Posted on 10-28-2022 11:50 AM
I'm not sure if this is even possible but is there a way to lock a computer in JAMF with a timer? Say we give a user a new mac to replace their old one but they want 2-3 weeks to transfer their data. Instead of putting it on my calendar or remembering to lock that mac when time is up, is there a policy that we can set to automatically lock that mac with either a specific lock number or random lock number that can be shown in JAMF? This would be a pretty good feature to have in JAMF.
Posted on 10-28-2022 12:00 PM
You can set a policy to run on after a specific date & time using the "Activation Date/Time" and/or before an "Expiration Date/Time" (if you only want to run the policy within a certain window). It's kinda heavy handed, but you could set up a policy to do a clean install on the system(s) on a date at some point in the future. It's a good idea to communicate this to the user however, for obvious reasons.
Posted on 10-28-2022 12:21 PM
I'm just thinking of a way for our remote users and even our other office users to return our laptops back to us in a timely fashion. If we lock it and they can't do anything with it, then they pretty much have no choice but to use the new machine we sent them and return the old ones. We have had people in the past wipe their machines on their own and let their kids use their old ones (pre JAMF) and not return the old ones. Figured this would be a good wake up call for them. I don't want to do a clean install outside our office. Always open for suggestions.
Posted on 10-28-2022 01:09 PM
I respect the sentiment but I don't think you are going the right way about it. Automating any device locking or wiping is extremely risky. This could be automated with JAMF API if you really wanted to do it, though I am not sure about the pin part.
I spent 5 years in field services. Locking a device probably wont do anything. Users will just toss them in a drawer and move on. As an admin, policy and standards are king. Make sure you have policies and standards in place. Then just turn noncompliance users in to the governing body of the policies they are violating. Security would probably love to hear about rogue devices, and accounting would like to hear about depreciating assets sitting on the books. We as admins manage devices, let the correct groups worry about their parts.
Posted on 10-28-2022 01:18 PM
Thanks, i have been known to overthink things and this may just be the case. I keep forgetting that we do have the security and accounting team who love doing things like this ;)
Posted on 10-28-2022 01:26 PM
The best of us over think things. Sometimes the most important thing we do in a day is ask the opinions of others.