Un-enrolling a system

When you unenroll a Windows or Linux system from Centrify PAS, you're disconnecting it from the service. Unenrollment does not uninstall the client from the system, and unenrolled systems do continue to display in the list of systems but they display as unenrolled.

You can unenroll a single or multiple systems from the Systems page. You can also right-click a set and unenroll all systems in that set.

In order to unenroll a system from the Admin Portal, you must be assigned to a role that has the System Enrollment administrative right. To remove a system from Centrify PAS, you must have the View and Delete permissions.

You can also unenroll a system from the command line. For details, see cunenroll.

Note:   (Alpine Linux systems only) Before you uninstall the Centrify Client for Linux from an Alpine Linux system, you must unenroll the system first. The Alpine Linux package manager doesn't allow the service to verify that the client is unenrolled from Centrify PAS before uninstalling. If you uninstall the client without unenrolling first, you won't be able to log in to the system anymore.

To unenroll a system:

  1. In the Systems page, select one or more systems that you want to unenroll.

  2. From the Actions menu, if you selected a single system, choose System > Unenroll.

    If you selected multiple systems, choose System Unenroll Systems.

    A popup dialog appears for you to verify the unenroll operation.

  3. By default, the option to not unenroll any systems that have password reconciliation enabled is selected. You can deselect this option, if desired.

  4. Click Unenroll to continue.

    If you unenrolled multiple systems, a popup displays to inform you that the operation is scheduled and you'll get an email when the unenrollment is complete for all systems. That email includes a link to the job report.

    Click Close to close the popup message and return to the Systems page.

    The unenrolled systems will display in the list of systems as unenrolled and their client profile shows all features are disabled.

    If you run cinfo on the affected systems, the status message will indicate that the system is not enrolled in Centrify PAS. If you want to enroll the system again, you will need to use the -f force option; otherwise, the enrollment will fail with a message indicating that the system already exists in the platform.