Offboarding Clients

• Archiving Clients
• Retiring a device from FileWave
• Uninstall the FileWave Client on Windows
• Uninstall the FileWave Client on macOS
• Removing Android Devices

Archiving Clients

One of the State options of FileWave is archiving clients.  Archived clients do not consume a FileWave licence.  Device records will continue to exist from the point of archive, but the device will no longer receive any communication with the FileWave Server.

Archived devices are known to be 'removed from the FileWave Model'.  Model Update changes will not apply.

Archived Clients are hidden from view by default, but there is the option to 'Show' them if desired:

Archiving, removes devices from the FileWave Model

A Model Update is required after making any state change.

 

Computer Clients

Once archived, computer clients will not be included in any model updates, nor will their inventory update with the server.  

At any point, the device may be removed back from archived using the Reinstate option.

Since the FileWave Client is not removed on archive, the device should continue to check back in as before, updating to the latest model.

Apple MDM enrolment is of concern when re-instating, as highlighted in the below section.

The following KB articles describe removing the FileWave Client.   If attempting to remove the client through FileWave, these Filesets should be pushed to devices prior to archiving:

Uninstall the FileWave Client on Windows

Uninstall the FileWave Client on macOS

Clearly, if the FileWave Client is removed from the device, a Reinstate will not cause the device to check back in.  The FileWave Client will requiring reinstalling.

Apple MDM

When archiving devices which are MDM enrolled, it is possible for the enrolment profile to be removed during the state change to archived.  Whether the enrolment profile removal is attempted is based upon either the type of enrolment or the FileWave Central Admin setting found in:

• Preferences > Mobile

Devices will not be able to report success of the profile removal, since once the profile is removed, there is no longer a mechanism to report back success.

Archiving a device enrolled using Automated Device Enrolment (also know as DEP) will even attempt to remove enrolment profiles which are configured to be non-removable.  Indeed, Apple only supply two official options for removing an enrolment profile configured as non-removable: MDM command to remove (as triggered by archiving) and wiping the device.

See the troubleshooting section below for further information on removing a non-removable profile.

Troubleshooting

Since MDM enrolment profiles may be configured to be non-removable, how can this be addressed if for some reason the command to remove the profile is not received, since it is not possible to re-instate and try another archive.

If the reason the below is being attempted is due to a device no longer appearing to be MDM enrolled despite it originally being otherwise, recommendation would be to try the below option for re-enrolment, before using the extreme method of disabling SIP and editing the OS.

Apple's SIP (System Integrity Protection) prevents certain folders and files being altered, enrolment profile and related files included.  Therefore, to remove a non-removable profile without wiping the device, involves disabling SIP, removing the related files and then reinstating SIP for security.

The below methods are not supported by Apple or FileWave and any unexpected behaviour from attempting any of the following is the sole responsibility of those actioning the commands.

Disabling SIP

• Boot into recovery (reboot the device and hold the two keys CMD and R when presented with the Apple Logo)
• Use the menu to open Terminal
• In Terminal, type the following:

# csrutil disable  && reboot

This should both disable SIP and cause the computer to reboot to finalise the process.

Removing Enrolment

Enrolment profile and matching files are found in the following directory:

# /var/db/ConfigurationProfiles/

Use the following commands to remove profiles and reinstate SIP:

# rm -rf /var/db/ConfigurationProfiles/Store/*
# csrutil clear
# reboot

Re-Enrolment

If it is deemed necessary to re-enrol the device, follow these final steps:

• Reinstate the device in FileWave (you cannot re-enrol an archived device - A Model Update is required afterwards)
• Log into the device with an Administrator account
• Trigger the below command via Terminal:

• # sudo profiles renew -type enrollment

• A macOS notification should appear, which will need to be accepted by entering the Administrators Password
• Another notification should appear, requesting the authentication (username and password) of the user to enrol the device

On completion the device should have re-enrolled.  Confirmation may be observed with the following command and similar output.  

Output may vary depending upon macOS version.  Server name will be the name of the server the device enrolled with.

