Help

Remote Jamf wipe without wiping recovery?

vanschip-gerard
Contributor

Posted on ‎09-28-2019 10:34 PM

I started using the remote wipe as our audit team likes a paper trail for wipes but I noticed that using a remote wipe also wipes the recovery partition which means I need to either do a internet recovery or usb recovery. Both much slower than recovery from ssd.

Am I doing something wrong or is this a feature?

Labels:
0 Kudos
3 REPLIES 3

talkingmoose
Moderator
Moderator

Posted on ‎09-30-2019 06:42 AM

I believe you're referring to the Wipe Computer command. Correct?

That's actually an Apple technology (MDM command) built into Jamf Pro and behaves this way by Apple's design.

You could instead use the startosinstall command line utility built into the Install macOS Mojave.app bundle with the --eraseinstall option. It will not only wipe the Mac but also reinstall a fresh macOS.

Reinstall a clean macOS with one button

cwaldrip
Valued Contributor

Posted on ‎09-30-2019 01:28 PM

What @talkingmoose said above. But also, it shouldn't be wiping the Recovery partition. It's been a while, but when I last tested it it leaves the recovery partition, and only the recovery partition. Possibly the recovery partition was already missing before the remote wipe. We used to use it to remotely retire machines up until about a year ago - a manager would tell us when they had machine X in-hand, we'd verify the serial number, and send a remote wipe command with a simple code (000000). They'd leave the machine powered up and on the network and once it rebooted they'd enter the code and it'd restart and bring them to the Recovery partition. They could then give it away, recycle it, trade it for a sheep... whatever.

Now we just have a job in Self Service that if the machine is running 10.13.x or later and formatted as APFS it runs the macOS installer from the command line with --eraseinstall. Ta-dah!

gabester
Contributor III

Posted on ‎02-09-2021 02:39 PM

I now realize this is the expected behavior, as also discussed in this other Remote Wipe thread - but I contend that this is the WRONG behavior as it defeats the whole purpose of adopting the iOS-style disk partitioning in newer macOS versions. Should not a remote wipe leave you with a useable Mac, thus speeding enterprise-supporting Mac technicians ability to redeploy devices? After all, remote wiping an iOS device doesn't render you with an iPhone you have to put into DFU mode and manually push down a new ipsw from a Mac or PC!

While I like the suggestion of deploying and running macOS Installer.app with the --eraseinstall flag, that requires actually deploying the installer to said Mac you want wiped, which is another variable period of time depending on where you're deploying the installer from, the bandwidth of the Mac you want to deploy to, and presumes that you may want to deploy a different version of macOS than is currently running on the target Mac. It also assumes you've got an available internet connection for the installer to phone home to Apple to verify the install's valid and no extra firmware/touchbar/T2 bits are needed - some sites like to run their build networks or inventory rooms isolated from networks to avoid shenanigans.