Как удалить device policy
Перейти к содержимому

Как удалить device policy

  • автор:

How to uninstall MDM agent from the managed Android device?

This document will explain the steps involved in uninstalling the agent from managed Android devices. Before uninstallation, it is recommended to understand the benefits of MDM app for Android and the need to install the MDM agent on Android devices, including Samsung Knox devices.

Steps

You can uninstall the MDM agent from the managed Android devices by following the steps mentioned below:

  1. On the managed mobile device, go to Settings.
  2. Navigate to Security.
  3. Select Device Administrator and disable it.
  4. Under Settings, go to Applications.
  5. Select ManageEngine Mobile Device Manager Plus and Uninstall the MDM agent.

In case the device is unmanaged from MDM server when agent app is hidden on the device, you will be unable to uninstall MDM agent from the device using the steps given above if there are connectivity issues. To avoid this, you can unhide the app and then remove it as explained here.

Additional Resources

  • More information on the ME MDM agent as the MCM client
  • How to restrict users from performing a factory reset on devices managed by MDM?
  • How to remove devices enrolled into MDM using Samsung Knox Mobile Enrollment?

Modify the Configuration of a Device

The CLI enables you to modify an existing Junos OS configuration. This section explains the specifics of adding a statement, deleting a statement, copying a statement, and inserting a new identifier, including examples.

Display Users Currently Editing the Configuration

To display the users currently editing the configuration, use the status configuration mode command:

user@host# status Users currently editing the configuration: rchen terminal p0 (pid 55691) on since 2018-03-01 13:17:25 PST [edit interfaces]

The system displays who is editing the configuration ( rchen ), where the user is logged in ( terminal p0 ), the date and time the user logged in ( 2018-03-01 13:17:25 PST ), and what level of the hierarchy the user is editing ( [edit interfaces] ).

If you issue the status configuration mode command and a user has scheduled a candidate configuration to become active for a future time, the system displays who scheduled the commit ( root ), where the user is logged in ( terminal d0 ), the date and time the user logged in ( 2018-10-31 14:55:15 PST ), and that a commit is pending (commit at).

[edit] user@host# status Users currently editing the configuration: root terminal d0 (pid 767) on since 2018-10-31 14:55:15 PST, idle 00:03:09 commit at

If you issue the status configuration mode command and a user is editing the configuration in configure exclusive mode, the system displays who is editing the configuration ( root ), where the user is logged in ( terminal d0 ), the date and time the user logged in ( 2018-11-01 13:05:11 PST ), and that a user is editing the configuration in configure exclusive mode ( exclusive [edit] ).

[edit] user@host# status Users currently editing the configuration: root terminal d0 (pid 2088) on since 2018-11-01 13:05:11 PST exclusive [edit]

See Also

How to Modify the Juniper Networks Device Configuration

To configure a Juniper Networks device or to modify an existing configuration, you add statements to the configuration using the edit and set commands. For each statement hierarchy, you create the hierarchy starting with a statement at the top level. You then continue creating the hierarchy with statements that move progressively lower in the hierarchy.

To modify the hierarchy, you use two configuration mode commands. Select the relevant command based on what you want to accomplish:

    edit —Moves to a specified hierarchy level. If that hierarchy level does not exist, the edit command creates it. The edit command has the following syntax:

edit statement-path>
set statement-path> statement identifier>

Statements can be either container statements or leaf statements. A container statement can include additional container statements within it, as well as leaf statements. A leaf statement, however, stands alone. The command edit? displays the container statements, while set? displays both the container and leaf statements, using > to differentiate between them.

You cannot use the edit command to change the value of identifiers. You must use the set command.

See Also

How to Add Configuration Statements and Identifiers

You configure all properties of a Juniper Networks device by including statements in the configuration. A statement consists of a keyword, which is fixed text. You can also include an identifier in a statement. An identifier is an identifying name that you define, such as the name of an interface or a username, and that enables you and the CLI to discriminate among a collection of statements.

For example, the following list shows the statements available at the top level in configuration mode:

user@host# set ? Possible completions: > accounting-options Accounting data configuration + apply-groups Groups from which to inherit configuration data > chassis Chassis configuration > class-of-service Class-of-service configuration > firewall Define a firewall configuration > forwarding-options Configure options to control packet sampling > groups Configuration groups > interfaces Interface configuration > policy-options Routing policy option configuration > protocols Routing protocol configuration > routing-instances Routing instance configuration > routing-options Protocol-independent routing option configuration > snmp Simple Network Management Protocol > system System parameters

An angle bracket ( > ) before the statement name indicates that it is a container statement and that you can define other statements at levels below it. If there is no angle bracket ( > ) before the statement name, the statement is a leaf statement; you cannot define other statements at hierarchy levels below it.

