Skip to main content

Linux Policy Cleanup After Unenrollment or Policy Deletion

Updated today

Applies to:

  • Swif's Linux agent 1.330.0 and later

Overview

When you remove a Linux device from management or delete a Linux policy, Swifteam now cleans up the changes that the policy made on the device.

This work ensures:

  • Policies do not leave behind stricter rules after they are deleted.

  • Devices return as closely as possible to their original or distro-default state.

  • Software update repositories created by Swif are removed when the corresponding policy is removed.

These improvements apply to all Linux policies, for example:

  • Password Policy (Ubuntu, Fedora, Manjaro)

  • Screen Saver Policy (Ubuntu, Linux Mint, Xubuntu)

  • Software Update Policy (Ubuntu / DEB-based repos)

Key Behaviors

1. Cleanup When a Device Is Unenrolled

When you unenroll a Linux device, Swifteam attempts to restore any files modified by Linux policies to their original or default state.

  • Policy-managed configuration files are reverted as close as possible to their pre-policy content.

  • Swifteam-created software update repositories related to Software Update Policy are removed.

This helps prevent unintended restrictions or configuration drift after a device is no longer managed.

2. Password Policy Deletion (Ubuntu, Fedora, Manjaro)

When you delete a Linux Password Policy that was applied to Ubuntu, Fedora, or Manjaro:

  • Password rules applied by Swifteam are removed.

  • PAM-related configuration files touched by the policy are reset back to their original or default state for that distro.

  • No leftover or stricter-than-default password complexity, expiry, or login rules remain due to the deleted policy.

What this means for admins

  • You can safely delete or retire a Password Policy without worrying that previously enforced rules will continue to affect users.

  • If you need to “roll back” password enforcement on a given Linux group, deleting or unassigning the policy will revert the device back to its prior behavior (as close as technically possible).

3. Screen Saver Policy Deletion (Ubuntu, Linux Mint, Xubuntu)

When you delete a Linux Screen Saver Policy applied to supported desktop environments (GNOME, Cinnamon, MATE, Xfce), Swifteam restores the previous or default screen saver/screen lock configuration.

Supported environments and where to view settings:

  • Ubuntu (GNOME):
    Settings → Privacy & Security → Screen Lock

  • Linux Mint (Cinnamon/MATE):
    Screensaver

  • Xubuntu (Xfce):
    Xfce Screensaver

Behavior after deletion

  • Enforced screen lock/saver settings (e.g., lock timeout, “lock on suspend”) are reset to default/pre-policy values.

  • No residual screen lock or screensaver restrictions from the deleted policy remain on the device.

4. Software Update Policy Deletion (Ubuntu / DEB-based)

When you delete a Linux Software Update Policy that added package repositories:

  • Repository definitions created by the policy are removed.

  • For Ubuntu (and other DEB platforms using APT), the specific repo file created by Swifteam for that policy is deleted.

Example (Ubuntu)

If your policy added a Microsoft VS Code repository, the agent:

  • Creates an APT source file such as:
    /etc/apt/sources.list.d/swif-packages_microsoft_com.list

  • When you delete the Software Update Policy, that file is removed.

  • No orphaned repository entries from this policy remain in other list files.

This prevents outdated or undesired third‑party repositories from persisting after policy removal.

Supported Distros and Agent Version

The behavior has been tested and verified with all policies, for example:

  • Linux agent version: 1.330.0 and later

  • Password Policy: Ubuntu, Fedora, Manjaro

  • Screen Saver Policy: Ubuntu, Linux Mint, Xubuntu

  • Software Update Policy: Ubuntu (APT/DEB-based)

If you are using earlier agent versions, upgrade to 1.330.0+ to benefit from these cleanup behaviors.

Admin Tips and Best Practices

  • Plan policy lifecycle:
    You can confidently assign, adjust, and delete Linux policies knowing that deletion will revert changes where supported.

  • Check current settings on a device:

    • Password rules: review PAM configuration or perform password change tests.

    • Screen saver/lock: open the system UI listed above for each distro.

    • Software repos: list files under /etc/apt/sources.list.d/ on Ubuntu-based systems.

  • Cross‑OS consistency:
    This change is part of an ongoing effort to keep policy removal behavior consistent across platforms (Linux, macOS, Windows). Always review the latest documentation for each OS type to understand specific cleanup guarantees.

Related Articles
How to Enroll Linux Devices in Swif
Linux Software Update Policy
Linux-specific MDM policies available in Swif
Configuring a Login Message Policy for Linux
Installing swif-agent via Linux Repository
Did this answer your question?