Reset account options

ThottaMLA
New Contributor

Hi All

My first post, please excuse my knoweldge in Jamf, hardly been playing with it for a month.

Ive started supporting an existing Jamf implementation and have a couple of requests to reset passwords on Macs where users have left the Org. I thought it would be just the matter of creating new local admininstrator account policy or even issueing a wipe command so device can reset and start again. Unfortunately its on login screen and doesnt have a wifi connection option (which I understand is due to FV2 being enabled??)

The end user told me that he tried to reset the device and it keeps asking for a recovery key.

I have since enabled the "startup scripts" option so policies can be triggered on System Startup but sounds like it only applies once the policy refreshes, ie, after logging in with any account.

My questions

1) How do I reset a Mac that is stuck in this situation, can I use any capabilities Jamf has?

2) How do I obtain the recovery key the user is referring to?

3) Are there any such "must have" configurations that I should implement so there is a way to recover Macs stuck in this situation (ie enable hidden admin account, enable startup policy options etc)

New to the community, any help would be much appreciated :).

1 ACCEPTED SOLUTION

PaulHazelden
Valued Contributor

I would recomend setting up an admin account, and then use that to log in as the first ever account to log in. That way you get control of the secure token, and can delete any other accounts on the device. Jamf can set them up for you and it can set them to hidden.
If you are wiping it, in recovery mode, in Big Sur and Monterey, there is a new option in the menus. Recovery Assistant > Erase Mac, it is a full wipe, the standard wipe can leave some legacy account information behind - intentional by Apple - stuff like Apple ID info.

View solution in original post

2 REPLIES 2

YanW
Contributor III

If you want to wipe it, go into the Recovery Mode (Command R) when booting up. 

To obtain the recovery key, you should be able to see it in that device's Disk Encryption under Inventory in Jamf. 

PaulHazelden
Valued Contributor

I would recomend setting up an admin account, and then use that to log in as the first ever account to log in. That way you get control of the secure token, and can delete any other accounts on the device. Jamf can set them up for you and it can set them to hidden.
If you are wiping it, in recovery mode, in Big Sur and Monterey, there is a new option in the menus. Recovery Assistant > Erase Mac, it is a full wipe, the standard wipe can leave some legacy account information behind - intentional by Apple - stuff like Apple ID info.