Hi there. My school has a pool of 40 2017 MacBook Airs running Mojave that the kids use. They are not assigned 1 to 1, rather they are in a couple of carts and the kids pull from the pool randomly.
One or more of our kids are quite savvy and have figured out how to boot into Recovery Mode and change passwords, and wreak other havoks.
What is the recommended method for preventing students from entering recovery mode, single user mode, booting to installer thumb drives, etc.?
Solved! Go to Solution.
For intel Macs you can put an EFI password on the device which will lock recovery behind a password. This wont work on Apple Silicon Macs, and the function that locks that out on Apple Silicon is broke in JAMF right now.
Apple Recovery mode is a default set of tools in your macOS created to offer you safe Mac boot options to recover your Mac from software issues. First introduced in 2011 with the release of Mac OS X Lion, the ability to boot Mac in Recovery mode greatly simplified macOS reinstallation while giving users more control.
MacBook Recovery mode also makes using your Mac more secure. For example, if your Mac has a T2 security chip and you want to use macOS from an external drive, then your only option is to boot into Recovery Mac mode.