- Jamf Nation Community
- Products
- Jamf Pro
- Re: Wipe and Re-Enroll into Jamf (NOT Dep)
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Wipe and Re-Enroll into Jamf (NOT Dep)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2021 05:14 AM
Can anyone share what is the best practise with remote wiping Macs that are NOT on pre-stage enrollment because they were not bought through Apple directly?
I fear that by wiping them you are removing Jamf from them as well, so when they are rebuilt they are 'off the grid'm so to speak, so you can't re-install Jamf and associated policies/configs.
thanks
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2021 05:48 AM
can I just ask why you want to wipe/reimage macs. We have stopped doing this since Mojave.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2021 07:00 AM
This what we do when someone leaves our organisation, especially when they are remote and unable to return the machine to us in a timely fashion.
What do you do when you have a leaver?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2021 07:06 AM
all our macs are within our campus. we only need to delete the user account for staff if they leave the organisation.
we then simple create another account for new user.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-08-2021 08:39 AM
In my experience, if the Mac is not in automated enrollment, then erasing it should be the last thing you would want to do. By erasing it entirely, you are effectively breaking the link between that Mac and Jamf. Without automated enrollment, the Mac has no way to automatically reconnect with your Jamf instance when it is set back up.
Were I in this situation, I would look at remote locking the Mac instead of erasing it. This would allow you to secure the data on the Mac while also preventing further use, all while maintaining MDM authority over it. Once it returns to your central location, you can unlock it and restore it from there.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2021 12:55 AM
I don't get the rebuilt part of your question. Once you wipe for removal, why would you install Jamf and other software? Surely if you are gifting or selling the machine you aren't giving them software as well. I suppose you could install the unlicensed office 365.
I would have someone wipe it and install the latest OS and be done with it. You can remove the machine then from Jamf to save a license. The user can then have pretty much a clean machine (minus numbers, pages and keynote)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2021 08:36 AM
Security reasons. Let's say a user leaves a company without returning an asset; you want to be able to both destroy the data remotely and also maintain control over the asset itself after the data has been purged. In most situations, this is where DEP would be the ideal solution, since it would allow you to erase the machine remotely and still have it bound to your organization.
