Using Casper 8.51 to remotely lock or wipe 10.7 Macs
One new feature of Casper 8.51 is that you can lock or wipe your 10.7 Macs using the same remote lock / wipe features that have been available through Apple’s Find My Mac service. If you want to use this on your JSS, see below the jump for details.
Server-end pre-requisites:
Casper 8.51 or higher
An Apple Push Notification (APN) certificate registered for your JSS
Your Casper JSS server’s Security settings set to:
A. Enable Certificate-Based Communication
B. Enable Push Notifications for Mac OS X v10.7 clients
Client-end pre-requisites:
Casper 8.51 or higher agent installed
Recovery HD partition
Account settings:
To grant privileges to run remote commands (including remote lock and/or wipe) for Mac OS X 10.7 or higher computers:
1. Log in to your JSS with a web browser.
2. Click the Settings tab.
3. Click the Accounts link.
4. Click the Edit Account link across from the account that you want to add privileges to.
5. Click the Privileges tab.
6. Under the JSS – Management Tab Privileges heading, select one or more of the following privileges as needed: Send Computer Remote Lock Command, Send Computer Remote Wipe Command, Send Computer Unmanage Command.
7. Click the Save button.
Once that’s done, you should see some new icons appearing in the inventory listing of qualifying 10.7.x Macs.
Once you’ve decided what you want to do with your device, click the icon you want to use, either remotely locking the device or remotely wiping the hard drive. If you think you have a good chance of recovering the Mac, you may want to remotely lock it. If not, I recommend remotely wiping it.
If you want to do wipe the Mac, do not use the remote lock. You won’t be able to wipe the machine once it’s been locked.
If you’ve chosen to lock the machine, enter a passcode that will be used to unlock the Mac once it’s back in your possession. No data is removed in this operation.
If you’ve chosen to wipe the machine, enter a passcode that will be used to unlock the Mac if it’s recovered.
This code ensures that the possessor of the code can use the computer if found. Once the code has been entered, you’ll be given the opportunity to reinstall the OS from scratch.
All data is removed from the boot drive if you choose to wipe it.
One nice thing is that you do not need any Configuration Profiles enabled on your JSS for this to work. This capability looks like it’s available automatically as long as your JSS and your client Macs meet the pre-requisites listed above.
If you cannot get into the locked laptop what can you do? I can see the lock code in the JSS but the laptop is locked for 60 minutes each time we try it