I run a YouTube channel where I try to rescue aging MacBooks from landfill. Most of the time, this is a smooth process. I either receive or purchase an old Apple computer that still looks great but has aged out of Apple's support cycle. I don’t want a house full of old Macs (not old enough to be vintage, but old enough to be useless in Apple’s eyes), so I usually have an idea of who will receive the device when I’m finished.
Depending on the recipient, I either install a Linux distribution or, if the hardware is a bit newer and/or the intended user is less likely to thrive in the Linux world, I use the fantastic Open Core Legacy Patcher (OCLP) to install a newer MacOS version. OCLP tricks older hardware into running MacOS versions that Apple no longer officially supports. This tool has matured well and makes it relatively easy to install newer MacOS versions on older Macs.
Find out more about OCLP here.
Sometimes, I come across nice-looking Macs (so far, a couple of portables and even a Mac Mini) that have been enrolled in Mobile Device Management (MDM). This allows companies to control what users install, enforce security policies (e.g., password complexity, disk encryption), and manage remote device access. MDM can also be used to remotely lock or wipe a device, which is particularly useful for lost or stolen company assets.
It's important to distinguish MDM from Activation Lock or a T2 Locked device. Click here to learn more about bypassing T2 Locked devices.
Let me be absolutely clear, this is not a guide for bypassing security on stolen MacBooks. If that’s what you’re looking for, you’re in the wrong place.
For legitimate users, however, there are valid reasons to bypass MDM, such as:
- Preventing WEEE Waste.
- Regaining control over a personally owned or retired work device.
- Troubleshooting issues (even IT staff sometimes need to bypass MDM without permanently removing enrollment).
- Device language must be set to English. It can be changed afterward. (at least for my script to work)
- A fresh MacOS installation is recommended but not required.
- Boot into Recovery Mode.
- Use Disk Utility to erase the current disk.
- Rename your new volume (optional, but "Macintosh HD" is recommended).
- Reinstall MacOS (from Recovery Mode or an external USB installer).
Once installation is complete, the device will restart and present the setup wizard. One of the first steps is the network setup, so join the network and when you see the MDM Enrollment message, then DO NOT proceed past this step! Instead:
-
Turn off the device.
-
Boot back into Recovery Mode:
- Apple Silicon Macs: Hold the power button.
- Intel Macs: Hold CMD + R during boot.
-
Connect to Wi-Fi.
-
Open Safari and navigate to the script in my GitHub repo.
-
Copy the following command:
curl https://github.com/rnddave/remove-mdm/blob/main/mdm-cleaner.sh -o mdm-cleaner.sh && chmod +x ./mdm-cleaner.sh && ./mdm-cleaner.sh
-
Open Terminal (Utilities > Terminal).
-
Paste the command (CMD + V) and press Enter.
-
Select 1 to run the MDM bypass script.
-
Press Enter to accept the default username (Apple).
-
Press Enter to accept the default password (12345).
-
Wait for the script to finish and reboot your Mac.
- Log in with Username: Apple | Password: 12345.
- Skip setup steps (Apple ID, Siri, Touch ID, Location Services).
- Go to System Settings > Users and Groups and create your proper user account (probably a good idea to set yourself as an Admin).
- Log out of the temporary Apple account and log into your new account.
- If your new account is an admin, delete the temporary Apple account.
This is not guaranteed to be trouble-free and depends on the age of your device and how your system administrator has configured it. If Secure Boot is enabled (which is common for Macs after 2017), you may need an admin password to access Recovery Mode.
However, if you can access Recovery Mode without an admin password, you can try the following:
-
Open Terminal (Utilities > Terminal).
-
Type
cd /Volumes/and thenlsto list available volumes. -
Identify the correct system volume (e.g., "Macintosh HD").
-
Run (where $system_volume is the name of your volume as per step 3):
rm -rf /Volumes/"$system_volume"/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord rm -rf /Volumes/"$system_volume"/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound touch /Volumes/"$system_volume"/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled touch /Volumes/"$system_volume"/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
-
Block MDM servers:
echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/"$system_volume"/etc/hosts echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/"$system_volume"/etc/hosts echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/"$system_volume"/etc/hosts
Tampering with MDM settings—especially on a work-issued device—could have serious consequences, including termination of employment. This guide is intended only for IT professionals troubleshooting company devices and System Recyclers.
Sometimes fixing things means breaking them a little first…