Offboarding Clients

• Archiving Clients
• Retiring a device from FileWave
• Uninstall the FileWave Client on Windows
• Uninstall the FileWave Client on macOS
• Removing Android Devices

Archiving Clients

One of the State options of FileWave is archiving clients.  Archived clients do not consume a FileWave licence.  Device records will continue to exist from the point of archive, but the device will no longer receive any communication with the FileWave Server.

Archived devices are known to be 'removed from the FileWave Model'.  Model Update changes will not apply.

Archived Clients are hidden from view by default, but there is the option to 'Show' them if desired:

Archiving, removes devices from the FileWave Model

A Model Update is required after making any state change.

 

Computer Clients

Once archived, computer clients will not be included in any model updates, nor will their inventory update with the server.  

At any point, the device may be removed back from archived using the Reinstate option.

Since the FileWave Client is not removed on archive, the device should continue to check back in as before, updating to the latest model.

Apple MDM enrolment is of concern when re-instating, as highlighted in the below section.

The following KB articles describe removing the FileWave Client.   If attempting to remove the client through FileWave, these Filesets should be pushed to devices prior to archiving:

Uninstall the FileWave Client on Windows

Uninstall the FileWave Client on macOS

Clearly, if the FileWave Client is removed from the device, a Reinstate will not cause the device to check back in.  The FileWave Client will requiring reinstalling.

Apple MDM

When archiving devices which are MDM enrolled, it is possible for the enrolment profile to be removed during the state change to archived.  Whether the enrolment profile removal is attempted is based upon either the type of enrolment or the FileWave Central Admin setting found in:

• Preferences > Mobile

Devices will not be able to report success of the profile removal, since once the profile is removed, there is no longer a mechanism to report back success.

Archiving a device enrolled using Automated Device Enrolment (also know as DEP) will even attempt to remove enrolment profiles which are configured to be non-removable.  Indeed, Apple only supply two official options for removing an enrolment profile configured as non-removable: MDM command to remove (as triggered by archiving) and wiping the device.

See the troubleshooting section below for further information on removing a non-removable profile.

Troubleshooting

Since MDM enrolment profiles may be configured to be non-removable, how can this be addressed if for some reason the command to remove the profile is not received, since it is not possible to re-instate and try another archive.

If the reason the below is being attempted is due to a device no longer appearing to be MDM enrolled despite it originally being otherwise, recommendation would be to try the below option for re-enrolment, before using the extreme method of disabling SIP and editing the OS.

Apple's SIP (System Integrity Protection) prevents certain folders and files being altered, enrolment profile and related files included.  Therefore, to remove a non-removable profile without wiping the device, involves disabling SIP, removing the related files and then reinstating SIP for security.

The below methods are not supported by Apple or FileWave and any unexpected behaviour from attempting any of the following is the sole responsibility of those actioning the commands.

Disabling SIP

• Boot into recovery (reboot the device and hold the two keys CMD and R when presented with the Apple Logo)
• Use the menu to open Terminal
• In Terminal, type the following:

# csrutil disable  && reboot

This should both disable SIP and cause the computer to reboot to finalise the process.

Removing Enrolment

Enrolment profile and matching files are found in the following directory:

# /var/db/ConfigurationProfiles/

Use the following commands to remove profiles and reinstate SIP:

# rm -rf /var/db/ConfigurationProfiles/Store/*
# csrutil clear
# reboot

Re-Enrolment

If it is deemed necessary to re-enrol the device, follow these final steps:

• Reinstate the device in FileWave (you cannot re-enrol an archived device - A Model Update is required afterwards)
• Log into the device with an Administrator account
• Trigger the below command via Terminal:

• # sudo profiles renew -type enrollment

• A macOS notification should appear, which will need to be accepted by entering the Administrators Password
• Another notification should appear, requesting the authentication (username and password) of the user to enrol the device

On completion the device should have re-enrolled.  Confirmation may be observed with the following command and similar output.  

Output may vary depending upon macOS version.  Server name will be the name of the server the device enrolled with.

# sudo profiles status -type enrollment
Enrolled via DEP: Yes
MDM enrollment: Yes (User Approved)
MDM server: https://demoserver.filewave.net:20443/ios/mdm

 

 

Retiring a device from FileWave

Whether selling or removing devices that no longer function or are beyond use, it may be necessary to remove them from FileWave.  The following steps should assist with this process.

The basics are:

• Ensure all enrolment configuration is removed from device or device is wiped
• Delete the device from within FileWave

Apple Business or School Manager Specific

Where devices are MDM enrolled through a Business or School Manager account, if the devices are no longer going to belong to the organisation, they should be released from Apple.  Please see Apple's documentation to action this process:

• Release devices in Apple Business Manager
• Release devices in Apple School Manager

After releasing a device, a subsequent synchronisation with DEP should remove the device from the DEP Associations Management view.