# sudo profiles status -type enrollment
Enrolled via DEP: Yes
MDM enrollment: Yes (User Approved)
MDM server: https://demoserver.filewave.net:20443/ios/mdm

 

 

Retiring a device from FileWave

In some cases, you may find yourself in a position where retiring a device is the wisest thing to do. Here are some steps to assist you in that process based on the operating system a device is running.

iOS

1. Log into ASM

2. Search for the device by serial number under Devices on the right-hand side of the screen

3. Click on the device to highlight it

4. Click Edit Device Management 

5. Choose Unassign

6. Continue

7. OK

8. Go to FileWave Admin

9. Assistants

10. DEP Associations Mangement

11. Hold down Option 

12. Click Full DEP Sync

13. Search for the device in 

14. DEP Associations Mangement

15. Note that it should no longer appear here

16. Wipe the device

17. Search for the device in FileWave Admin > Clients

18. Single-click on the device

19. Click Delete at the top of the window

20. Update Model

macOS

1. Log into ASM

2. Search for the device by serial number under Devices on the right-hand side of the screen

3. Click on the device to highlight it

4. Click Edit Device Management 

5. Choose Unassign

6. Continue

7. OK

8. Go to FileWave Admin

9. Assistants

10. DEP Associations Mangement

11. Hold down Option 

12. Click Full DEP Sync

13. Search for the device in 

14. DEP Associations Mangement

15. Note that it should no longer appear here

16. You can wipe the device if you would like, however, we have a KB article with a fileset that removes the FileWave Client: Uninstall the FileWave Client on macOS

17. Noe that the MDM Profile will still be on the device. It can be removed depending on the OS version. Starting in Catalina, if a profile is deployed via MDM it can only be removed via MDM. In those cases, we recommend wiping the device. Leaving it in place won't harm or change anything. 

18. Search for the device in FileWave Admin > Clients

19. Single-click on the device

20. Click Delete at the top of the window

21. Update Model

Windows

1. Click on the Start Menu button

2. Type remove in the search bar

3. Choose Add/Remove Programs

4. Scroll down to find the FileWave Client

5. Click Remove

6. Allow the FileWave Client to uninstall

7. Search for the device in FileWave Admin > Clients

8. Single-click on the device

9. Click Delete at the top of the window

10. Update Model

We also have a Remove from System option for you to consider. You can read more about that here: Remove from System

Uninstall the FileWave Client on Windows

Description

The below Fileset can be used to uninstall the FileWave client on Windows machines. 

Ingredients

• FW Admin
• FileWave Client uninstall Fileset

Directions

1. Download the attached Fileset from the recipe.
2. Drag and drop the unzipped Fileset in to your Filesets tab. Please make sure to drag it in your root level of your Filesets structure so it is not accidentally deployed to devices. This Fileset will uninstall the client and break communication to your FileWave server.
3. Associate the Fileset to machines that you want to remove from FileWave.
4. Once the Fileset is sent out the devices will not check back in and can be deleted from FileWave.

Windows-ClientUninstaller.fileset.zip

Last tested successfully November 10th, 2021. 

Uninstall the FileWave Client on macOS

Description

The below methods can be used to uninstall the FileWave client on macOS machines. 

Updated with version 4.1.  Version 4 did not allow for the removal of the FileWave VNC client and as such will cause devices to reboot and not uninstall the FileWave Client.  Please update to version 4.1 to avoid this issue.  Version 4.1 will still work with older version of FileWave Client.

Ingredients

• FileWave Uninstall, Fileset or Stanadalone

Directions

Fileset

1. Download the attached Fileset and unzip
2. Drag and drop the unzipped Fileset in to your Filesets tab. Please make sure to drag it in your root level of your Filesets structure so it is not accidentally deployed to devices. This Fileset will uninstall the client and break communication to your FileWave server.
3. Associate the Fileset to machines that you want to remove from FileWave.
4. Once the Fileset is sent out the devices will not check back in and can be deleted from FileWave.

↓ macOS

Standalone

1. Download the attached script
2. Use Terminal to run the script locally as root

↓ macOS

This will uninstall the FileWave Client, but it will not remove an MDM enrolment profile if installed.  As such, the device may still be able to connect back to the FileWave Server over MDM, but will be unmanageable.  Additionally, if the Custom PKG is configured to instal beyond initial enrolment, MDM can reinstall the client onto the device again.  Ensure the MDM profile is also removed if removing the client from FileWave.

Removing Android Devices

Wipe Device

Sending a wipe command to a device should cause the device to erase.  After doing so, on the next sync from Google, the device should turn red in FileWave.  It should then be possible to delete the device and Update the Model.

Removing a Device Without Enrolment

If the device is locally erased or the FileWave Client is removed from the device, FileWave and Google won't be aware of this.  Attempting to delete the device from FileWave will only seem successful until the next synchronisation with Google, when the device will be re-added.

Addressing this is actually exactly the same as above.  Despite the device no longer being enrolled, by sending a Wipe command to the device, on next synchronisation with Google, the device should turn red in FileWave and may be deleted just as above.