We recently deployed a Mac to a remote user. It was purchased via VPP and configured using the JSS and DEP upon initial startup. Very nice system they've put together.
However, the user then managed to install adware and other junk. Since it has only been a few days we thought we would look into the 'nuke and pave' approach.
I don't see a way to get the machine back to new status to remove the malware/adware and allow her to run through the setup process again using the pre-stage enrollment. Remote wipe will totally wipe the drive requiring a manual re-install of the OS.
Is there a way to 'reset' it back to the out of the box state where she could boot up and have the OS/JSS walk her through the same setup/enrollment process as a new machine?
@pjames That is true for the standard setup process. However when you wipe the computer it has nothing on the drive. You have to install MacOS from scratch. That process, installing MacOS, requests an AppleID. Granted this was a test system that was not part of DEP, so maybe a DEP managed computer will behave differently.
She may send the computer back, which would allow us to test a few things out and get it set up. I think we'll be doing that to resolve this and learn a few things in the process.
This is certainly a strong case for not granting admin access!
Hi @DougE ,
If you have the user boot to the Recovery HD, you can select Disk Utility. Once open, select the "Macintosh HD" disk in the left hand column. Make sure that it it is that volume, and not the parent! Click the erase button, and that will wipe just the active volume. Close out of Disk Utility and you can run through the normal installer. Because the computer serial number is still listed in DEP, as long as the computer has an internet connection and can reach your JSS, it should automatically detect and re-add itself into the JSS, just like you did it the first time.
Maybe I'm not understanding the process. I issued the lock command to the computer to establish the 6- digit code then after the command was "pending" at least 7 hours ( I know because that's when I left for the day ) and it finally locked it. At this point I issued the wipe command and again we sat there at "pending" for quite some time before I gave up and rebooted. after coming up to the lock screen, entering the code and having the computer reboot a couple of times it finally booted to the recovery partition. It's not clear to me how long that would have taken if I had not intervened or if at any point the drive would be wiped without me initiating it from the recovery partition.