Jamf Nation Community

WilliamDunn · 2 weeks ago

We've noticed that since upgrading to Sonoma we are unable to push commands to laptop that is not logged in. If it is still on the log in window (Displaying list of users) we are not able to push Lock or Wipe Commands, they stay on pending. This is happening even if we plug a network cable in.

sdagley · 2 weeks ago

No, it should never have worked. Note that if a user logged in to a Mac to unlock FileVault, and then logged out that would allow you access until it was restarted.

View solution in original post

sdagley · 2 weeks ago

@WilliamDunn Did you enable FIleVault? That is the normal behavior with FileVault activated as the Jamf agent won't be loaded until after a user logs in.

WilliamDunn · 2 weeks ago

We do have FileVault Activated. Is this a change from Ventura as we were still able to push Wipe and Lock commands before when a user wasn't logged in.

sdagley · 2 weeks ago

No, it should never have worked. Note that if a user logged in to a Mac to unlock FileVault, and then logged out that would allow you access until it was restarted.

WilliamDunn · 2 weeks ago

@sdagley so if no user is logged in then FileVault is protecting the data and as soon as someone logs in that is when Jamf kicks in to wipe/lock the device. Is that correct

sdagley · 2 weeks ago

Yes, if there is a pending Lock or Wipe command then it will be processed when user logs in. Note that you would not want to issue both because if you do and the Lock is issued first then the Mac will not process the Wipe (although it should if it is ever unlocked).

Jamf Nation Community

Unable to communicate with a laptop on login screen