I have to send my MacBook Pro to Apple for service again, so it's time to review my list of Sensitive Data: Things to Delete and other preparation for giving up physical control of a Mac. Unfortunately last month my MacBook Pro completely died, and I didn't have a chance to do any of this. The Genius asked for my password, and I just laughed at her. She explained they'd probably replace the hard drive with a new install if they couldn't get in, and I said I'd deal with that, but suggested they just use the installer to reset the password to something they liked. As it turned out, they apparently decided not to bother -- I got the MBP back with some security settings changed, so perhaps Apple techs have a different tool that grants them access.
Before Shipment
- Make a backup. I use SuperDuper for these, in addition to automatic CrashPlan & Time Capsule backups.
- Test the backup!
- Remove sensitive files for all active accounts, (including
rootif relevant):~/Library/Keychains/~/.ssh/(exceptauthorized_keys)- Password wallets (assuming you're not using something like 1Password on Dropbox)
- Any sensitive email (location depends on client -- might be
~/Library/Mail/; I don't do this -- I have a lot of mail, and it's not generally sensitive)
- Log out of any sensitive services, such as Dropbox.
- Unauthorize iTunes.
- For each browser/user: clear history, cookies, & cache.
- Create an
appleuser, and make it an administrator. Give it a simple password (don't forget to write it on a note for the tech -- you don't want to wait a couple extra days while they ask for the password!). - Set autologin for the
appleaccount. - Change any passwords, if worried Apple might decrypt them (don't forget
sudo passwd root).
After Return
If the motherboard has changed, the serial number & MACs will change.
- Reverse all the above.
- Re-enable MobileMe sync.
- Update any static DHCP assignments.
- Re-pair Remote.app
- Re-pair Bluetooth or anything else confused by the MAC changes.