I have to send my MacBook Pro to Apple for service again, so it's time to review my list of Sensitive Data: Things to Delete and other preparation for giving up physical control of a Mac. Unfortunately last month my MacBook Pro completely died, and I didn't have a chance to do any of this. The Genius asked for my password, and I just laughed at her. She explained they'd probably replace the hard drive with a new install if they couldn't get in, and I said I'd deal with that, but suggested they just use the installer to reset the password to something they liked. As it turned out, they apparently decided not to bother -- I got the MBP back with some security settings changed, so perhaps Apple techs have a different tool that grants them access.

Before Shipment

  1. Make a backup. I use SuperDuper for these, in addition to automatic CrashPlan & Time Capsule backups.
  2. Test the backup!
  3. Log out of any sensitive services, such as MobileMe & Dropbox.
  4. Sign out of & deauthorize iTunes (don't forget Audible & Home Sharing).
  5. For each browser/user: clear history, cookies, & cache. Clear any saved passwords in browsers & email clients.
  6. Create an apple user, and make it an administrator. Give it a simple password (don't forget to write it on a note for the tech -- you don't want to wait a couple extra days while they ask for the password!).
  7. Set autologin for the apple account.
  8. Remove sensitive files for all active accounts, (including root if relevant):
    • ~/Library/Keychains/
    • ~/.ssh/ (except authorized_keys)
    • Password wallets (assuming you're not using something like 1Password on Dropbox)
    • Any sensitive email (location depends on client -- might be ~/Library/Mail/; I don't do this -- I have a lot of mail, and it's not generally sensitive)
  9. Change any passwords, if worried Apple might decrypt them (don't forget sudo passwd root).

After Return

If the motherboard has changed, the serial number & MACs will change.

  1. Log out of the apple account.
  2. Log back into your regular account, and hold the Shift key down to avoid launching all your standard applications (and prompting for a bunch of passwords which are in the removed keychain).
  3. Reverse all the above.
  4. Re-enable MobileMe sync.
  5. Update any static DHCP assignments if MAC changed.
  6. Re-pair Remote.app or other paired devices if Bluetooth changed.
  7. Re-pair anything else confused by changed MAC.
  8. Reboot and make sure everything works as expected.