JumpCloud provides Windows and Linux security commands that allow devices to remotely execute management commands. The ability to run commands is determined by the administrator's level of privilege. See Admin Portal Roles for more information.
Looking for macOS security commands? See MDM Commands.
Device management uses the following basic process:
- The server sends out a push notification to the device.
- The device polls the server for a command in response to the push notification.
- The device performs the command.
- The device contacts the server to report the result of the last command and to request the next command.
If the admin issues a command while the device is offline, the command will not expire and will remain in the queued state until the device comes back online.
Prerequisites
- Windows: These commands can be run on a Windows 10 Pro or Windows 11 device with the JumpCloud Agent installed.
- Linux: Check supported Linux distros at JumpCloud Agent Compatibility, System Requirements, and Impacts.
Considerations
- Security commands have no expiration.
- Consider creating system backups before modifying or eliminating a device.
- There is a known limitation on Linux Mint 21 Cinnamon devices that prevents IT Admins from enabling the lock device security command successfully.
Security commands can now be executed directly from the Devices list using the Action menu.
Locking a Device
This feature remotely locks the screen for the device. The user can unlock the device by logging back in.
To lock a device:
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Devices.
- Click the Actions button in the device’s row.
- Click Lock Device.
- Click yes, lock to confirm that you want to remotely lock the device. Any bound users will be able to unlock the device by logging back in. The user’s session resumes when the user logs back in to the device. Any applications that were left open are intact when resumed.
The lock feature works on Linux systems that have a GUI.
Restarting a Device
When you send this command, the device restarts and any unsaved progress will be lost.
To restart a device:
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Devices.
- Click the Actions button in the device’s row.
- Click Restart Device.
- You’re prompted to confirm that you want to remotely restart the device. Click yes, restart.
- The user’s device restarts after Windows or Linux displays a series of warning dialogs, giving the user a chance to save any work before the system restarts.
The JumpCloud Agent may not detect quickly restarted devices, so the status may not change.
Shutting Down a Device
When you send this command, the device shuts down and any unsaved progress will be lost.
To shut down a device:
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Devices.
- Click the Actions button in the device’s row.
- Click Shut Down.
- Click yes, shut down to confirm that you want to remotely shut down the device. The user’s device is shut down.
After you run the command, it takes 5-10 minutes for the device’s status to change in the JumpCloud Admin Portal.
Erasing a Device
When you send this command, everything on the hard drive, including Windows or Linux software, all user accounts, and settings, is removed and can’t be recovered. The operating system is reset to its default state and settings.
Windows Considerations:
- If the Windows Recovery Environment (Windows RE) is disabled on Windows 10 or 11 client computer, the device cannot be erased.
- On Windows, JumpCloud uses RemoteWipe CSP to issue the erase command. See Microsoft’s documentation on RemoteWipe CSP.
- Within RemoteWipe, we use “doWipeProtected” to ensure that the command is persisted even if the machine is turned off. This version of the command will return the device to its factory settings state.
- RemoteWipe CSP requires Windows RE to function. For more information, see Microsoft’s documentation.
To erase a device:
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Devices.
- Select the device from the devices list.
- On the device page, click Actions.
- Click Erase Device.
- Click yes, erase to confirm that you want to remotely erase the device. The user’s device is erased.
- After you run the command, it takes 5-10 minutes for the device’s status to change in the JumpCloud Admin Portal.
- On some Linux devices:
- Erasures may take up to several hours to complete for some hardware configurations. In these cases, the erase action may not return a response in the Admin Portal.