Erase All Content And Settings in Monterey

Brjinx
New Contributor II

Has anyone figured out how to use Erase All Content and Settings for computers running Monterey yet? Did they implement this feature yet? We have been wanting to test this on our computers running the beta, and now that the release is less than a week away and 10.33 just came out, we figured it would be in there, but all I'm seeing is the old Wipe Computer button requiring a six-digit code.

1 ACCEPTED SOLUTION

So I take back what I said, as @IamGroot and @jphillips have pointed out this is available however with some caveats, and within Jamf it's not a new option, it utilizes the Wipe command.

From the Jamf Pro Admin guide:

Note: On computers with macOS 12 or later, macOS does not need to be reinstalled if the following conditions are met:

  • EFI firmware passcode is not set on computers with an Apple T2 Security Chip.

  • Bootstrap Token is escrowed to Jamf Pro on computers with Apple silicon (i.e., M1 chip).

 

I was able to do this with a test T2 MacBook Pro and it was surprisingly quick.

View solution in original post

15 REPLIES 15

MatthewGC
New Contributor III

My preferred method is to package the installer and run the commands to wipe and reinstall the OS. Those commands will continue to work in Monterey. the same as they do in BS. I then make this available in self-service for the machine I want. Machines must be scoped for me to prevent accidents.

"/Applications/Install macOS Big Sur.app/Contents/Resources/startosinstall" --eraseinstall --newvolumename "Macintosh HD" --agreetolicense &

 

jcosper
New Contributor

Goto this site and download the InstallAssistant.pkg for the os.

https://mrmacintosh.com/macos-big-sur-full-installer-database-download-directly-from-apple/

then use this script:

#!/bin/zsh

profiles install -type bootstraptoken -user "$4" -password "$5"

wait

/usr/bin/su -l "$4" -c "echo '$5' | /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/startosinstall --eraseinstall --newvolumename 'Macintosh HD' --nointeraction --agreetolicense --forcequitapps --user '$4' --stdinpass &"

wait
exit 0

The user account must be the id501 user created after JAMF's admin account.

But, you still need to manually advance through the setup screens.  So no true zero touch re-image.

That's the best that we came up with.

Brjinx
New Contributor II

I appreciate the input, but this is a little different. It is actually a feature of Monterey. Shouldn't need to run any custom scripts or download the installer to do it. It basically works like an iPad does, and doesn't need to reinstall the OS, it just clears all the non-standard settings, users, and applications out of the system and it's like you just pulled it from the box. It is much faster than the options you listed, when we manually kick it off on the computer. We just want to be able to do it through Jamf, and thought it would be supported day one.

Monterey will be publicly available on the 25th so I don't think we'll have that option until then unfortunately. They also haven't implemented the ability to add a Mac to ABM via Apple Configurator 2 in the Beta yet either.

So I take back what I said, as @IamGroot and @jphillips have pointed out this is available however with some caveats, and within Jamf it's not a new option, it utilizes the Wipe command.

From the Jamf Pro Admin guide:

Note: On computers with macOS 12 or later, macOS does not need to be reinstalled if the following conditions are met:

  • EFI firmware passcode is not set on computers with an Apple T2 Security Chip.

  • Bootstrap Token is escrowed to Jamf Pro on computers with Apple silicon (i.e., M1 chip).

 

I was able to do this with a test T2 MacBook Pro and it was surprisingly quick.

So do you just do it using the Wipe button under management? We basically want to wipe it, but do not want to touch it afterward to put in a code or anything like that. A touchless factory reset.

Yep, it's as easy as that. Also note, it'll ask you to put in a 6 digit passcode still, but won't be required on the client as long as the above conditions are true (no EFI passcode or Bootstrap token is escrowed). If those conditions aren't met it will continue through with a standard wipe. I found this EA to help identify my M1's that have the Bootstrap token escrowed.

Thanks!

 

IamGroot
New Contributor III

You can accomplish this by performing the below steps:

1. Open System Preferences.

2. Press System Preferences in the menu bar.

3. Press Erase All Content and Settings...

jphillips
Release Candidate Programs Tester

The Erase option has been in the betas for a while, but it will only be visible on M1 Macs.

IamGroot
New Contributor III

I’ve had it available on one of my Intel Macs. I don’t think it’s exclusive to M1.

jphillips
Release Candidate Programs Tester

You're right, I meant to say T2 and M1.

goffja2000
New Contributor

Hi, 

Just checking on this process myself. I am able to send the wipe computer from Jamf and the system does the erase all content correctly (M1 iMac). After that completes it sits at the detect keyboard/mouse screen and then requires me to go through the activation by clicking next on the first screen with language selection. After that it restarts on a 60 second timer and then proceeds to auto advance through the Monterey setup configured with my prestage.

 

Is there a way to automate the activation portion to make it a zero touch setup process?

GabeShack
Valued Contributor III

We are seeing an issue with the "Erase All Content and Settings" only showing on the standard user account which then gives a message saying admin user required.  Then when I log into our local admin user on the M1, it doesnt even show the Erase All Content and settings in the system preference window, and if I bring up the Erase Assistant from /System/Library/CoreServices/ it says "This mac isnt supported".

 

Something about this feature is broken.  WE are using 12.2 and an M1 MacBook Air.

 

The Wipe command from Jamf is working with the dumb "Activating" screen coming up in between which is really not great or helpful for us admins.

Gabe Shackney
Princeton Public Schools

markacorum
New Contributor II

Not sure if this is just my environment but. Is this feature still working for anyone. Since 12.3.1 when I issue the wipe command or erase all content and settings it is also erasing the os and the device need to reload from internet recovery