READ: This is coming from someone who bypassed the web filter, printed from school printers on a personal laptop by finding the IP address, got past a local IP internet block multiple times and was left alone by admin and IT after a few years. The enterprise lock (and device policies) is stored on the cloud and tied to the device's serial number. Without access to the administration panel, there is no way to remove the admin tie without a new motherboard! You might as well replace the Chromebook since motherboards vs. whole units end up being similar if the admin will not remove the enterprise tie.
I know this is going to come up, so I'm addressing it: The screw trick DOES NOT WORK ON ANYTHING NEWER THEN THE "CR-48 SERIES", WHICH ARE ALL DECOMMISSIONED DUE TO THE FACT THEY NO LONGER GET UPDATES AFTER 5+ YEARS! UNLESS THE SCHOOL CANNOT AFFORD NEW CHROMEBOOKS (literally impossible since they get state funding and block XXX sites anyone who went through puberty knows about), they replaced them with PATCHED UNITS.
This is an iCloud activation lock for Chromebooks. Everyone please, STOP ASKING - IT CANNOT BE DONE! These machines are deployed this way to PREVENT what I got away with in high school! As the old generation left, the next generation who got it done, and found/abused the failures made it harder. If it was possible to neutralize the admin tie so it never comes back, do you not think people who can remove the management (who can afford to risk killing it) would buy them for almost nothing and try to fix them for resale or personal use, even if it meant PERMANENTLY neutralizing the management capabilities in firmware to the point it can never accept a management policy again with that disclaimer (similar to Persistence 1.0)? Oh, and they absolutely can live with the fact their used Chromeook can never be remotely managed. I have an E6400 with Computrace where I did the deed and permanently disabled it, by choice. It's a liability I want nothing to do with on a 2009 Core 2 Duo laptop.
The enterprise enrollment is tied to the serial number and is loaded on the device through the cloud. In addition, it is stored on the device locally just in case the students try to keep them offline - it is truly persistent. In addition to local storage, the profile gets restored to the device if you erase it by using the stored forced enrollment policies. THERE IS NO WORKAROUND. It sounds like an ex-school machine since iBoss has an education specific variant. I’m not shocked since schools are already infamously lazy about removing BIOS/EFI passwords from decommissioned systems.
With these “managed” Chromebooks, the only option is to return the unit as defective (because it *is*), especially with the eBay MBG. Only once it’s removed can you powerwash it and turn it into a “normal Chromebook” again.
It’s still your final call on what to do, but I would have just returned the unit and moved onto another one, unless the seller let me keep it, in which case I'd see what I can get done when I have a weekend to do it. The reason is these locks cripple these Chromebooks for outsiders. Personally, I do not take the seller’s negligence is my issue. You have a solid case against the seller, especially if they assumed it was clean without checking and then listing it as if it was okay for end user use and did not disclose this issue. Unless you somehow got a really nice one, send it back and try again - ex school Chromebooks are rarely worth saving and tend to be more beaten up, or BER if anything major is busted. Let the seller take the financial hit since it should have been sold for parts.
The main issue with school surplus is it tends to be in worse condition then corporate surplus used by businesses/professionals selling their old machine. In some school districts, they tend to back off with even a little parental pushback due to the low purchase price, which is why these managed Chromebooks regularly flood the market with residual remote management. While rare, some schools are flat out unwilling/afraid to hold the student/parents accountable for the damaged Chromebook, and it gets dumped on the market with the student induced damage and residual management. The only time they stand their ground is parents who give in or it’s hard to push back. Because of this, some districts sell them to the “student” (really the parents) to shift the cost of damage if/when it happens! They ironically stand their ground when a Mac is damaged ($$), but not Chromebooks ($) unless it is BER. THERE IS A REASON PEOPLE WHO KNOW BETTER AVOID EX SCHOOL CHROMEBOOKS ON THE SECONDHAND MARKET WHEN POSSIBLE. THEY ARE OFTEN JUNK OR RIDDLED WITH MANAGEMENT! I AM NOT GOING TO ARGUE WITH THEM FOR NOT DOING THEIR JOB WITH THEIR OLD CHROMEBOOK — I AM GOING TO SCRAP IT! Unless it is cheap, these make no sense to buy as the schools tend to hold onto them until the Google AUP lifetime is towards the end (usually only ~6 months-1 year left, or EOL when you get it)… The issue is you're SOL when they're no longer updated since Google maintains a list, so it’s YOUR FAULT for not checking. If it's not intact, it's almost certainly "managed" despite being disposed of. The biggest red flag is it will often require a school managed Google account, OR an .edu eMail from that college who sold it.
