I know I'm doing things the hard way. When a user gives up their Mac and it is still a viable machine, we would like to be able to use it again. Finding that getting a machine wiped and ready for redeployment to be an excruciating task. This is what we are doing now - and this is only because we obviously don't know any better:Get the Personal Recovery Key from Jamf ProBoot in RecoveryReset the user passwordLog in as the userUpgrade to the latest macOSBoot into internet recoveryWipe the driveInstall from internetThat all takes hours and I am sure there is a better way to do this.Would love to just boot off a USB disk and wipe the machine with the latest macOS supported for the hardware.I feel like that used to be a thing. Now I try and do that and cannot boot from USB, try to enable boot from USB and get Authentication Needed - Enter macOS Password - Recovery is try to change system settings. No administrator was found.As far as I know, there is a local admin set up as part of the policy our Jamf consultant set up. When someone needs something, we use that macadmin user and it works.

Question

Best way to re-use a machine that was enrolled in Jamf? Our way is way too laborious!

Forum|Forum|1 year ago
January 23, 2024
6 replies
63 views

mvalpreda
New Contributor

I know I'm doing things the hard way. When a user gives up their Mac and it is still a viable machine, we would like to be able to use it again. Finding that getting a machine wiped and ready for redeployment to be an excruciating task. This is what we are doing now - and this is only because we obviously don't know any better:

Get the Personal Recovery Key from Jamf Pro
Boot in Recovery
Reset the user password
Log in as the user
Upgrade to the latest macOS
Boot into internet recovery
Wipe the drive
Install from internet

That all takes hours and I am sure there is a better way to do this.

Would love to just boot off a USB disk and wipe the machine with the latest macOS supported for the hardware.I feel like that used to be a thing. Now I try and do that and cannot boot from USB, try to enable boot from USB and get Authentication Needed - Enter macOS Password - Recovery is try to change system settings. No administrator was found.As far as I know, there is a local admin set up as part of the policy our Jamf consultant set up. When someone needs something, we use that macadmin user and it works.

Tonyyoung
Contributor
Forum|Forum|1 year ago
January 23, 2024

I can’t really give step by step specifics as it’ll depend on what you’re allowed to do with your organizational policies.
But my recommendation would be to address your “hand-in” process. If a computer is being handed in, wipe it right then and there before it is put on a shelf and waits for reassignment. If you’re using internet recovery it sounds like you’re still using Intel-based Macs? Either way, use the “erase all content and settings” feature available in modern versions of macOS, or send MDM commands to erase the system. Get it to a fresh OS, then power down so that when it comes down to rebuild for the next employee; it’s a far more efficient process and you don’t have the security issue of having to manually reset the former user’s password and have access to all the data that had yet to be erased.

mvalpreda
Author
New Contributor
Forum|Forum|1 year ago
January 23, 2024

Yes, still have some 2020 Intel iMacs. The majority are M1/M2 MacBook Pros. Not sure what is done with the Apple silicon machines, but will check with the team. I should just need to go to Jamf and wipe with the Apple silicon machines?

Found that transfer/erase settings are in something newer than macOS 12.

+21

jcarr
Valued Contributor
Forum|Forum|1 year ago
January 23, 2024

Found that transfer/erase settings are in something newer than macOS 12.

Erase All Content and Settings should be available on any device with T2 or Apple Silicon as long as it is on macOS Monterey or newer. If you're not seeing it on your devices with macOS 12 now, perhaps there is a .x update available (12.7.3 is the most recent release).

MrRoboto
Valued Contributor
Forum|Forum|1 year ago
January 23, 2024

For 1:1 computers with FV enabled and no IT-admin account present:

Intel Macs (all years)

- Boot to recovery, choose Erase Mac option

- Boot to internet recovery

- Connect MDS and run workflow to erase & install macOS

Apple Silicon Macs

- Boot to DFU mode

- Use AC2 to restore latest macOS from IPSW file

For all computers when the user hands in their old Mac:

- Ask user to login and run Erase All Content and Settings

afnpw
Contributor
Forum|Forum|1 year ago
January 23, 2024

Found that transfer/erase settings are in something newer than macOS 12.

I always prefer to wipe an Apple Silicon machine through "Erase all contents in settings" with the computer in hand. Yes, you can wipe the device in Jamf, but knowing the computer is in hand is more reliable than using a remote command.

For Intel macs, I would create a bootable installer with the latest OS installer. Instructions for that can be found here: https://support.apple.com/en-us/101578

The bootable installer method will cut your down the time needed for upgrading the OS, boot to internet recovery, and to install from internet. I

Macweazle
Contributor
Forum|Forum|1 year ago
January 31, 2024

For Apple Silicon devices - go with Apple Configurator and get the latest macOS IPSW you want. Takes about 12-15 Minutes.

You could also deploy a policy allowing the user to wipe the machine before they hand it in, not all will do it as experience tells but every one you don't have to touch seems like a win.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded