Find My Mac Hell On Multiple Computers

TomDay
Release Candidate Programs Tester

Before we were able to roll out a profile that prevents students from turning on "Find My Mac", it looks like we have some students that turned this on. I have 2 computers from students who recently left the school and I can't erase the hard drive. I tried from recovery mode and entered the bypass code stored in Jamf, doesn't work. Also tried to send a command from the Jamf pro server but get an error. Will attach the error messages if anyone can advise?

 

hamraty.jpgsend.png

1 ACCEPTED SOLUTION

TomDay
Release Candidate Programs Tester

A lot learned here in the last 24 hours on this topic, thx to all that joined in. I'll share my notes below, hopefully this can save someone time in the future.

 

As per an Apple Support supervisor, there are 2 levels of activation lock, the Apple server side and locally on the Mac. If Find My Mac is enabled, for various reasons it may never make it to the Apple servers. So if you request the owner of the Apple ID remove the device from their list of devices and they do so, yet the device still has activation lock set on it, it's time to focus on the device itself. Most times reaching out to the owner of the Apple ID is a waste of time and I recommend using the guideline below immediately:

  1. Reset the NVRAM.

  2. If resetting the NVRAM doesn't work:

  • Boot into Internet Recovery > Click Utilities on the menu bar > Click Terminal > type resetpassword and press RETURN > Select the password reset window > Click Recovery Assistant on the menu bar > Click Erase Mac.

  • Wait for the computer to reboot (may take up to 5 mins) and then boot into Internet Recovery again > Disk Utility > Erase internal SSD > Reinstall Mac OS.

  1. If all else fails, call Apple Enterprise 866.752.7753 and select option 1. Do not chat GSX help! They have a support Team there is dedicated to activation unlock requests. be prepared with the serial number and have a screenshot of this device from Apple School Manager and/or Jamf just in case.

 

View solution in original post

7 REPLIES 7

bwoods
Contributor III

@TomDay  Apple can unlock these devices for you as long as you have proof of purchase from your vendor. Get the purchase order from your vendor then reach out to Apple Enterprise Support.

roman_sammartin
New Contributor II

Hey Tom,

 

 

Tough position to be in, but the only way to remove activation lock from any device is to prove to Apple that you/your company has purchased the device. You'll need to go to the Genius Bar with a receipt or some proof of purchase with the Serial Number or Apple will not unlock the device--no exceptions. Since you're doing this for an organization and not a personal device, your name probably isn't on the receipt. In that case you'll need to show some form of employee ID or a way to prove you work for your school. 

The key thing here is that Apple needs proof you are legitimately trying to unlock a device and it wasn't stolen.

mainelysteve
Valued Contributor

As long as the devices were purchased from Apple(the ecommerce store or from an account manager) and they're in ASM Apple already has the proof of purchase and won't ask for it or anything else. 

TomDay
Release Candidate Programs Tester

Thx I was hoping I wouldn't have to call or chat with GSX support. I'll do that today as these are in ASM of course, will update the thread with success hopefully later today.

MikeF
Contributor II

It's not hard to contact Apple about this. They set up a site for you to send in your documentation and then will unlock. It does some times takes a few days after submitting documents. but they will unlock. Just call in to Enterprise Support. They have a que for these issues and are pretty quick.

 

 

TomDay
Release Candidate Programs Tester

A lot learned here in the last 24 hours on this topic, thx to all that joined in. I'll share my notes below, hopefully this can save someone time in the future.

 

As per an Apple Support supervisor, there are 2 levels of activation lock, the Apple server side and locally on the Mac. If Find My Mac is enabled, for various reasons it may never make it to the Apple servers. So if you request the owner of the Apple ID remove the device from their list of devices and they do so, yet the device still has activation lock set on it, it's time to focus on the device itself. Most times reaching out to the owner of the Apple ID is a waste of time and I recommend using the guideline below immediately:

  1. Reset the NVRAM.

  2. If resetting the NVRAM doesn't work:

  • Boot into Internet Recovery > Click Utilities on the menu bar > Click Terminal > type resetpassword and press RETURN > Select the password reset window > Click Recovery Assistant on the menu bar > Click Erase Mac.

  • Wait for the computer to reboot (may take up to 5 mins) and then boot into Internet Recovery again > Disk Utility > Erase internal SSD > Reinstall Mac OS.

  1. If all else fails, call Apple Enterprise 866.752.7753 and select option 1. Do not chat GSX help! They have a support Team there is dedicated to activation unlock requests. be prepared with the serial number and have a screenshot of this device from Apple School Manager and/or Jamf just in case.

 

View solution in original post

PaulHazelden
Contributor III

I prevent them from signing in to Apple IDs in the first place...

defaults write /Library/Preferences/com.apple.systempreferences.plist DisabledPreferencePanes -array-add "com.apple.preferences.AppleIDPrefPane"

This kills the Apple ID sign in pane, and they then cant add the device to their Find My. Had way too many problems with this in the past, so now they are locked out.