Jamf Nation Community

As mm2270 said restore the database and you can see the passcode after that.

You can see the passcode by going into;
Computer Details > Management History > Passcode is recorded in Locked Device command log

e.g.
external image link

You can also do a pram reset 3 times in order to clear the lock code. Make sure you remove the Firmware password if you have one first.

@jdziat][/url - are you certain about that? The MDM lock process boots the Mac up into a Recovery HD like state, not into the OS. I don't see how zapping PRAM would get around that. If it does, that would be a gigantic security flaw that Apple would have to fix pronto.
Also, as you mentioned, with a Firmware password set, zapping PRAM is impossible, and since you can't boot to anything to remove that firmware password…. not seeing how that could work.

@jdziat - Sadly no that doesnt work. It immediately boots to the lock screen, and doesn't present the ability to reset the PRAM. As @mm270 mentioned that would be a massive security hole.

@mwalter @mm2270
Although it boots to the OS recovery it still allows you to boot to another drive. So if you hold alt/option while it starts and select another drive you can clear the password allowing you to reset pram. It is not a security flaw unless the world knows your firmware password. If you don't believe me jump on GSX and ask one of their agents.

@jdziat I just tested it. I cannot get it to go anywhere other than the lock screen. No option for recovery partition, nada. Go ahead and lock one of your machines, reboot, and try. If it works, please post a video, I'd love to see what I'm doing wrong.

If its true its still a massive security hole because firmware passwords don't ship as set with the OS. You need to set them and many environments don't set them, for good reason. This would mean that the mechanism Apple has in place to lock a lost Mac could very easily be circumvented by someone who stole it or found it if they have a bootable OS X partition. How exactly is this not a gigantic security hole?? The OS should not allow booting to any alternate drive or OS when a lock command has been sent to it. That's the whole point!

@mwalter We have mid 2011 MacBook Airs and I can verify that it works. I am not going to waste any more of my time creating a video.

@mm2270 Only if you don't set the firmware password.

Guys/Girls, I'm just offering an alternative method. If you are unable to do it I would recommend contacting apple support so they can walk you through it.

/url">@Kumarasinghe][/url I've restored my database and can see the device. The policy has only been queued, but not executed. Problem being, the info button is missing- I'm on version 9.21- are you on v8 by chance? Or am I just not looking in the right place[external image link

Ok, 1st, have you tried connecting the macbook air to ethernet and when powering on hold down Command R? This should allow you to see the utility menu like when a normal OSX is booted into using the Option command but the distinct difference here is use the drop-down under Utilities at the top, you should see firmware password reset.
There are only 2 proper ways to do a firmware reset according to Apple.
1. Perform Internet recovery by booting using Command R, then reset password....wipes everything
2. If you are an Apple Certified Technician(many of us are), log into GSX and handle the firmware reset there.

I am curious if either of these options offer resolve for you....especially if you have the machine in front of you for a hands-on experience...most of the time sadly....i don't.

@mwalter][/url
I don't know how to find it via the GUI of v9. I remember of putting a request to bring it back when they did beta testing.

You can find out the passcode by connecting to the database manually
1) write down "JSS Computer ID" of the computer (In your Computer inventory > General Tab)
2) Download Sequel Pro or MySQL Workbench and connect to the database
3) Look for the table called "mobile_device_management_commands" in your JSS database
4) Find the matching entry for your specific "JSS Computer ID"
5) You can see the code you are looking for in "passcode" field.

Thanks

Did the same thing to a laptop via Casper a few months ago and the only solution available was to bring to Apple Store, provide them with the machine's 33 digit hash, generate the correct keycode, and reset the EFI passcode. The invaluable Topher over at CNET has the process pretty well documented:

http://reviews.cnet.com/8301-13727_7-57542601-263/efi-firmware-protection-locks-down-newer-macs

What jdziat is saying is correct for the older models maybe 2010 and under? Apparently a change was made to newer machines where once its locked its locked and Apple is the only way. I'll test this out tomorrow.