Skip to main content
Question

Disable and prevent Activation Lock remote command, How to verify

  • October 13, 2022
  • 5 replies
  • 30 views
BCPeteo
Forum|alt.badge.img+11

We have enrolled a good number of macs without the Prevent user from enabling activation lock setup in our pre-stage.

We will be turning this on in the pre-stage, but for existing Jamf enrolled macs we will be using a mass action: Disable and prevent Activation Lock remote command. Is any way to verily on the mac that the command is working and user is prevent from activation locking the mac? I see in Systems information it a says activation lock is disabled but I want to confirm the user can not enable it by logging into icloud.

    5 replies

    M
    Forum|alt.badge.img+4
    • Macintosh_HD
    • Contributor
    • October 13, 2022

    system_profiler SPHardwareDataType | egrep "Activation Lock Status"

    BCPeteo
    Forum|alt.badge.img+11
    • BCPeteo
    • Author
    • Contributor
    • October 13, 2022

    system_profiler SPHardwareDataType | egrep "Activation Lock Status"


    Thanks that gives me the same status that is system information but it does not verify the user is prevented from enabling

    M
    Forum|alt.badge.img+4
    • Macintosh_HD
    • Contributor
    • October 13, 2022

    Thanks that gives me the same status that is system information but it does not verify the user is prevented from enabling


    Looks like you should be okay as long as it is disabled; If enabled, you can always get the unlock codes from JAMF.
    https://docs.jamf.com/technical-articles/Leveraging_Apples_Activation_Lock_Feature_with_Jamf_Pro.html

    BCPeteo
    Forum|alt.badge.img+11
    • BCPeteo
    • Author
    • Contributor
    • October 13, 2022

    Looks like you should be okay as long as it is disabled; If enabled, you can always get the unlock codes from JAMF.
    https://docs.jamf.com/technical-articles/Leveraging_Apples_Activation_Lock_Feature_with_Jamf_Pro.html


    We need to verity that it is blocking the user from being able to enable it. I would assume there would be some way to tell that it is blocked.

    BCPeteo
    Forum|alt.badge.img+11
    • BCPeteo
    • Author
    • Contributor
    • October 17, 2022

    Some more on this from my testing:

    The remote command Disable and Prevent Activation Lock does not seem disable activation lock on a system that has activation lock already enabled
     
    Can not find a way to see if the user is prevented from enabling activation lock (NOT the activation lock status)
     
    Also I am noticing if the user has activation lock enabled and you send the remote command Disable and Prevent Activation Lock to that system the activation lock bypass code is no longer collected. Not sure if this a bug.
    Terms & ConditionsCookie settingsAccessibility statement