A plus sign (+) before the statement name indicates that it can contain a set of values. To specify a set, include the values in brackets. For example:

[edit] user@host# set policy-options community my-as1-transit members [65535:10 65535:11] 

In some statements, you can include an identifier. For some identifiers, such as interface names, you must specify the identifier in a precise format. For example, the interface name so-0/0/0 refers to a SONET/SDH interface that is on the Flexible PIC Concentrator (FPC) in slot 0, in the first PIC location, and in the first port on the Physical Interface Card (PIC).

For other identifiers, such as interface descriptive text and policy and firewall term names, you can specify any name, including special characters, spaces, and tabs.

You must enclose identifiers in quotation marks (double quotes). You must also use quotation marks to enclose identifiers and any strings that include a space, a tab character, or any of the following characters:

If you do not type an option for a statement that requires one, a message indicates the type of information required. In this example, you must type an area number to complete the command:

[edit] user@host# set protocols ospf area ^ syntax error, expecting

Uninstall the JumpCloud Agent

If you don’t want JumpCloud to manage a device, remove the following components:

  • The device’s record from the Admin Portal.
  • The agent from the local device.
  • Any JumpCloud policies on the local device.

If a device is active, all of these components are automatically removed for you. You can find the status of a device in the Admin Portal in the Devices list. Depending on the device status, the agent’s components are uninstalled in the following ways:

Component Uninstall Based on Device Status

Status Device Record Agent Policies
Active, System Reporting Removed Removed Removed
Inactive, System Not Reporting Removed Not removed Not removed
  • If the device has a status of Active, System Reporting when it’s deleted from the Admin Portal, the device’s record, the JumpCloud agent, and policies are automatically removed.
  • If the device has a status of Inactive, System Not Reporting when it’s deleted from the Admin Portal, only the device’s record is removed. To complete the uninstall process, you need to log on to that device and manually remove the agent and policies.

There are two methods to uninstall the agent:

  • Using the Admin Portal to Uninstall the Agent
  • Using the JumpCloud API to Uninstall the Agent

Both of these tools can uninstall all agent components from Mac, Windows, and Linux devices.

Considerations:

  • In rare cases, policies aren’t removed automatically from Windows devices. If this happens, you can manually remove Windows policies.
  • Uninstalling the agent from a device should be used as a last resort if the device is no longer online or communicating with JumpCloud.

Using the Admin Portal to Uninstall the Agent

When you remove the agent from a device, all associated policies, files, and directories are also removed. See the complete list in Agent Compatibility, System Requirements, and Impacts.

Considerations:

  • If you log on to a device and manually remove the agent first, a record remains in the Admin Portal. You can use these steps to remove only the device record if the device has a status of Inactive, System Not Reporting.

To uninstall the agent from the Admin Portal:

  1. Log in to the Admin Portal: https://console.jumpcloud.com.
  2. Go to Device Management >Devices.
  3. Select the device you want to stop managing. To uninstall all JumpCloud components associated with the device, make sure it has a status of Active, System Reporting.
  4. Click delete.

The device’s record is removed from the Admin Portal.

  • If the device has a status of Active, System Reporting when it’s deleted from the Admin Portal, the JumpCloud agent and policies are also automatically removed.
  • If the device has a status of Inactive, System Not Reporting when it’s deleted from the Admin Portal, you need to log in to that device and manually remove the agent and policies.
  • It can take up to two minutes for the agent and all associated files to be uninstalled from the local device.

Best Practice:

If you’re removing the agent from a Windows device, verify the JumpCloud policies have been removed by running this command as administrator:

gpresult /Scope Computer /v

Using the JumpCloud API to Uninstall the Agent

Follow these steps to run a curl command to access the JumpCloud API and uninstall the agent. The JumpCloud API allows interaction with JumpCloud resources such as commands, devices, and users.

Considerations:

  • Deleting a device through the JumpCloud API can take up to a minute to complete.
  • When you remove the agent from a device, all associated policies, files, and directories are also removed. See the complete list in the Agent Compatibility, System Requirements, and Impacts article.
  • If you log on to a device and manually remove the agent first, a record remains in the Admin Portal. You can use these steps to remove only the system record if the system has a status of Inactive, System Not Reporting.

To uninstall the agent from the Admin Portal:

  1. Review the API documentation to determine, based on your type of integration, which version of the JumpCloud API to use.
  2. Use the following sample request, replacing SystemID and API_KEY with the values specific to the device you want to stop managing. For definitions of keys, path parameters, and headers, review the API documentation for Delete command.

curl -X DELETE https://console.jumpcloud.com/api/systems/ \
-H ‘Accept: application/json’ \
-H ‘Content-Type: application/json’ \
-H ‘x-api-key: ‘

When the command completes successfully, the system’s record is removed from the Admin Portal.

