iPads Disabled, can't take remote commands from Jamf cloud?

Christopher_Baw
New Contributor

We're using Jamf to manage our iPads. The most common problem is that user forgets ipad passcode > disables the iPad

I originally thought that the management command could do the trick for the user remotely as long as they've connected to their WiFi before, but this doesn't seem to be the case.

Am I missing something critical? Or do the iPads and possibly other devices, do not connect to WiFi or allow network connectivity until the passcode is put in?

If so, how do I clear a passcode for users who forget theirs without having to use apple configurator 2 to back up, wipe and restore?

To try to clear things up this is the break down.
User doesn't use iPad for x amount of time.
User forgets passcode and disables iPad (up to 1hr)
I try to run the command to remove the passcode and restart the device. Nothing happens.
Wait the hour until the user can try their passcode again, instead of trying passcode I attempt remote management commands from jamf, nothing happens.

  • User has to bring in the iPad on-site.
  • I upload a profile that configures the ipad to use our network, so it has a reachable WiFi connection.
  • Send commands, nothing happens.
  • Back up / reset the iPad

Now with a working iPad I can see that if I send the commands and I put in the correct passcode, the device is restarted. But it doesn't help for when I have a device in the mountains 5 hours away and the user bricked it.

How can I clear the passcode, or use any management command from Jamf if the device is disabled? And has a working WiFi configured on it already.

3 REPLIES 3

roman_sammartin
New Contributor II

This is a tough position to be in. I don't think what you're wanting to do is possible. The device won't talk over to wifi until it's logged in, or at least logged in recently enough for push notifications.

The other aspect is just overall device security. There's no getting into a device without a passcode, unless you're Apple.

The best path forward may just be to store user passwords in a secure database and just remind end users their password over the phone when they forget.

talkingmoose
Honored Contributor II

Definitely agree with @roman.sammartino!

Definitely note that an iPad that's disabled won't receive any commands (or won't act on those commands).

Also, it's not a matter of timing, but rather "Has the student restarted the iPad as part of troubleshooting?" This is commonplace for the average end user, but once restarted, Wi-Fi won't connect until the correct passcode is entered.

You're going to have to educate your end users:

  1. Use a passcode you won't forget. Many schools suggest using something like a student lunch PIN or other number the student isn't likely to forget.
  2. After five or so failed passcode attempts, STOP! Contact support to remotely unlock the device.
  3. Don't restart the iPad if your passcode isn't working or the device is disabled. Wait until the device is is accessible and then contact support.

And don't put it past your students to be disabling their devices on purpose. It's a great way to avoid doing schoolwork or might be used as an excuse to delay handing in homework electronically.

For anyone on premises, you can look into providing your techs with adapters they can connect to locked devices to wired Ethernet. This connection bypasses wi-fi and allows your device to receive management commands. There a multiple solutions you can find. I like this one because it's all in one piece.
cd723f15d8f647c88daf43664718b651

Consider putting one of these devices in each library and leave it permanently connected. If students need their passcodes removed, your Help Desk can send the management command and then the student can plug in the device without involving a technician.

Talking moose is correct however you need to make sure you have the USB Restriction disabled and pushed out to your supervised devices or it will not work.