Posted on 09-09-2024 09:42 AM
Hello
First of all, sorry if this is already solved in some other thread. I have not found it.
It turns out that in my son's school they force me to install on his computer the JAMF application to know what he does during school hours. But it so happens that I don't want them to be able to know what my son (or whoever may use the computer) does outside of school hours. I assume that the hours when the application works can be configured in the application. But since they are the ones who install it, and I don't have administrator permissions on it, I can't know if they set it up correctly or not.
What options do you recommend me so that this does not happen? I had thought of creating a virtual machine and have them install the application on that machine. Another option I had considered was to install a second operating system on an external hard drive, and outside school hours boot the computer from it. But maybe I am making my life too complicated and there is a simpler option, such as creating two users, and that the application is only installed to work with one of the two users. But as they haven't installed it yet I don't know if that's possible.
Best regards and thanks
Solved! Go to Solution.
Posted on 09-09-2024 11:34 AM
I usually avoid end user question and issue situations, but I'll make my 2 cents known on this one.
If this is your personal device, remove it from Jamf. Now. Honestly, you will need to reinstall macOS to be sure anything Jamf did to the device is undone, this sucks but there is no way around it.
There are different enrollment states. This device is most likely managed, not supervised. This limits what of the MDM framework will be able to do. For example, they cannot force OS updates, or see what apps are being used using the MDM framework. Jamf will still have root access and can install literally any applications they want including security and monitoring tools. As Jamf has root access, it's not limited to monitoring your sons account, it can see any account on the device and install tools that and see any files on the device. The Supervised vs Managed limitations are far more important on iOS than they are macOS as having root access closes most of the gaps.
As far as options:
They are trying to be cheap and save a buck by monotiling your device rather than furnishing one. This is one of my pet peeves with BYOD.
Posted on 09-09-2024 11:34 AM
I usually avoid end user question and issue situations, but I'll make my 2 cents known on this one.
If this is your personal device, remove it from Jamf. Now. Honestly, you will need to reinstall macOS to be sure anything Jamf did to the device is undone, this sucks but there is no way around it.
There are different enrollment states. This device is most likely managed, not supervised. This limits what of the MDM framework will be able to do. For example, they cannot force OS updates, or see what apps are being used using the MDM framework. Jamf will still have root access and can install literally any applications they want including security and monitoring tools. As Jamf has root access, it's not limited to monitoring your sons account, it can see any account on the device and install tools that and see any files on the device. The Supervised vs Managed limitations are far more important on iOS than they are macOS as having root access closes most of the gaps.
As far as options:
They are trying to be cheap and save a buck by monotiling your device rather than furnishing one. This is one of my pet peeves with BYOD.
Posted on 09-10-2024 01:16 AM
Thank you very much for your response. We have made an appointment at the school and we are going to present our doubts.
Posted on 10-11-2024 07:10 PM
I really wouldnt be to concerned about this. Check the MDM Profil in the system preferences to get a better understanding of settings / restrictions set by the school. If you think any of them are unnecessary or malicious, ask the school about it.
That being said, if you don't trust the school enough to manage your device responsible or if you have reasons to believe that teachers are spying on your child via the MacBook.. then change the school.