- Jamf Nation Community
- Products
- Jamf Pro
- Seeking Advice: Efficient Reset Process for Mac Lo...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-09-2024 08:52 AM
Hello Everyone,
We’re expanding our student loaner program to include Mac laptops. Each semester, students will check out these laptops for their coursework, and at the end of the term, the devices are returned to be reset and reissued.
Here are the key issues we’re facing:
Active Directory Binding: All devices must be bound to AD, and there’s no workaround at the moment. We’re looking into Jamf Connect or an alternative, but those options won’t be ready in the near future.
Data Removal: We need a reliable way to remove user data at the end of each loan period.
External Resetting: The entity handling the checkout process (not internal IT) will need to complete the reset. This means the "Wipe" command isn't viable since we can't ensure consistent internet access or the ability to follow a complex process.
We currently have a Self Service item that successfully removes user profiles. It works great for us. However, the biggest challenge is managing applications. We need to find a way to remove all "non-standard" applications.
- We will deploy a specific set of default apps to all loaners.
- Any apps outside of this list, or not native to macOS, should be removed.
- Currently, we’re considering redistributing devices with leftover applications from previous users, but we’re not keen on this approach.
Our users have access to a "Make Me An Admin" item in Self Service, allowing them to install apps. This feature is non-negotiable and has been approved by InfoSec. We already use this setup for our Windows loaners and have a strong security framework in place.
Has anyone here managed a similar loaner program or encountered challenges with removing non-standard apps from loaner devices?
Any advice or best practices would be appreciated
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-09-2024 12:24 PM
- Without consistent internet access, there are no solutions for you. To install macOS Period, even manually, you need internet access.
- With internet access:
- Jamf can issue the Erase All Contents and Settings Command. This can be called with API from Jamf Self Service.
- An Admin user can use Erase All Contents and Settings in system settings.
- Recovery can be used to reinstall macOS.
It seems that requiring internet access should be a simple thing to put in a contract/policies/etc. for your 3rd party solution that is issuing these devices.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-09-2024 12:24 PM
- Without consistent internet access, there are no solutions for you. To install macOS Period, even manually, you need internet access.
- With internet access:
- Jamf can issue the Erase All Contents and Settings Command. This can be called with API from Jamf Self Service.
- An Admin user can use Erase All Contents and Settings in system settings.
- Recovery can be used to reinstall macOS.
It seems that requiring internet access should be a simple thing to put in a contract/policies/etc. for your 3rd party solution that is issuing these devices.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-12-2024 09:36 AM
I was afraid of that; we'll continue to work with our partners to figure out a solution.
Thank you for replying!
