MacBook inactive in Jamf and user forgot local administrator password

UlrikS
New Contributor III

One of our users have not use her MacBook in little over three months, and the computer has there for been marked as inactive in Jamf.

The user has forgotten the password she gave the local administrator account that she created when she first set the machine up, and not the computer is stuck at the login screen, with no network access.

I have tried booting into recovery and connecting it to our network, but it is still marked as inactive in Jamf.

Is there any way I can get the computer to talk to Jamf again?

And is there any way we can recover the users account and data?

1 ACCEPTED SOLUTION

UlrikS
New Contributor III

Ok, I solved it.

And it was worryingly easy! I booted the computer into recovery and opened a terminal window. Used the command resetpassword, deactivated the Mac, assigned a new password, and restarted.

Sorry for being so stupid.

View solution in original post

5 REPLIES 5

AJPinto
Honored Contributor II

If the user has not used the device in 3 months I have a pretty strong feeling there is nothing on there she needs. Personally I'd just wipe the device and move on. In my environment we wipe anything offline for 60 days regardless of if the user can log in or not.

 

If you connect the Mac to an ethernet cable, at the login window (not filevault) the Mac should check in with JAMF eventually. However there is no way to really verify the Mac actually has a hot network connection beyond checking to see if its MAC is pulling a DHCP lease. If you dont have a local admin account on that device beyond the users your options are fairly limited. You could try to reset all passwords in recovery.

Tribruin
Valued Contributor II

If you still have the record in Jamf, do you have the File Vault Personal Recover Key? If you can reset the local password, you can boot in to the computer and initiate a check-in. Computer are never marked "inactive" in Jamf. They are either Managed or Unmanaged. Unmanaged is a manual action, so someone would have to have unmanged the computer in Jamf. 

 

If the computer was still in Jamf and managed, logging and forcing a check-in (sudo jamf recon) should work after logging in. 

UlrikS
New Contributor III

The computer is still present in Jamf, but with this notice attached: "Device is inactive! This device did not check in since Thu Aug 4 14:48:16 2022 and therefore is marked as inactive"

I do not have the file vault recovery key, but file vault might not be active on the device - "FileVault Enabled" is marked with an X and not a checkmark.

I wish I could reset the local password, since that would solve the problem for both me and the user of the device. I just don’t see anywhere to do so.

The device, MacBook Air M1, is visible under devices when the user is logged into her Apple-ID, but there is not option to reset it there. On the logon screen on the computer the option to reset the password using the Apple-ID is missing.

The computer has been connected with a ethernet cable for about an hour now, but has not drawn an IP from our DHCPs.

UlrikS
New Contributor III

Ok, I solved it.

And it was worryingly easy! I booted the computer into recovery and opened a terminal window. Used the command resetpassword, deactivated the Mac, assigned a new password, and restarted.

Sorry for being so stupid.

At this moment I have a user with the same problem. He forgot his password from his local (Filevault enabled) account. Yesterday morning the machine did a check-in. But later that day the machine didn't check-in anymore. The macBook was connected through ethernet. I could ping the machine but it didn't check-in. I wanted to connect with ssh, but....'permission denied'. So I tried though 'management' in Jamf to 'Enable Remote Desktop'. But this command isn't executed on the macBook.
When starting in Recovery mode you have to fill in the password for his account. When entering the password the message is that his account is (temporarily) locked out. The option 'Forgot all passwords?' is missing.
Is there a way to excecute terminal without the need to enter his password?
I'm also curious why this machine won't check-in anymore.

macOS=13.4.1 and the model is MacBookPro18,3(14-inch, 2021)