Disable Device Enrollment Notification on Mac.md

Disable Device Enrollment Notification on Mac.md

Restart the Mac in Recovery Mode by holding Comment-R during restart

Open Terminal in the recovery screen and type

csrutil disable

Restart computer

Edit com.apple.ManagedClient.enroll.plist

In the terminal, type

sudo open /Applications/TextEdit.app /System/Library/LaunchDaemons/com.apple.ManagedClient.enroll.plist

change

<key>com.apple.ManagedClient.enroll</key>
        <true/>

to

<key>com.apple.ManagedClient.enroll</key>
        <false/>

Restart Computer again

So that the changes take effect

I got this working today on Big Sur. Here are the steps I followed.

Note that after installing the update that came out today (beta 7 I think) I had to redo these steps!

1. Restart in Recovery Mode (Command+R)
2. Utilities->Terminal
3. run command mount

make note of the dev for your root volume - in my case it was /dev/disk3s1 on /Volumes/Macintosh\ HD

1. umount /Volumes/Macintosh\ HD
2. mkdir /Volumes/Macintosh\ HD
3. mount -t apfs -rw /dev/disk3s1 /Volumes/Macintosh\ HD
4. Move the com.apple.ManagedClient* files out of their normal location

cd /Volumes/Macintosh\ HD/System/Library/LaunchAgents
mkdir tmp
mv com.apple.ManagedClientAgent.* tmp/
mv com.apple.mdmclient.* tmp/
cd ../LaunchDaemons
mkdir tmp
mv com.apple.ManagedClient.* tmp/
mv com.apple.mdmclient.* tmp/

1. Turn off authenticated-root in csrutil

csrutil authenticated-root disable

1. Save a snapshot of the currently mounted root filesystem

bless --folder /Volumes/Macintosh\ HD/System/Library/CoreServices --bootefi --create-snapshot

1. reboot

I also tested/verified what @SonyaLynn mentioned above, that if you turn authenticated-root back on it boots from the unmodified snapshot. I'm also not sure that the order of number 8 and 9 matter - the main thing I noticed is that you have to have the filesystem in read+write in order to bless the new snapshot.