Developer Mode Issue

[Shelby Falco]

I am currently having an issue with my Chromebook.

I cannot start developer mode as I used to. It's locked by system policy.

Can I bypass this screen? Thanks!

- Shelby

[Mike Frysinger]

it sounds like you have an enrolled device that is not your own property.  you would need to talk to the person who owns said device.  if you're a student and it's school property, talk to your local IT admin.

-mike

--
--
Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
https://groups.google.com/a/chromium.org/group/chromium-os-dev

[Keith I Myers]

No, not without getting the owner of the Chromebook to allow it 

--

--
Chromium OS Developers mailing list: chromiu...@chromium.org
View archives, change email options, or unsubscribe:
https://groups.google.com/a/chromium.org/group/chromium-os-dev

---
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-os-d...@chromium.org.

[Mr Anderson]

On a tangential point, I am curious if any consideration has been given to how to handle cases where end users legitimately purchase used devices (e.g from Goodwill, Ebay, etc) and end up with an enterprise locked device?  Sure, they can probably return it to the seller on Ebay assuming they weren't informed of the lock status on the listing, but in the case of Goodwill returns often times aren't accepted.  Such is the reality, especially on purchases that are labeled 'as-is', but it still would be nice if there was some way to sort out these legitimate cases.

I have thought about this point a fair bit and an idea just occurred to me because of this email.  What about a 'Request De-enrollment' feature on the enterprise enrollment screen that allows a request to be submitted to the Enterprise's Admin Console that the device is still linked to?  The end user could include a small comment like 'Hey, I just bought this device on Ebay and don't think it should be enrolled to your company anymore, can you help?'.  The admin on the enterprise side could see the request and either approve or deny the request based on their knowledge of whether or not the device in question was sold/donated by the company.  It would be neat to see Google support this in a way so that end users wouldn't have to track down how to contact the Enterprise Admin and the Admin could easily handle the request via their online console.

Like I said, just an idea that occurred to me after reading this email.  I thought I would throw it out there in case anyone else might think it is a worthwhile consideration!

-Anderson

[Luigi Semenzato]

This is a public forum, so first of all, this is a personal opinion, not Google's.  Don't quote me without including this.

I like the idea!  There's a privacy issue: does physical possession of the device grant someone the right to send mail to the original owner?  On the other hand, de-enrolling a device before giving it away or selling it is the responsible thing to do, to avoid waste.  And if the device is lost or stolen, this would give some information to the rightful owner.

[Bob Moragues]

I share Luigi's personal opinion.

A use case that we see here in Mountain View is that the students are allowed to keep their devices as they leave the school district after 8th grade.

This proposed feature, plus a poster at the schools would allow the students to unlock the full potential of their Chromebooks.

[Yves Arrouye]

In that instance, the school admin should deprovision the devices as part of letting students keep them.

[Christopher Nugent]

On Wed, Feb 8, 2023 at 2:14 PM Christopher Nugent <skymag...@gmail.com> wrote:

If I may, IP information and surrounding Access Point information could be collected to be used to cross-reference with home addresses and company (school)-owned building addresses, which an employer or a school would already have. This information could be sent to the admin to help them verify the legitimacy of the situation. With this info, they could be better equipped to check whether or not this request is coming from someone who was/is employed (or enrolled), and they could use that info to check against their own IT surplus equipment resale/unloading policies.

If enrolled Chromebooks have unique serial numbers, sending that info would also help as they can use it to look up the Chromebook in their own inventory tracking systems and verify that it was supposed to be sold or donated.

We need to give the admin as much info as possible that helps answer the question “Was this computer even eligible to be sold?”.

[Christopher Nugent]

Sorry. New to using the dev lists.

[Mr Anderson]

Thanks for the feedback Luigi!

You have a valid point about privacy.  That is why I figure it would need to be a feature added to the enterprise enrollment APIs that would allow the request to occur without the user knowing the email address of the Admin or vice versa.  Or maybe if the Admin console allows notifications it could be done that way (i.e. no emails) so the admin sees it the next time they log into the management console.  I haven't used the enterprise management console, so I might be suggesting something that doesn't exist.

I think it would make sense to require an end user to login to a gmail account prior to issuing the request so the user could be blacklisted for improperly using the feature to spam or pester an admin.  The admin could deny the request and ignore future requests from the same user, device id or both for a certain time period to mitigate cases where a user thinks they can exhaust the Admin by just flooding requests.

Also, I appreciate that you touched on the e-waste aspect of the topic too because it happens to be one of the larger reasons why I think such a feature would be quite nice.  I am finding plenty of used ChromeOS devices that are fantastic for a variety of use cases even outside of their AUE, so I consider it a shame when one can't be repurposed due to being enterprise locked.  So far, I haven't encountered any that are still enrolled, but it hasn't stopped me from considering the "what if".

I am not a googler, so can't push the idea any further than maybe submitting it to a more proper location?

[shelbyfal...@gmail.com]

Well, The chromebook is owned by me. It wasn't managed in the first place, but now it is.

[Drew Wilson]

+Jakub Flis I believe that the forced re-enrollment screen has (optional) admin contact information, but this is another idea for how to share information with admins from folks that have a possibly-mistaken enrollment.

In the case of the original poster, I'm guessing that you have enrolled your device to a managed domain (example, by enrolling your device using your school account), and now you'll have to talk to the domain administrator to deprovision it since you are the legal owner of the device.

[Mr Anderson]

Yes, I think you are correct in that the screen usually shows a company name and/or domain name, although that may be different than what you are referring to.  However, finding the correct communication channels and getting in contact with the right person can be challenging, especially if all that is shown is a company name.  If the proposed option existed it could deliver a notification directly to the Admin's online dashboard/panel and would at least help solve the contacting-the-right-person part of the process.  It might not change the outcome, but at least it helps catalyze getting the request to the right spot.