How can we BLOCK "Erase all content and settings" in Monterey?

cwaldrip
Valued Contributor

For multiple reasons (mostly legal) we do not want users erasing data from their machines. I've looked but don't see anything obvious in Configuration Profiles in Jamf 10.32 so I'm guessing at best there might be a custom MDM config.

2 ACCEPTED SOLUTIONS

CSCC-JS
Contributor II

Profile seems the more full proof way to go.

 

I used restricted software function

Screen Shot 2021-10-26 at 1.28.12 PM.png

 

 

View solution in original post

7 REPLIES 7

cwaldrip
Valued Contributor

Forgot to say this is under Monterey...

cwaldrip
Valued Contributor

Tlehr
New Contributor II

Thanks, I missed this feature. This is really important to restrict.

CSCC-JS
Contributor II

Profile seems the more full proof way to go.

 

I used restricted software function

Screen Shot 2021-10-26 at 1.28.12 PM.png

 

 

fredrik_virding
Contributor

Im finding this a little tricky to apply that solution. 

Am i missing something? Anyone that can help?

The process to block is "Erase Assistant" 

I have a custom Smart Group that is All Computers macOS 12 or greater.

GabeShack
Valued Contributor III

Also be aware non-admins cannot run this command/app (Erase Assistant which is located in /System/Library/CoreServices.)  Not sure if that helps in your situation though.

Gabe Shackney
Princeton Public Schools