[Mac] 一直跳出設定檔過期 Expiring configuration profile 的訊息?

最近家裡的一台 Mac 時常跳出一個訊息,

說設定檔過期 (Expiring configuration profile):


但如果點下 Show 的話,會開啟 System Preferences,

但又說 Profiles 這個項目無法使用…

點下 OK 之後,會發現 Profiles 那個按鈕是灰色的,不能點按:




而且也搞不太懂這 configuration profile 是什麼東西…


後來查到 Apple Support: Use Profile-based certificate renewal in macOS

看到裡面有用到一個 profiles 指令,就來試試看吧~


執行 profiles help 看一下用法:

testuser@localhost ~ $ profiles help

profiles allows you to add or remove configuration or application provisioning profiles on macOS.
    Use 'profiles help' for this help section, or use the man page for expanded instructions.
    Basic usage is in the form:  'profiles  []'

    Command Verbs:
                    status - indicates if profiles are installed
                    list - list profile information
                    show - show expanded profile information
                    install - install profile
                    remove - remove profile
                    sync - synchronize installed configuration profiles with known users
                    renew - renew configuration profile installed certificate
                    version - display tool version number

    Options:    (not all options are meaningful for a command)
                    -type= - type of profile; either 'configuration', 'provisioning', 'enrollment', or 'startup'
                    -user= - short user name
                    -identifier= - profile identifier
                    -path= - file path
                    -uuid= - profile UUID
                    -enrolledUser= - enrolled user name
                    -verbose - enable verbose mode
                    -forced - when removing profiles, automatically confirms requests
                    -all - select all profiles
                    -quiet - enable quiet mode


執行 profile status,可以看到目前我的系統上有 3 個設定檔:

testuser@localhost ~ $ profiles status

There are 3 configuration profiles installed on this system


如果直接執行 profiles list 會寫說

There are no configuration profiles installed for user xxx,

因此得加上 -all 來查看系統安裝的設定檔,而非看目前使用者的設定檔:

testuser@localhost ~ $ sudo profiles list -all

_computerlevel[1] attribute: profileIdentifier: com.apple.mdm.tw-applemgm.testnet.00000000-1111-2222-3333-123456789012.pushed
_computerlevel[2] attribute: profileIdentifier: com.apple.config.tw-applemgm.testnet.ssl
_computerlevel[3] attribute: profileIdentifier: com.apple.config.tw-applemgm.testnet.mdm


profiles list 列出了設定檔的識別字,

接著試試 profiles show 看能不能看到多一點資訊…


testuser@localhost ~ $ sudo profiles show com.apple.config.tw-applemgm.testnet.ssl

_computerlevel[1] attribute: name: Settings for Mac Devices
_computerlevel[1] attribute: configurationDescription:  – "- NOTICE - This is a private computer facility protected by a security system. Access to and the use of this facility requires explicit,current authorization and is strictly limited to purposes of this organization’s business. Unauthorized access or attempt at unauthorized access,use,copying,alteration,destruction,or damage to the facility's data,programs,or equipment may violate applicable law and may result in criminal prosecution or civil liability,or both."
_computerlevel[1] attribute: installationDate: 2017-01-04 02:57:20 +0000
_computerlevel[1] attribute: organization: TestCorporate
_computerlevel[1] attribute: profileIdentifier: com.apple.mdm.tw-applemgm.testnet.00000000-1111-2222-3333-123456789012.pushed
_computerlevel[1] attribute: profileUUID: 00000000-1111-2222-3333-123456789012
_computerlevel[1] attribute: profileType: Configuration
_computerlevel[1] attribute: removalDisallowed: FALSE
_computerlevel[1] attribute: version: 1
_computerlevel[1] attribute: containsComputerItems: TRUE
_computerlevel[1] attribute: internaldata: TRUE
_computerlevel[2] attribute: name: Remote Management
_computerlevel[2] attribute: configurationDescription: Allows the server to manage your device.
_computerlevel[2] attribute: installationDate: 2017-01-23 15:30:17 +0000
_computerlevel[2] attribute: organization: TestCorporate
_computerlevel[2] attribute: profileIdentifier: com.apple.config.tw-applemgm.testnet.mdm
_computerlevel[2] attribute: profileUUID: 301CDDFA-2E40-4CDE-8C55-009091D1A1D7
_computerlevel[2] attribute: profileType: Configuration
_computerlevel[2] attribute: removalDisallowed: FALSE
_computerlevel[2] attribute: version: 1
_computerlevel[2] attribute: containsComputerItems: TRUE
_computerlevel[2] attribute: internaldata: TRUE
_computerlevel[3] attribute: name: Trust Profile for TestCorporate
_computerlevel[3] attribute: configurationDescription: Installs the Root certificate for TestCorporate.
_computerlevel[3] attribute: installationDate: 2016-07-21 15:20:06 +0000
_computerlevel[3] attribute: organization: (null)
_computerlevel[3] attribute: profileIdentifier: com.apple.config.tw-applemgm.testnet.ssl
_computerlevel[3] attribute: profileUUID: BA0CB2C6-D1C5-4CA2-81BC-47EEA6DC0638
_computerlevel[3] attribute: profileType: Configuration
_computerlevel[3] attribute: removalDisallowed: FALSE
_computerlevel[3] attribute: version: 1
_computerlevel[3] attribute: containsComputerItems: TRUE
_computerlevel[3] attribute: internaldata: TRUE


不過從這些訊息來看,想起來這應該是之前 Mac 連上公司時,

公司要求安裝的 Mac profile,為的是可以管理所有連上公司的 Mac 機器~




執行 profiles remove 來移除這些設定檔:

sudo profiles remove -identifier=com.apple.config.tw-applemgm.testnet.mdm
sudo profiles remove -identifier=com.apple.config.tw-applemgm.testnet.ssl



testuser@localhost ~ $ sudo profiles list -all

There are no configuration profiles installed


這時候,按 Cmd-Q 完全關閉 System Preferences 再重開,

發現 Profiles 圖示已經可以點按,只是沒有任何的設定檔。

再過一陣子,連 Profiles 圖示也完全消失了,應該是因為沒有設定檔可用的關係:



