Old Macs and Activation Lock
Within the secondhand community, even Macs with soldered-down components are looked at as having value, and ingenious tinkerers are repairing, upgrading, and adding software support to old machines long after Apple moved on to something new.
YouTuber Collin Mistr, known as dosdude1, demonstrates his skilled approach to upgrading and modifying older Macs on his channel. The videos are far from polished but show off how modifications and soldered-on upgrades can give old Macs new life.
[…]
As old Macs are dropped from Apple’s supported list, the Open Core Legacy Patcher project swoops in, using tricks learned when running macOS on non-Apple hardware and gives its utilities away for free.
[…]
A hard reality may be coming up for these savvy hardware and software hackers. With the advent of tighter security, things like Apple’s T1 and T2 chips, along with device management software, can turn older Macs into trash, with little hope of resuscitation or repair. “I know Apple claims [Activation Lock] is mostly for anti-theft, which it does prevent, but they try to hide from you that most locked devices you find out there, on eBay or in surplus sales, are locked not because they were stolen, but because the organization that had the devices didn’t know the lock exists in the first place,” opines Colin Mistr. “[Apple] doesn’t care…they’d rather the device be destroyed than reused.”
Tom Shouler (via Hacker News):
Jordan works at a small business. On her first day, Jordan purchased a brand new MacBook at the Apple Store and signed into her personal iCloud account. A year later, Jordan enrolled the device in the company’s MDM solution, but shortly after that, she left the company and moved across the country for a new job. Jordan’s device was wiped two days after her last day, consistent with the company’s usual off-boarding procedures. A new hire replaced Jordan and was given that same MacBook a few weeks later, but the MacBook was Activation Locked behind Jordan’s iCloud account. The company reached out to Jordan for help, but she couldn’t remember the device password and felt uncomfortable sharing her personal iCloud credentials. The device was unable to be used, so it had to be eWasted.
[…]
This is an unfortunate story, especially since MacBooks are not a trivial investment for most businesses. We’ve heard from many administrators who have been caught by surprise with Activation Lock and now own a $2,000 paperweight. It’s critical for any company that owns macOS devices to understand this risk.
[…]
To best insulate your business from this pain, we recommend two things[…]
Activation Lock is tied to Find My, which I have always disabled because I’m more worried about remote wiping than losing my Mac. I kind of wish these settings weren’t all bundled together.
You can remove the firmware password + erase all data on a 2018-2020 T2 Mac with Apple Configurator 2 (Does not remove Activation Lock)
Previously:
- Notes on Activation Lock: Apple Silicon Management Challenges
- Activation Lock Status Checker Removed
- Find My Mac and Remote Wipe
Update (2023-07-11): See also: Hacker News.
12 Comments RSS · Twitter · Mastodon
The small business should have purchased the MacBook, not an employee. Apple can remove the activation lock if you prove to them you bought it, with something like the receipt.
I'm pretty sure this works with phones and probably works with Macs too. If you have old equipment you can disable the activation lock without giving the new owner's your password just just removing it from your account in iCloud. You don't have to give them the password.
@Goz Nailed it. Works as intended. Would I prefer that Apple gave more options for securing the hardware, that didn't rely on Apple's infrastructure? Sure. But Businesses can't have it both ways--either it's owned and provisioned, or it isn't and they (legitimately) have no right to it unless custody is transferred at which point employee should be expected to disable Find My.
In unrelated news, did you know that connecting your mobile device to an Exchange ActiveSync server entitles that server to remote wipe your *entire device*? Because that's another over-abused feature.
Matt E nailed it. You can remove it without sharing the password via iCloud account management. I had an employee who did that - it was locked and he moved across the country. He just removed it on his side, and then it was unlocked.
Indeed. +1 for the iCloud solution. The Apple Store will have you do this if you can't sign into your Mac (like if it's really truly dead!)
"YouTuber Collin Mistr, known as dosdude1, demonstrates his skilled approach to upgrading and modifying older Macs on his channel".
Which video? I cannot find it. Thanks!
This is a huge problem with second-hand iOS devices. I have an iPod touch that I got from goodwill because it was a nice compliment to my collection, but I can't do anything with it because it's hopelessly locked by its original owner. Obviously I have no means to get in touch with that person.
In my experience Mac hardware can be remotely unlocked from the linked account.
There are two exceptions though. Apple Watches and Airpods can only be unlocked when the paired iPhone is in Bluetooth range.
This has bitten me recently when I bought a second hand Apple Watch. Had to drive back to the seller a second time because we both weren't aware of this. Only resetting it to factory is not enough in these cases!
@MeX - disdude1 channel is https://www.youtube.com/channel/UCBPLij8RWsQrMxl_bjk-R8w
This is one that upgrades an older macbook replacing the CPU - https://www.youtube.com/watch?v=pQRXoRU3lm0
I would note that some older Macs are now falling off the "Apple can fix it" cliff.
I have a 2012 MBP that is up to Catalina, but it will go no further because the firmware password was set on it and lost. Apple can no longer reset the firmware password on this machine, so eventually it's toast as well.