Disable and prevent Activation Lock remote command, How to verify

We have enrolled a good number of macs without the Prevent user from enabling activation lock setup in our pre-stage.

We will be turning this on in the pre-stage, but for existing Jamf enrolled macs we will be using a mass action: Disable and prevent Activation Lock remote command. Is any way to verily on the mac that the command is working and user is prevent from activation locking the mac? I see in Systems information it a says activation lock is disabled but I want to confirm the user can not enable it by logging into icloud.

Page 1 / 1

system_profiler SPHardwareDataType | egrep "Activation Lock Status"

Thanks that gives me the same status that is system information but it does not verify the user is prevented from enabling

Looks like you should be okay as long as it is disabled; If enabled, you can always get the unlock codes from JAMF.
https://docs.jamf.com/technical-articles/Leveraging_Apples_Activation_Lock_Feature_with_Jamf_Pro.html

We need to verity that it is blocking the user from being able to enable it. I would assume there would be some way to tell that it is blocked.

Some more on this from my testing:

The remote command Disable and Prevent Activation Lock does not seem disable activation lock on a system that has activation lock already enabled

Can not find a way to see if the user is prevented from enabling activation lock (NOT the activation lock status)

Also I am noticing if the user has activation lock enabled and you send the remote command Disable and Prevent Activation Lock to that system the activation lock bypass code is no longer collected. Not sure if this a bug.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded