Jamf Nation Community

Scott99 · a week ago

I have a "few" laptops that users have "forgotten" to return when they have left the company. What is the best way to disable the user from Logging in to the laptop using Jamf. I would like to just disable all non admin logins MAybe popup a banner saying Please return to xxxx.. I know I can wipe it if needed.

Thanks

S

Shyamsundar · a week ago

you can lock the Mac Device from JAMF and provide a message to be displayed. Navigate to the device to be locked from the Management tab Select Lock computer and provide the passcode and the message to be displayed.

wakco · a week ago

The simplest (short of locking the computer) will be a policy configured to trigger on login, scoped to a static group (where you identify these Macs), that uses jamfHelper to throw up something that would take over the screen(s). There are other options to jamfHelper, swiftDialog is one.

To make the login trigger more reliable, you could install outset (also on GitHub) and trigger jamfHelper, swiftDialog, or other tool, from a script within outset's login-every folder.

AJPinto · a week ago

As @Shyamsundar said, deploy a remote lock command or better yet a remote wipe command. If the device ever comes online, it will be locked or wiped within a few seconds. I prefer wipe as we have authentication required to enroll devices, and the users AD account would be long disabled leaving the device a DEP brick. (Assuming you are open internet or cloud based)

One thing to be aware of, keeping a device in Jamf for this purpose does burn a license. I suggest getting your security folks involved, and possibly even issuing warrants if former employees refuse to return devices and their managers refuse or are unable to collect devices.

Scott99 · Thursday

How do I deploy that lock command to a static group of computers? I do not see that option under policies.

Thanks

Jamf Nation Community

Disable login for end users?