We are looking to develop a process to brick/disable a mac os x. I have stumbled upon the following article that removes users/user data which is essentially what we need.
I am a Windows guy, would anyone happen to know how to BigFix this, or have something developed that would essentially do the same ?
Thanks in advance.
If you want to wipe a Mac, the best option might be to enroll it in MDM with BigFix if not already enrolled in MDM, then send it a wipe command with MDM.
I believe that using MDM actually does the wipe through the hardware/firmware and sends confirmation that it is wiped/being wiped.
Another option would be to remotely enable FileVault if it is not already enabled, then do something to prevent logins, like setting all of the user passwords to something very complicated and random.
Another option would be to just run commands that delete files. This is not as good as the other options in terms of completeness and lack of recoverability.
With BigFix it’s important to remember that, if you can do it in a command line script, BigFix can execute it. It’s just a matter of knowing the commands you need for the task at hand.
However, as James indicates, doing something on OS X is more of an OS X issue and less a BigFix issue. Just like Windows there are several ways of achieving a given goal; which methods are best for you depends on your site.
What is the situation? Are you planning a deployment? Has an OS X endpoint gone rogue with sensitive data? Is BigFix the only management agent/solution on the machine? Is/will the user’s iCloud account be configured? (With FindMyMac and BackToMyMac enabled?)
Thanks for the reply. Im a Windows guy and comfortable ‘bricking’ a rogue Windows laptop via command line / reg tweaks.
I am looking for a way to ‘brick’ a lost/stolen Mac os x preventing a user from obtaining sensite/pii/company data.
The link is originally posted demonstrated a script which appears to do what I need, I’m just not as comfortable creating a fixlet for Mac as I am for windows.
You haven’t really answered any of the questions posed.
What do you mean by bricking?
Is this for a specific situation, or just a general case?
Are the systems that this would be targeting encrypted with FileVault?
What is the equivalent you do on the Windows side that you would like to replicate on the Mac side?
Prevent all users from gaining access, whether it’s disabling/deleting user accounts, or setting a password via FileVault (if installed/enabled).
The term ‘brick’ is to render the platform useless/inoperative for a standard user until the platform is is rebuilt, at which point the data has been wiped anyway.
The issue with that approach as you have put it is that if the drive is not encrypted, then the data is available through:
If your goal is to prevent access to sensitive data, then I would recommend the following: