Help

Help Me Regain Control...

npynenberg
Contributor

Posted on ‎11-23-2015 07:47 AM

Background:

We were bitten by the 9.73 to 9.8 bug pretty badly, and many of our machines went rogue. We had to reinstall a quickadd package with Apple Remote Desktop and various other methods on nearly 1,000 machines. This was back in September. Almost all of our machines are back under our control again, and we are happily running 9.81

Recently I noticed a machine still on our "9.73" binary list as still not being managed.

After doing some digging, I have come to realize this laptop was last under control of an employee who has left the district.

I can't be sure this individual was asked to turn in their laptop. I'd like to verify that the machine is no longer in our control, and is in fact outside of the district.

This machine is no longer responding to Casper management due to the 9.73 -> 9.8 bug... HOWEVER it has been observed that profiles still seem to push to these rogue machines.

So.. what can I do via profiles that might get it back under my control agaain? (Or at least help me verify that it's no longer in our district).

It has been nearly 2 months since it last checked in to Casper...

Thanks for any ideas!

0 Kudos
1 REPLY 1

jjones
Contributor II

Posted on ‎11-23-2015 10:40 AM

First steps I would do in this case:

  1. Set a firmware password to prevent wipe of hard drive
  2. Set a policy banner to thwart possible selling of such system
  3. Do they have admin rights? If so I would take them away with this below:
#!/bin/sh
#Deletes user from admin group
sudo dscl . -delete /Groups/admin GroupMembership usernamehere
#Lists all users in the group admin
sudo dscl . -read /Groups/admin GroupMembership
exit 0
  1. Do not lock the system unless it's the last resort, once locked most tend to chuck it and you will never see it again.
0 Kudos