Remote wipe and start from scratch

DougE
New Contributor III

We recently deployed a Mac to a remote user. It was purchased via VPP and configured using the JSS and DEP upon initial startup. Very nice system they've put together.

However, the user then managed to install adware and other junk. Since it has only been a few days we thought we would look into the 'nuke and pave' approach.

I don't see a way to get the machine back to new status to remove the malware/adware and allow her to run through the setup process again using the pre-stage enrollment. Remote wipe will totally wipe the drive requiring a manual re-install of the OS.

Is there a way to 'reset' it back to the out of the box state where she could boot up and have the OS/JSS walk her through the same setup/enrollment process as a new machine?

7 REPLIES 7

stevewood
Honored Contributor II
Honored Contributor II

@DougE have the user boot to the Recovery partition and then re-install the OS. Or, wipe and re-install. That will put the machine back to factory and when they run through Setup Assistant it will pickup the DEP configuration.

DougE
New Contributor III

One issue with the re-install options is it asks for an Apple ID, which she does not have. Also, wiping the drive renames the partition to "Untitled". Not a big deal, we can change that later, but still one more step to follow up with.

pjames
New Contributor

@DougE I think you can set it up to bypass the Apple ID during setup and then you could send it out later in a config or policy.

DougE
New Contributor III

@pjames That is true for the standard setup process. However when you wipe the computer it has nothing on the drive. You have to install MacOS from scratch. That process, installing MacOS, requests an AppleID. Granted this was a test system that was not part of DEP, so maybe a DEP managed computer will behave differently.

She may send the computer back, which would allow us to test a few things out and get it set up. I think we'll be doing that to resolve this and learn a few things in the process.

This is certainly a strong case for not granting admin access!

pjames
New Contributor

@DougE You are certainly correct and I misunderstood which login point was being talked about.

michael-brodt
New Contributor III

Hi @DougE ,

If you have the user boot to the Recovery HD, you can select Disk Utility. Once open, select the "Macintosh HD" disk in the left hand column. Make sure that it it is that volume, and not the parent! Click the erase button, and that will wipe just the active volume. Close out of Disk Utility and you can run through the normal installer. Because the computer serial number is still listed in DEP, as long as the computer has an internet connection and can reach your JSS, it should automatically detect and re-add itself into the JSS, just like you did it the first time.

Maineboy22
New Contributor

Maybe I'm not understanding the process. I issued the lock command to the computer to establish the 6- digit code then after the command was "pending" at least 7 hours ( I know because that's when I left for the day ) and it finally locked it. At this point I issued the wipe command and again we sat there at "pending" for quite some time before I gave up and rebooted. after coming up to the lock screen, entering the code and having the computer reboot a couple of times it finally booted to the recovery partition. It's not clear to me how long that would have taken if I had not intervened or if at any point the drive would be wiped without me initiating it from the recovery partition.