Help

Not able to get through Firmware Password on a mac

Go to solution
ndjb
New Contributor

Posted on ‎11-02-2023 08:47 AM

We have encountered a situation with a company Mac that a previous user was using, they left the company some time ago. The issue at hand is that the user's Apple ID is still associated with the device. Additionally, it appears that a firmware password has been set on the device, which we do not have access to. This has rendered the Mac unusable.

In my current role at Jamf, I am relatively new, so I appreciate your patience if this is a basic question. Is there a method to discover or reset the firmware password? We do have access to the ex-employee's computer account as a local admin.

Additionally, how can I prevent such situations in the future? Can Jamf store firmware passwords, if yes, how? The Mac model in question is a MacBook Pro (13-inch, 2020, Two Thunderbolt 3 ports) with an Intel i7 processor.

Thank you everyone in advance.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
mschlosser
Contributor II

Posted on ‎11-02-2023 09:03 AM

Two issues at play here, activation lock and the EFI firmware password. In order to avoid issues with activation lock and personal apple IDs; I would recommend enabling 'Prevent user from enabling activation lock' in the prestige that the Macs are assigned too; this will prevent end users from doing this. You may also want to restrict the apple id pref pane.

As far as the other issue is concerned, jamf does have the ability to add or remove an EFI password via a policy, but I think you have ot know what it is to remove it. If you lack the password, I believe the only other option is to contact apple and prove ownership and they will remove the password for you. 

As an aside while modifying your prestige, you may want ot enable the option to lock RecoveryOS; these will provide EFI style passwords for apple silicon macs that are automatically logged in JAMF and automatically removed when the mac is removed from ABM / ASM.

hope that helps.

 

 

 

View solution in original post

5 REPLIES 5

Go to solution
mschlosser
Contributor II

Posted on ‎11-02-2023 09:03 AM

Two issues at play here, activation lock and the EFI firmware password. In order to avoid issues with activation lock and personal apple IDs; I would recommend enabling 'Prevent user from enabling activation lock' in the prestige that the Macs are assigned too; this will prevent end users from doing this. You may also want to restrict the apple id pref pane.

As far as the other issue is concerned, jamf does have the ability to add or remove an EFI password via a policy, but I think you have ot know what it is to remove it. If you lack the password, I believe the only other option is to contact apple and prove ownership and they will remove the password for you. 

As an aside while modifying your prestige, you may want ot enable the option to lock RecoveryOS; these will provide EFI style passwords for apple silicon macs that are automatically logged in JAMF and automatically removed when the mac is removed from ABM / ASM.

hope that helps.

 

 

 

Go to solution
jamf-42
Valued Contributor II
In response to mschlosser

Posted on ‎11-27-2023 10:48 AM

As an aside while modifying your prestige, you may want ot enable the option to lock RecoveryOS

Other than re-enrolling.. is there a way to enable this with the rotating password functionality ?

0 Kudos

Go to solution
SCCM
Contributor III

Posted on ‎11-02-2023 10:14 AM

Contact apple to get it removed. You will need to provide the proof of purchase for the device. This can be done online or via a apple store depending on which country your in.

Go to solution
obi-k
Valued Contributor II

Posted on ‎11-02-2023 10:35 AM

Can confirm that heading to the Apple Store works. Haven't tried Apple Enterprise yet.

Go to solution
ndjb
New Contributor

Posted on ‎11-27-2023 09:20 AM

Thank you everyone! This was really helpful. :)

0 Kudos