Device lock issues

jimmyb
New Contributor

We have a lending program with around 100 Macbooks. We use the "Lock Device" feature to lock down late or lost machines. A few weeks back we had to lock a few machines. They were returned, unlocked, and loaned out a few more times. Yesterday and today we had those same machines lock on their own with the same code used before. 3 of them so far. Has anyone experienced this? How can I stop that from happening? I've checked logs and saw no command to lock the device a second time coming from JAMF. Only 3 people have access to lock devices and none of them sent the second command.

We have these set to "Prevent Users from enabling activation lock" in prestage.

 

 

6 REPLIES 6

obi-k
Valued Contributor II

Curious about this because we use this feature. Are you on 10.44.1 and notice this after?

ichisdeno
New Contributor

I've been trying to clear a recovery lock code on a Mac via API (part of a larger issue we are having with a bunch of m1 MacBook Airs getting recovery locked.) I was hoping to be able to send a command to clear the passcode on them. I've looked at a couple scripts I found on GitHub but wasn't getting anywhere. I've written a script that will find the Management ID of a specific serial number, and sent the command per jamf's documentation here but all I'm getting is a 401 error. I've tried it on a dedicated account as well as one with full admin permissions.

Ultimately my question is, has anyone gotten it to work to send the recovery lock code?

I think since when in recovery lock screen they are in EFI so possible no network connectivity, have you tried to ethernet them?

obi-k
Valued Contributor II

Any luck if you plug it into Apple Configurator? Revive device or something?

jimmyb
New Contributor

To clarify, this is not an activation lock issue it is the "Lock Device" feature from management tab for the device. Just trying to find out why it was re-run on the mac without being sent again. It's caused issues with our students when the device locked for no reason while they were using the laptop. It has not happened since but I really need to know why so I can prevent it from happening again. We need to use this feature to regulate late or missing loaner Macbooks.

jimmyb
New Contributor

It worked fine until we renewed our APNS push cert. Something went wrong and now we have mismatched APNS certs which won't allow the management commands to be sent. Which is very odd because some of the machines we Locked before the renewal locked on their own and the command went through on a few after renewal but it took days.