data BOOTCAMP                96.2 GB    disk0s3


/dev/disk1 (synthesized):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      APFS Container Scheme -                      +894.0 GB   disk1
                                 Physical Store disk0s2
   1:                APFS Volume Catalina - Data         2.2 GB     disk1s1
   2:                APFS Volume Ventura                 31.9 GB    disk1s2
   3:                APFS Volume Preboot                 3.8 GB     disk1s3
   4:                APFS Volume Recovery                2.8 GB     disk1s4
   5:                APFS Volume                         9.1 GB     disk1s5
   6:                APFS Volume Catalina - Update       761.9 KB   disk1s6
   7:                APFS Volume Catalina                11.1 GB    disk1s7
   8:                APFS Volume Ventura - Data          2.2 GB     disk1s8
   9:                APFS Volume Ventura - Update        1.0 MB     disk1s9
  10:                APFS Volume VM                      1.1 GB     disk1s10
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Unaffiliated Remote Management Requirement on MacBook Pro after Ventura Upgrade

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up