  • If the device has a status of Active, System Reporting when it’s deleted from the Admin Portal, the JumpCloud agent and policies are also automatically removed.
  • If the device has a status of Inactive, System Not Reporting when it’s deleted from the Admin Portal, you need to log on to that system and manually remove the agent and policies.

Best Practice:

  • If you’re removing the agent from a Windows device, verify the JumpCloud policies have been removed by running this command as administrator:

gpresult /Scope Computer /v

Manually Remove the Agent from an Inactive Device

You should use these steps only if you want to uninstall the agent from a device that has a status of Inactive, System Not Reporting in the Admin Portal.

Considerations:

  • If the device has a status of Active, System Reporting, you should remove all agent components automatically using either the Admin Portal or the JumpCloud API.
  • If you log on to a device and manually remove the agent first, a record remains in the Admin Portal. You also need to remove the record using either the Admin Portal or the JumpCloud API.

To manually remove the agent:
Use the steps in the following table for the OS on your system.

  1. Download the remove Mac agent script.
  2. Run the script:
sudo sh remove_mac_agent.sh

You need an administrator password to run the sudo command.

  1. Open the Control Panel.
  2. Click Programs and Features.
  3. Click JumpCloud agent («JumpCloud v1.0»).
  4. Click Uninstall.

If you want to reinstall the agent for Windows, follow the instructions in Install or Reinstall the Agent with PowerShell.

  1. Log on to the device as an administrator.
  2. Open a command prompt.
  3. At the prompt, type:
service jcagent stop
apt-get remove jcagent
rm -rf /opt/jc
  1. Log on to the device as an administrator.
  2. Open a command prompt.
  3. At the prompt, type:
service jcagent stop
yum remove jcagent
rm -rf /opt/jc

Manually Remove JumpCloud Policies from a Windows Device

Follow these steps only after you have uninstalled the agent. If the JumpCloud policies weren’t automatically removed, you can manually remove them from the Windows device.

Warning:

When you clear the device’s local Group Policy cache, you’re removing not only JumpCloud policies, but all other policies that have been applied, including Windows User and Group policies.

In these steps, you’ll use the secedit command to clear the system’s local Group Policy cache. The secedit command lets you configure the current device’s security settings stored in a database.

To remove JumpCloud policies from a Windows device:

  1. Log on to the device as an administrator.
  2. Verify JumpCloud policies remain after an uninstallation by running this command:

gpresult /Scope Computer /v

  1. If group policies are listed, open a PowerShell terminal.
  2. At the prompt, type this command:

secedit /configure /cfg $env:windir\inf\defltbase.inf /db defltbase.sdb /verbose
Remove-Item $env:windir\System32\GroupPolicyUsers
Remove-Item $env:windir\System32\GroupPolicy
gpupdate /force

  1. After you run this command, you need to reapply any Windows User and Group policies that are required by your organization.

Device Status After Removing JumpCloud

When you remove JumpCloud from a device, either by deleting the device in the Admin Portal, or by manually removing the agent from the system, the following will occur:

  1. The JumpCloud agent will be removed from the system.
  2. All users on the system will remain unaffected regardless of whether they were provisioned by JumpCloud or were pre-existing and taken over by JumpCloud.
  3. All user data and permissions on the system remain as is.
  4. Any commands set up to run on that system via JumpCloud Commands will no longer run, regardless of how those commands are launched (this means you’ll need to move any scheduled commands manually in cron or another scheduling tool).

Your Data In JumpCloud

  1. Your account will remain intact, should you wish to use JumpCloud in the future.
  2. If you remove enough users to get below 11, your charges will drop to $0 and your account will continue as is going forward.
  3. Any undeleted devices that go offline without being removed from the JumpCloud Admin Portal will remain in the Portal indefinitely, or until JumpCloud chooses to delete them.

Политика кон­фи­ден­ци­аль­нос­ти

1) Данные о Пользователе, предоставляемые Пользователем в процессе регистрации в Сервисе для создания учетной записи: включая имя, nickname, номер мобильного телефона, пол, дата рождения, фото профиля и т.п.

2) Дополнительная информация, заполняемая Пользователем при редактировании своей учетной записи в процессе использования Сервиса: фото профиля и т.п.

Администрация осуществляет обработку указанных данных исключительно после активного согласия Пользователя в интерфейсе Сервиса. Указанные данные не публикуются и не раскрываются.

  1. Обработка данных Пользователей осуществляется на основании законодательства РФ.
  1. Администрация оставляет за собой право вносить изменения и дополнения в настоящую Политику. Новая редакция Политики вступает в силу с момента её размещения на сайте по адресу: blinkmap.com/privacy. Пользователь обязуется самостоятельно регулярно знакомиться с новыми редакциями Политики.
  1. Пользователи вправе направлять Администрации свои запросы относительно использования их персональных данных на адрес электронной почты policy@blinkmap.com.

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *