Question

What do schools that use DEP with iPads do, when a user forgets their passcode?

Forum|Forum|10 years ago
May 7, 2015
57 replies
166 views

+12

St0rMl0rD
Valued Contributor

We deploy more than 600 iOS devices and are thinking of switching to DEP for easier distribution. However, during reviewing the DEP and issues that we currently have, we have stumbled upon an issue that we cannot solve and that is crucial if we want to switch to DEP. We have also opened up a bug report with Apple and are following up with them on this as well. I was just wondering if there are any schools that use DEP and have come across this issue, and how they solved it.

So, here it is:

Sometimes, users forget their passcode lock. With JSS, we can push out "Clear Passcode" command, that removes the clear passcode and requires the user to enter a new passcode, as set by our policy. However, if the user restarts the device, the entire device is encrypted along with the keychain, and the device does not connect to any Wi-Fi network, therefore it cannot receive the "Clear Passcode" command. With Apple Configurator, we could connect the locked device to Configurator, remove the MDM profile, and the device would unlock. However, this will be no longer possible with DEP. We have tried the Ethernet connectivity of the iPad and that works for now, but it is not an official way of doing it, and Apple may remove the possibility at any point in the future. The iOS device has to be able to connect to a Wi-Fi network so we can unlock it.

Steps to Reproduce:
1. Supervise an iOS device with Apple Configurator
2. Enroll the iOS device into a MDM
3. Set up passcode on the iOS device
4. Let's say the user of the device forgets the iOS passcode lock
5. Restart the iOS device and remember you don't know the passcode lock anymore
6. On MDM, push out a "Clear Passcode" command to the device
7. Because the device doesn't have Wi-Fi connectivity, the command will never reach the device

Expected Results:
After restarting the iOS device, it automatically connects to known Wi-Fi networks.

Actual Results:
After restarting the iOS device, it does not connect to any of Wi-Fi networks.

Thanks!

Show first post

Forum|pagination.label 3 / 3

+13

Malcolm
Valued Contributor
Forum|Forum|8 years ago
August 8, 2017

This solution works: https://www.howtogeek.com/214259/how-to-reverse-tether-an-iphone-or-ipad-to-your-pc-or-mac/

+13

Malcolm
Valued Contributor
Forum|Forum|8 years ago
August 14, 2017

Correction.... it did work but only for a small few.

rfaruk
New Contributor
Forum|Forum|7 years ago
June 7, 2018

With MacOS High Sierra, if Internet Sharing (or Content Caching with Internet Connection) is enabled on your Mac, all you need to do is connect the iPad to your Mac using Lightning cable and (though it might take some time) eventually your iPad should start communicating with the MDM and receive that Clear Passcode command.

mmichael
New Contributor
Forum|Forum|7 years ago
July 27, 2018

Thank you so much @rfaruk .. this has worked perfectly and resolved the issue :-)

xavier_daleo
New Contributor
Forum|Forum|7 years ago
November 17, 2018

Hello,

I manage about 1400 iPad and it does not work for me.
I have an iPad in iOS 11.4.1 locked without wifi :
- I sent the clear passcode command.
- My mac is in high Sierra, I am connected to the wired network, I have enabled connection sharing and caching.
- When I connect the iPad with the cable lightning to my mac it appears on the iPad "unlock the tablet to use the accessory" and nothing happens on the iPad.
- The commands is already in pending in JAMF Pro
It happens very often that students forget their password and that the tablets are locked.
I strongly wish to maintain the homogeinity of the park in ios 11 and therefore do a DFU.
Did I do something wrong?

I am interested in any idea

Thank you in advance

WhippsT
Contributor
Forum|Forum|7 years ago
November 19, 2018

All of our kids' passcodes are the same as their lunch codes, so we have them on file. If a kid were to change their passcode, and then forget it, they will receive a conduct violation for tampering with their passcode. This is kind of a deterrent to keep the kids from messing with them.

If for some reason a kid does change their code and forgets it, we would do as follows:
1. If it's still on Wi-Fi, clear the passcode by JSS.
2. If it's not on Wi-Fi, connect via Ethernet, then clear passcode by JSS.
3. If Ethernet fails, put iPad into DFU and restore the iPad. (The student will be held responsible for any lost class work)

That's it... the kid will get a working iPad back one way or another. FYI, our 1:1 iPad deployment is only for 5th through 8th grades.

LukeMason
Contributor
Forum|Forum|7 years ago
November 29, 2018

@xavier.daleo The behaviour you're seeing is due to a change in the iPad settings (as of iOS 11.3?).

In order to allow iOS devices to use the USB connection (either with the USB->Ethernet adapter, or I'm assuming also with internet sharing), you need to disable the "USB Restricted Mode" (see attached screenshot).

You can find this in the "Restrictions" payload, at the bottom of the "Functionality" tab.

Forum|pagination.label 3 / 3

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded