Jamf Nation Community

rstasel · ‎03-15-2021

So, leaving out Prey, what are people doing for lost hardware. I'm setting up a new jamf site. I've got a DEP MDM set to point to it. I can move machines into it. I'm setting a firmware password, think I'm restricting almost everything, and then thinking of setting a desktop background if they manage to somehow get logged in.

I suppose I could write a script that immediately triggers an MDM to lock the machine, but what else are people doing?

sirsir · ‎03-16-2021

Do you use LDAP? You could require authentication for PreStage MDM enrollment, they wouldn't be able get past the enrollment without it (unless they don't connect to WiFi during setup, not sure if that is still possible?)

rhooper · ‎03-16-2021

We demote them to a standard user, in case they have Admin rights, set EFI, Send an auditory warning every 15 minutes reminding them that the device has been stolen. Under Files and Processes type in your message
osascript -e "set Volume 100"; say -v Samantha -r 200 "This device should has been returned! To avoid further actions, please return it to....
BUT these are Intel Processor Macs and not the new M1 chip.
Sometimes we track them by the IP, theat gives us the lat/long readings and perform a search. Like the one I tracked to a lake in IA on a golf course. Good Luck!

gabe2385 · ‎03-16-2021

We have a prestage called stolen devices that we put in serial numbers that have been reported stolen. The prestage installs a package that will report to Jamf to a stolen group. Once they check in it sends an email to our admins about a stolen device and we either lock it from there or report it to our campus police which they send to investigators. We include the check in ip etc. We have been able to retrieve about 10 laptops within the last 2 years because of this method. Unfortunately they were all resold and the customers would just give it to the police.

rhooper · ‎06-11-2021

@rstasel Well, unfortunately the script apparently stopped working with Big Sur.

pueo · ‎03-02-2022

Hey All

We just had our first Mac stolen a few days ago. The user left it in a Taxi and then it vanished. All our machines are DEP and Filevaulted to the local user with a 12 character password. When the device was stolen we initiated a wipe from Jamf (and iCloud). The device has not checked in yet or has it? Guess if it was wiped I would not know.

If the user were to wipe the device they are prompt with the an Authentication prompt which does a user look up before creating a local account. This would put a stop to the user getting any further.

I'd like to re ask the question @sirsir asked about by passing Authentication if there is no WiFi. Could this happen..and if they can by pass authentication this would also skip DEP Enrolment. Has anyone tested this on Intel and Arm chipsets?

DanWitkowski · ‎05-26-2022

If you disable your network connection during Apple setup, as of a month ago, you will reliably bypass any enrollment check. If you want to come as close as possible to bricking the device you have to hit it with a firmware passcode. Since Apple Silicon does not support firmware passcodes you will have to hope the FileVault key alone can prevent them from wiping it (which afaik there are workarounds).

pueo · ‎05-26-2022

I have given in knowing that a stolen laptop can be used again if the person buy passes the network. Perhaps someday it may re appear in Jamf under our stolen prestage I created.

rhooper · ‎05-26-2022

We use a script that sends out an auditory message and a lock screen script, doctored from MIT, that works well. 3 stolen, two recovered so far.

pueo · ‎05-26-2022

@rhooper This intrigue's me. Are you able to share the script or point me in the right direction. Again, if the person by passes the Remote Management screen the Mac is built with no MDM. Remote anything would not work.

Jamf Nation Community

Handling stolen machines