School Laptop Reset Tomorrow! Please Help!

[JHUFrank]

This doesn't make sense to me. If the computer is yours (or your parents'), then it's none of the school's business whether you have admin privileges or not. Why would they be restricting your account on your own computer?

I sense a misunderstanding here. Either the school's reset and other policies apply only to their own computers and not to yours, or the computer fee is just an extra fee paid along with tuition rather than a purchase and thus it actually belongs to them.

As an IT guy, this is a pretty fun scenario. My guess is that the school has a "if you use our network, you run what we want on your computer" policy. This makes it tough to tell them to shove it, as you cant get onto the network at school if you don't play by their rules.
Personally, I would buy two external drives, one as a backup, and one as a live boot drive. Have the school image on your computer during the week, then boot to your image for the weekends and nights.

 

[KUguardgrl13]

I'm so glad that when I was in school the only computers that mattered where the desktops on the computer labs and the few class sets of laptops. Then I came to college where they don't care what you have on your computer as long as they don't catch you torrenting. It's your property, so unless they have evidence that you're not following the network rules, they can touch your stuff. When I lived in the dorms back in 2009 they did require that everyone download Sophos antivirus to access the dorm Internet (separate from the regular campus wifi network). It was a load of BS, and I uninstalled it when I moved off campus.

OP, clone your drive to the external. Then ask your parents what the agreement is between them and the school concerning the computer. If it's still considered school property, your SOL as far as getting out of this. And a lot of posters are right that they can block you from accessing the network if you're not following the terms even if you own the laptop.

This is one problem with schools providing devices: older kids are tech savvy. I know with my high school, someone got a hold of the wifi password and suddenly everyone was accessing it to play Mario Kart on their Nintendo DSes at lunch. Unfortunately, BYOD programs can make software complicated and be prohibitive for low income families.

 

[Cryosim]

Wow! What a liar IT guy!

I didn't take my computer to school yesterday, and a good thing too.
They said they were just installing a new image, but what they were really doing was also setting a firmware password. God bless knowledge and pray for my fellow classmates who are now locked out of administrator privileges.

Next time I will take heavier security measures.

Requesting thread lock.

 

[maflynn]

So, if I am to understand your post, the School's IS department unilaterlly decided to put in a firmware password and/or not allow you to have an administrator account on the computer - your personal computer?

I can understand a school, or an employer setting up some rules/parameters to safeguard their network but this oversteps their bounds imo.

 

[Merode]

I didn't take my computer to school yesterday, and a good thing too.
They said they were just installing a new image, but what they were really doing was also setting a firmware password. God bless knowledge and pray for my fellow classmates who are now locked out of administrator privileges.

Next time I will take heavier security measures.

Requesting thread lock.

Is this even legal in your country? In Poland and with my kid this story would end in Court.

 

[kolax]

With FileVault enabled, they cannot get your data. They can zap the disk but your data is secure. If they set a Firmware Password on your Mac and didn't give you it, I think you could take them to court. Apple even advises against Firmware Passwords because they won't provide support for it.

In future, you have two options:

1. Buy a cheap hard drive and install OS X on it. Then when ever the school IT team want your Mac, stick that disk in, let them do whatever, and then put your disk back in when you get home.

2. If taking the hard drive out isn't an option, you can use dd to take a full image (including partition table) of your disk. Then, you can restore it all (Boot Camp, the lot) and it'll be as if nothing had changed. You can run dd from the command line in the OS X installer (or recovery partition) when you first turn your Mac on, and just have a second hard drive big enough to hold your disk image.

Anyway, what the IT folk are doing sounds really dodgy, invasive, and something I would not agree to. My company lets users install expensive software on their personal machines, but they need to connect to our license server to use it. If we disable their ability to connect to the license server, the software is useless. We don't care to meddle with personal machines, and pass liability on to the user's themselves.

 

[Cryosim]

Update

My computer is fine. It's just my friends who are having troubles. For the country, it's Hong Kong. I wouldn't take my school to court for this but rather just ask the admin to take the passwords off. I'm currently advising my friends to contact an Apple Store with their parents / proof of purchase to get the password removed.

 

[yjchua95]

My computer is fine. It's just my friends who are having troubles. For the country, it's Hong Kong. I wouldn't take my school to court for this but rather just ask the admin to take the passwords off. I'm currently advising my friends to contact an Apple Store with their parents / proof of purchase to get the password removed.

Back when I was living in Malaysia, I attended a private school, and we were allowed to bring either our own MacBooks or use school-supplied ones. In either case, the school forced everyone to have an admin account for the IT personnel to use, even if the student brought his own MacBook.

When they enforced this policy, I wasn't going to have any of it and I had my parents (along with several others) threaten to drag the school to court for private property and privacy infringement. The school abolished the policy in less than 48 hours.

If your school is adamant on doing so, it's your right to haul their ass to court. They have no right to do any modifications to your property. They may prevent you from connecting to the school's LAN, but they have absolutely no right to do something to your personal property.

 

[maflynn]

In future, you have two options:

1. Buy a cheap hard drive and install OS X on it. Then when ever the school IT team want your Mac, stick that disk in, let them do whatever, and then put your disk back in when you get home.

That won't help if they choose to use a firmware password and it he has a newer rMBP, then there's no drive replacements available.

 

[sjinsjca]

The problem is the architecture.

School or work stuff needs to be kept separate from personal stuff. User account-based approaches can help but most software and drivers are system-wide.

Best to keep all non-personal stuff in a virtual machine so it's walled off.

Meanwhile, any programmer should know the importance of maintaining duplicative backups. This whole thread is founded on not having backups in the first place. Buying a computer without provisioning a backup strategy is exactly like buying a car without arranging insurance.

----------

If your school is adamant on doing so, it's your right to haul their ass to court. They have no right to do any modifications to your property. They may prevent you from connecting to the school's LAN, but they have absolutely no right to do something to your personal property.

Much depends on whatever agreement student or parents signed. They may have already agreed to the intrusion.

 

[maflynn]

Much depends on whatever agreement student or parents signed. They may have already agreed to the intrusion.

Also if the school help fund the purchase, i.e., offered to help pay for the new computers, i.e., selling the computers at a steep discount. They probably have more a say then.

Still, if the computer is the Ops then the school's IS department should not be putting a firmware password on the thing

 

[kolax]

That won't help if they choose to use a firmware password and it he has a newer rMBP, then there's no drive replacements available.

Exactly, hence why I said it could be a legal issue if they set the Firmware Password on it.

OP should set the Firmware Password himself, and he can use dd to make an image of his disk as I described should his school ever kick up a fuss and demand access to his machine.

 

[Cryosim]

Thanks for the help, I already have a hard 1:1 backup on an external hard drive and a firmware password.

 

[Merode]

Much depends on whatever agreement student or parents signed. They may have already agreed to the intrusion.

I can't say for other countries but in Poland no deal/agreement or set of rules can limit rights granted by laws and constitution. In such case, the deal/agreement/set of rules is unlawful and you can completly ignore it.

I can't believe that intrusion into private property is in accordance with law anywhere in the world. I guess OP could have just disobeyed school authorities and if necessary inform Public Prosecutor's Office or other approperiate organisation.