I am the JAMF admin for my employer. When a Mac needs to be remotely wiped, marked as stolen, prompted to be updated etc such request come through me.

I found a Mac a few months ago, that had been inactive for several months, had a name that differs from the convention set by the enrollment profile etc. No record could be found of it in the hardware database that we use for just about everything else in the company. Usually such devices are regarded as stolen/lost in transit etc. I was never informed that a device belonging to someone external to the company had a mac added to JAMF.

I sent the command to LOCK it with a message to state my name and email address with a request to contact me to verify ownership. An external business partner contacted me yesterday looking for the unlock code. I had no reason to doubt he was indeed genuine. I shared with him what could only have been one or other of the two unlock 6 digit lock codes.

He attempted them, but now he appears to be locked out of the Mac for what could several years. See screenshot below.

This is surely a bug?? He claims that the keyboard is not working, but I doubt this

A messy situation to be in! It is going to involve working with another department in the large company I work for. Researching this, this can only be fixed by going to Apple with proof of purchase, ID etc? It also involves going to a Genius Bar? Based on his addres, this could be problematic.

Would removing the Mac's serial number from Apple Business manager, and then removing it from JAMF be a solution? Would that be done via a wipe or by 'Removing MDM Profile'. When the user restarts the Mac would the problem be fixed. Or would an erase and install be required.

I am anxious about testing this in the IT office with an otherwise functional Mac.

Thanks guys!

WL