Help

Jamf lock but still in ABM

hodoknaru
New Contributor

Posted on ‎12-19-2023 10:10 PM

I think I know the answer already but wanted to give it a shot here. I have a machine purchased in June 2023 from a employee that departed the company in November. On the last day part of the procedure is an IT team member will Jamf lock the device note the code and then get the machine back from the former employee.
Seems after the machine was returned a team member thought they already unlocked it and completed a wipe and then deleted the machine record from Jamf. Well now its on a Jamf lock screen and the 6 digit code isnt working or the person wrote it down wrong. It is still in ABM but I am not sure how to unlock it since its out of Jamf, even if it were still in Jamf idk how one would unlock it without the 6 digit code. I tried DFU revive but that didnt go anywhere.
Wondering if anyone has any thoughts or just release it out of MDM and e-waste?

0 Kudos
Reply
3 REPLIES 3

Nicholaus
Contributor

Posted on ‎12-19-2023 11:10 PM

I'm not sure what the options are for recovery at this point. I would suggest reaching out to Jamf support.

As a side note, why is the machine record being deleted? I can't actually think of a circumstance where that would be necessary. It just serves to cause issues like the one you're having now.

0 Kudos
Reply

danlaw777
Contributor III
In response to Nicholaus

Posted on ‎12-21-2023 04:46 AM

we delete our records every time an employee leaves. the device is taken in by our service desk, held for the needed time (healthcare) and then wiped and stored for the next user. once a device is needed, the mac is built using pre stage enrollment for the new user and away it goes. 

 

Let me throw it back at you, why WOULDNT you wipe and start over for a new user? :)

 

0 Kudos
Reply

Nicholaus
Contributor
In response to danlaw777

Posted on ‎12-21-2023 10:34 AM

Wiping the device and deleting the inventory record are different things. Deleting the inventory record, opening the device record in Jamf Pro and clicking the delete button, leads to issues like what the original poster is describing. In their case, they can't access management history to get unlock codes for a device once the inventory record is deleted. If the device were simply wiped, the code would still be recoverable.

If you're wanting no information to carry over between users when wiped without having this problem, you can adjust what is deleted/kept in the Jamf Pro settings under Global > Re-enrollment. You can check all the boxes and set the last option to "Clear pending and failed commands". That way you can still see the history/results of commands that were successfully pushed to the device, like device lock codes, without seeing anything else.

0 Kudos
Reply