Brick a Mac OS X

We are looking to develop a process to brick/disable a mac os x. I have stumbled upon the following article that removes users/user data which is essentially what we need.

I am a Windows guy, would anyone happen to know how to BigFix this, or have something developed that would essentially do the same ?

Thanks in advance.

1 Like
  • Is this just a one off system that you need to deal with?
  • Is the system in question encrypted with FileVault?

If you want to wipe a Mac, the best option might be to enroll it in MDM with BigFix if not already enrolled in MDM, then send it a wipe command with MDM.

I believe that using MDM actually does the wipe through the hardware/firmware and sends confirmation that it is wiped/being wiped.


Another option would be to remotely enable FileVault if it is not already enabled, then do something to prevent logins, like setting all of the user passwords to something very complicated and random.


Another option would be to just run commands that delete files. This is not as good as the other options in terms of completeness and lack of recoverability.

With BigFix it’s important to remember that, if you can do it in a command line script, BigFix can execute it. It’s just a matter of knowing the commands you need for the task at hand.

However, as James indicates, doing something on OS X is more of an OS X issue and less a BigFix issue. Just like Windows there are several ways of achieving a given goal; which methods are best for you depends on your site.

What is the situation? Are you planning a deployment? Has an OS X endpoint gone rogue with sensitive data? Is BigFix the only management agent/solution on the machine? Is/will the user’s iCloud account be configured? (With FindMyMac and BackToMyMac enabled?)

1 Like

Thanks for the reply. Im a Windows guy and comfortable ‘bricking’ a rogue Windows laptop via command line / reg tweaks.
I am looking for a way to ‘brick’ a lost/stolen Mac os x preventing a user from obtaining sensite/pii/company data.
The link is originally posted demonstrated a script which appears to do what I need, I’m just not as comfortable creating a fixlet for Mac as I am for windows.

You haven’t really answered any of the questions posed.

What do you mean by bricking?

  • Just preventing login?
  • Preventing Boot?
  • Deleting sensitive data?
  • Deleting the entire hard drive and all data?

Is this for a specific situation, or just a general case?

Are the systems that this would be targeting encrypted with FileVault?


What is the equivalent you do on the Windows side that you would like to replicate on the Mac side?

  • The specifics aren’t as important as the actual affect achieved, but the specifics wouldn’t hurt.

Prevent all users from gaining access, whether it’s disabling/deleting user accounts, or setting a password via FileVault (if installed/enabled).
The term ‘brick’ is to render the platform useless/inoperative for a standard user until the platform is is rebuilt, at which point the data has been wiped anyway.

The issue with that approach as you have put it is that if the drive is not encrypted, then the data is available through:

  • target disk mode (Mac only)
  • by removing the drive and connecting it to another computer
  • booting off of other media
  • etc…

If your goal is to prevent access to sensitive data, then I would recommend the following:

  • delete any known highly sensitive data with targeted secure erase commands, if any is known to exist
  • Check Identity Finder or similar scan logs
  • encrypt the drive (FileVault or BitLocker) if not already encrypted
  • Once encrypted, an MDM wipe command is best (might not be possible with BigFix directly, but BigFix should be able to do the MDM enrollment)
  • Next best would be to delete the encryption keys so that the data can no longer be accessed, even with a correct login.
  • Could change the login details first, before doing the above.