**READ: This is coming from someone who bypassed the web filter, printed from school printers on a personal laptop by finding the IP address, got past a local IP internet block multiple times and was left alone by admin and IT given enough time and victories.** The enterprise lock (and device policies) is cloud based and tied to the device serial number. There is no way to remove the tie without having it removed by the administrator who applied it, or replacing the motherboard. The screw trick really only works on the “CR-48” (5+ years old) Chromebooks, and those have been retired and sold as surplus due to the devices no longer getting updates and being several years old. Unless the school somehow can’t afford new ones (which is impossible, since they block the usual XXX sites anyone who went through puberty knows about for eFunding), the screw trick is not an option as it was patched years ago.
This is an iCloud activation lock for Chromebooks. STOP asking - IT CANNOT BE DONE! These machines are deployed to PREVENT what I got away with in high school! As the old generation left, the next generation who got it done and found the holes made it harder. If it was possible to permanently neutralize it so it never comes back, do you not think people who can remove the management would be buying them for almost nothing and trying their luck?
The enterprise enrollment is tied to the serial number and is loaded on the device through the cloud. In addition, it is stored on the device locally just in case they’re kept offline so it’s persistent. In addition to local storage, the profile gets restored to the device if you erase it by using the stored forced enrollment policies. THERE IS NO WORKAROUND. It sounds like an ex school machine since iBoss has a education specific variant. I’m not shocked since schools are already infamously lazy about removing BIOS/EFI passwords from decommissioned systems.
With these “managed” Chromebooks, the only good option is to return the unit as defective (because it *is*), especially with the eBay MBG. That said, Google may forcefully release it if you provide a receipt and the Chromebook serial number, but they usually defer it to the lazy administrator. Only once it’s removed can you powerwash it and turn it into a “normal Chromebook” again.
It’s still your final call on what to do, but I would have just returned it and dinged the seller for negligence that cripples the Chromebook as a entire unit for outsiders. The seller’s negligence is not my issue to fix. You have a solid case against the seller, especially if they assumed it was clean without checking and then listing it as if it was okay for end user use and did not disclose this issue. Unless you somehow got a really nice one, send it back and try again - ex school Chromebooks are rarely worth saving and tend to be more beaten up, or BER if anything major is busted. Let the seller take the financial hit since it should have been sold for parts.
The main issue with school surplus is it tends to be in worse condition then corporate surplus used by businesses/professionals selling their old machine. In some school districts, they tend to back off with even a little parental pushback due to the low purchase price, which is why damaged Chromebooks regularly flood the market with residual remote management. In some cases, the schools are unwilling to hold the student (or parent) accountable for the damaging the Chromebook, and it gets dumped on the market with the student induced damage without removing the management. The only time they stand their ground is parents who give in or it’s hard to push back. Because of this, some districts sell them to the “student” (really the parents) to shift the cost of damage if/when it happens! They ironically stand their ground when a Mac is damaged ($$), but not Chromebooks ($) unless it is BER. THERE IS A REASON PEOPLE WHO KNOW BETTER AVOID EX SCHOOL CHROMEBOOKS ON THE SECONDHAND MARKET WHEN POSSIBLE. THEY ARE OFTEN JUNK WITH LEFTOVER MANAGEMENT! Unless it is cheap, they are a bad buy as secondhand devices - 9 times out of 10, it is managed by a school and requires a Google account that is used by a student of that school (may or may not be branded with the school name), OR it requires a .edu eMail from that college who sold it.