So I just found out something that was very surprising. The genius bar will wipe a student's computer without an admin password as long as he/she is signed in with iCloud.
I had a computer that had not check in for a while, so I had the student bring it to me. When she came she told me that she had taken it to the Apple store to fix an issue. So I turned it on and noticed that my Admin account was no longer there. I had her log in and saw all of the JAMF profiles were gone and that her account was an Admin account (students are not allowed to be admins). So I took the computer and re-enrolled into the JSS.
I then called our business rep at Apple to find out how this could have happened. He got back to me and said that since she was signed in with her iCloud account that gave her permission to have Apple wipe the computer. I asked the rep why the fact that she did not know the Admin password or the firmware password did not raise any flags, he said that didn't matter since she was logged in with her iCloud account.
I find to this to be a very bad policy and I guess that I will be disabling iCloud on student computers.