If devices are not released, after being wiped, they will force the user to re-enrol the device, if there is still an associated DEP Enrolment Profile

Pre-Deletion

There are two choices:

• Wipe devices
• Remove enrolment, e.g. selling devices to users, allowing them to keep data.

Wipe

Either locally trigger devices to be wiped or where possible, FileWave Central Admin App may send a command to wipe devices.  Update Model after actioning a Wipe command.

Not Wiping

If devices are not to be wiped, enrolment should be removed from the devices.

Device Type	Apple MDM Enrolled	FileWave Client Enrolled
Apple Mobile	Remove Enrolment Profile*	-
Apple Computer		Uninstall FileWave Client
Windows	-

* Apple Enrolment Profile may be removable from Settings.

 If Apple devices are enrolled with a setting to prevent the MDM Enrolment Profile from being removed through Settings, Archiving a device sends a command to remove the Enrolment Profile from the device.

To Archive a device, open the FileWave Central Admin App, select device, right click and choose Client State > Archive, followed by an Update Model.

Uninstalling FileWave Client

macOS

Please follow the instructions on removing the FileWave Client

• Uninstall the FileWave Client on macOS

Windows

1. Click on the Start Menu button

2. Type remove in the search bar

3. Choose Add/Remove Programs

4. Scroll down to find the FileWave Client

5. Click Remove

6. Allow the FileWave Client to uninstall

Deletion

Once devices have been wiped or any enrolment has been removed, the devices may then be deleted from FileWave.

1. Open the FileWave Central Admin App

2. Select device(s) from the Clients view

3. Right click
4. Choose Delete
5. Update Model

Archived devices may be either deleted or left in FileWave.  Archived clients are merely fixed records, there is no further attempts to communicate with the device and they do not use up FileWave client licences.

If any enrolment configuration is not removed from the device prior to deletion, the device will attempt to check back and may recreate the device record.

Uninstall the FileWave Client on Windows

Description

The below Fileset can be used to uninstall the FileWave client on Windows machines. 

Ingredients

• FW Admin
• FileWave Client uninstall Fileset

Directions

1. Download the attached Fileset from the recipe.
2. Drag and drop the unzipped Fileset in to your Filesets tab. Please make sure to drag it in your root level of your Filesets structure so it is not accidentally deployed to devices. This Fileset will uninstall the client and break communication to your FileWave server.
3. Associate the Fileset to machines that you want to remove from FileWave.
4. Once the Fileset is sent out the devices will not check back in and can be deleted from FileWave.

Windows-ClientUninstaller.fileset.zip

Last tested successfully November 10th, 2021. 

Uninstall the FileWave Client on macOS

Description

The below methods can be used to uninstall the FileWave client on macOS machines. 

Updated with version 4.1.  Version 4 did not allow for the removal of the FileWave VNC client and as such will cause devices to reboot and not uninstall the FileWave Client.  Please update to version 4.1 to avoid this issue.  Version 4.1 will still work with older version of FileWave Client.

Ingredients

• FileWave Uninstall, Fileset or Stanadalone

Directions

Fileset

1. Download the attached Fileset and unzip
2. Drag and drop the unzipped Fileset in to your Filesets tab. Please make sure to drag it in your root level of your Filesets structure so it is not accidentally deployed to devices. This Fileset will uninstall the client and break communication to your FileWave server.
3. Associate the Fileset to machines that you want to remove from FileWave.
4. Once the Fileset is sent out the devices will not check back in and can be deleted from FileWave.

↓ macOS

Standalone

1. Download the attached script
2. Use Terminal to run the script locally as root

↓ macOS

This will uninstall the FileWave Client, but it will not remove an MDM enrolment profile if installed.  As such, the device may still be able to connect back to the FileWave Server over MDM, but will be unmanageable.  Additionally, if the Custom PKG is configured to instal beyond initial enrolment, MDM can reinstall the client onto the device again.  Ensure the MDM profile is also removed if removing the client from FileWave.

Removing Android Devices

Wipe Device

Sending a wipe command to a device should cause the device to erase.  After doing so, on the next sync from Google, the device should turn red in FileWave.  It should then be possible to delete the device and Update the Model.

Removing a Device Without Enrolment

If the device is locally erased or the FileWave Client is removed from the device, FileWave and Google won't be aware of this.  Attempting to delete the device from FileWave will only seem successful until the next synchronisation with Google, when the device will be re-added.

Addressing this is actually exactly the same as above.  Despite the device no longer being enrolled, by sending a Wipe command to the device, on next synchronisation with Google, the device should turn red in FileWave and may be deleted just as above.