How to Remove Remote Management Screen from MacBook without Password (2024)
macOS Sonoma is now public available so I upgraded my MacBook Air (bought from eBay) with Apple M1 chip to Sonoma. This device was running perfectly when upgrading from Monterey to Ventura but not the case in this time.
All of sudden, my MacBook Air got stuck on remote management screen and there is no available option to close the window. In fact, I received the device enrollment notification from time to time on Ventura and I am able to skip it.
After two days of deep researching, I managed to find a way to remove remote management from MacBook Air without password (required by Remote Management service.)
Target Audience for This Post
Someone who want to bypass remote management screen on their MacBook and run macOS Sonoma or Ventura normally.
Key Points to Remove Remote Management Screen on Mac
- Prepare for a macOS Monterey Installation USB
- Erase Your Mac in macOS Recovery
- Install macOS Monterey on Your Mac
- Disable SIP in macOS Recovery
- Remove MDM Profile from Mac
- Upgrade to macOS to Latest Version
Part 1: Prepare a macOS Monterey Installation USB
There is a bug in Monterey that has an optional choice to install the OS without Internet. This is curial because both Ventura and Sonoma needs Internet to complete the installation process. Unfortunately, your Mac will get stuck on remote management screen when Internet is available for Sonoma and Ventura install. It becomes an endless loop.
Now, the first step is how to create a bootable macOS Monterey USB for installation. Assuming you have a Windows PC at hand. First, download DMG Editor software from UUByte website.
Next, download macOS Monterey DMG from here:
Open UUByte DMG Editor on your PC and attach a USB drive to it. After that, click the Burn button at the welcome screen, from here you should import the Monterey DMG file and select the USB drive. Finally, click the Burn button to start burning dmg file to USB. This is the process of making a bootable USB drive.
Part 2: Erase Your Mac in macOS Recovery
You have to erase the Ventura or Monterey installation in order to remove remote management window from your MacBook. This can be done in macOS Recovery environment. To boot your Mac in Recovery mode:
Apple Silicon Mac: Shut down the Mac and long press Power key untile you see the Loading startup screen. Click on the Options to enter into macOS Recovery.
Intel Mac: Hold Power + Command + R keys to boot into macOS Recovery.
After that, click the Disk Utility from the displayed menu and erase your Mac from there.
Your Mac will be rebooted and asks you to activate it by connecting to WiFi or mobile hotspot (preferred as you can turn it off much easily later).
Part 3: Install macOS Monterey on Your Mac
Connect the Monterey bootable USB into Mac and hold Power key (Apple Silicon Mac) or Power + Option keys (Intel Mac) to launch the startup option. All bootable devices are listed at this time. Please click the name “Install macOS Monterey” to proceed.
(Warning) Agree the license terms and choose the Macintosh HD as the target drive. There is a progress bar showing and tells you how much time it is left. When the screen goes back, you can press any key to bring back the screen.
(Caution) When there is only one minute remaining, please turn off the modem or mobile hotspot in order to disconnect your Mac from Internet.
When you are asked to choose a network to proceed. Please don’t select any network. Just click the Continue button to install macOS Monterey without Internet. This is very important!
From then on, follow the screen prompts to set up your Mac. You will get into the desktop in a few minutes and the remote Management screen will no longer appear even it is connected to a network.
Part 4: Disable SIP in macOS Recovery
Disconnect the USB from your Mac and boot it into macOS Recovery again. Open Terminal app under Utilities navigation menu and input the following command to disable SIP:
csrutil disable
Enter the login password to grant the permission and reboot your Mac to take this change into effect by typing the reboot command.
reboot
Part 5: Remove MDM Profile from Mac
Open Terminal app from Monterey desktop and input the following commands to remove mobile device management profiles from your Mac:
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFoundIt is fine if Terminal says the directory is not found.
Now, enter the following command to check if MDM is removed successfully on your Mac (show error message):
sudo profiles show -type enrollment
Next, stop Mac auto restore the deleted profiles after restart or reinstall with this command:
sudo launchctl disable system/com.apple.ManagedClient.enroll
Finally, block the following domains from Apple to recover MDM profiles on this Mac by editing the hosts file:
vi /etc/hosts
(Enter login password, type ‘i’ and enter all the lines manually)
And add the following lines to the file:
#block mdm connect
0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com
After above steps, the remote management screen will no longer pop up on your Mac. For security reason, you should enable SIP in Recovery mode:
csrutil enable
Reboot your Mac to complete the whole task!
Part 6: Upgrade macOS to Latest Version
Go to System Preferences -> Software Update. And download the latest macOS version that is compatible with your Mac. In my case, it is macOS Sonoma.
After download, install the software upgrade and you can now work with macOS Sonoma perfectly without remote management screen. In addition, there is no ‘Remote Management Enroll’ menu from the left side bar of Settings app. This is another sign of success removal of MDM.
Some Frequently Asked Questions
There are a couple of issues I came across the time for fixing the issue.
Q1: Which macOS should I Reinstall?
This is the most important thing to consider and there is no universal answer. It depends on the Mac model and CPU. However, macOS Ventura and Sonoma are totally out of the choice. Monterey and previous versions are fine according to my research.
Q2: csrutil disable command failed
It is crucial to turn off SIP for this trick. The challenging move in here is how to boot into the real macOS recovery. For Apple M1/M2 Mac, you have to hold the Power button all the times (no release) until the startup option appears on the screen. It could fail if you press the Power button and release it for a second and hold it again. The error message is:
The OS Environment does not allow changing security configuration options. Ensure that the system was booted into Recovery via the standard user action.
Q3: How to disconnect Mac from Internet?
Turn off the modem. This is the most common way. It is OK if you could get access to the modern easily. Simple unplug the power cable to turn off the Internet connection. At the same, you should be able to see the progress bar of macOS installation. The Internet should be only disconected at the end of installation process (less than one minute).
In my test, it is much better to connect the Mac to a mobile hotspot and you can turn it off within one tap. This is more quick and convenient.
Final Words
It is a time consuming and complicate process to remove remote management from MacBook without the password. You should be read the tutorial more carefully. By the way, you might repeat the process more than one time because of unexpected error (varies for different Mac models and OS versions.)
Another thing to note is that all the data on the Mac will be deleted as you need to erase the Mac to apply this trick. If there were important data on this Mac, please first contact the seller or organization to remove the MDM file from your Mac.
