Home > Casper, JSS, Mac administration > Using Casper 8.51 to remotely lock or wipe 10.7 Macs

Using Casper 8.51 to remotely lock or wipe 10.7 Macs

April 6, 2012 Leave a comment Go to comments

One new feature of Casper 8.51 is that you can lock or wipe your 10.7 Macs using the same remote lock / wipe features that have been available through Apple’s Find My Mac service. If you want to use this on your JSS, see below the jump for details.

Server-end pre-requisites:

Casper 8.51 or higher

An Apple Push Notification (APN) certificate registered for your JSS

Your Casper JSS server’s Security settings set to:

A. Enable Certificate-Based Communication

B. Enable Push Notifications for Mac OS X v10.7 clients

Screen Shot 2012-04-05 at 9.11.01 PM

Client-end pre-requisites:

Casper 8.51 or higher agent installed

Recovery HD partition

Account settings:

To grant privileges to run remote commands (including remote lock and/or wipe) for Mac OS X 10.7 or higher computers:

1. Log in to your JSS with a web browser.

2. Click the Settings tab.

3. Click the Accounts link.

4. Click the Edit Account link across from the account that you want to add privileges to.

5. Click the Privileges tab.

6. Under the JSS – Management Tab Privileges heading, select one or more of the following privileges as needed: Send Computer Remote Lock Command, Send Computer Remote Wipe Command, Send Computer Unmanage Command.

7. Click the Save button.

Screen Shot 2012-04-05 at 9.05.37 PM

Once that’s done, you should see some new icons appearing in the inventory listing of qualifying 10.7.x Macs.

picture4 picture3 picture2 picture1

Once you’ve decided what you want to do with your device, click the icon you want to use, either remotely locking the device or remotely wiping the hard drive. If you think you have a good chance of recovering the Mac, you may want to remotely lock it. If not, I recommend remotely wiping it.

If you want to do wipe the Mac, do not use the remote lock. You won’t be able to wipe the machine once it’s been locked.

If you’ve chosen to lock the machine, enter a passcode that will be used to unlock the Mac once it’s back in your possession. No data is removed in this operation.

Screen Shot 2012-04-05 at 9.18.32 PM

If you’ve chosen to wipe the machine, enter a passcode that will be used to unlock the Mac if it’s recovered.

Screen Shot 2012-04-05 at 9.19.27 PM

This code ensures that the possessor of the code can use the computer if found. Once the code has been entered, you’ll be given the opportunity to reinstall the OS from scratch.

Screen Shot 2012-04-05 at 8.53.43 PM

All data is removed from the boot drive if you choose to wipe it.

Screen Shot 2012-04-05 at 8.54.29 PM

One nice thing is that you do not need any Configuration Profiles enabled on your JSS for this to work. This capability looks like it’s available automatically as long as your JSS and your client Macs meet the pre-requisites listed above.

Categories: Casper, JSS, Mac administration
  1. Chris Mulios
    April 13, 2016 at 7:33 pm
    Reply

    If you cannot get into the locked laptop what can you do? I can see the lock code in the JSS but the laptop is locked for 60 minutes each time we try it

  1. No trackbacks yet.

Leave a comment