Find My Mac - reused computers

gb3
New Contributor III

I received an email from a user today who told me his old computer is showing up under his Find My Mac account.

The computer was reimaged and given to a new person. The original user sees the computer's current location and new name and (I assume) he has the ability to lock/wipe/etc.

Are there best practices for making sure a computer is no longer associated with an iCloud account for FMM before redeploying? Would it require the old user to manually log out or is it something I can do through the JSS or my imaging tool (DeployStudio)? Obviously it would just take one disgruntled former employee to cause some problems for us under the current situation.

1 ACCEPTED SOLUTION

aaronbwcollins
New Contributor III

Reset the PRAM by shutting the computer all the way down. Immediately after you press the power button hold:
⌘+ALT+P+R until you hear it reboot a second time.

The FindMyMac creds are stored in the PRAM so doing a reset wipes it out.

stackexchange post

I would also zero wipe the laptop as best practice, but that's just me.

View solution in original post

7 REPLIES 7

lwindram
Contributor

The easiest way that I am aware of is to require the new user to log in to iCloud and enable Find My Mac. This will displace the old users iCloud account. No need to involve the old users as of 10.10.5 - I can't comment on 10.11.x.

gb3
New Contributor III

Thanks for the reply. Based on that I'm thinking that maybe what makes the most sense is having an institutional apple ID and just turning FMM on with that, and then immediately turning it off prior to deploying to the next user. That way if the user doesn't want to use their own FMM they don't have to and I don't have to give them extra work to do when they get a computer.

htse
Contributor III

you can remove a device from the iCloud account by logging into iCloud.com and using the Find My Phone web app to disassociate the device from the account.

gb3
New Contributor III

I'd need the old user for that, which isn't always possible.

aaronbwcollins
New Contributor III

Reset the PRAM by shutting the computer all the way down. Immediately after you press the power button hold:
⌘+ALT+P+R until you hear it reboot a second time.

The FindMyMac creds are stored in the PRAM so doing a reset wipes it out.

stackexchange post

I would also zero wipe the laptop as best practice, but that's just me.

gb3
New Contributor III

Thanks! The PRAM comment led me to some more googling and I found this:

https://clburlison.com/find-my-mac/

After some testing, I determined that those commands will disable FMM if it is not turned on in the OS. If it is turned on in the OS, it won't break FMM for people who actually want to use it. Pretty ideal. Can make a policy to do this when I redeploy a machine.

aaronbwcollins
New Contributor III

Good find! I forgot about using those commands, however, it makes things a lot easier!
For those who are lazy and don't want to follow your link the below disables FMM in the PRAM A.K.A. NVRAM

Disable iCloud FMM

$ nvram -d fmm-computer-name  
$ nvram -d fmm-mobileme-token-FMM