fix: update guide on lock/unlock/wipe (#23788)

> Related issue: #22753 # Checklist for submitter If some of the following don't apply, delete the relevant line.  - [x] Manual QA for all new/changed functionality
fleetdm · Nov 15, 2024 · b9df4c2 · b9df4c2
1 parent e27e916
commit b9df4c2
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 155 deletions.
diff --git a/articles/lock-wipe-hosts.md b/articles/lock-wipe-hosts.md
@@ -0,0 +1,67 @@
+# Lock and wipe hosts
+
+![Lock and wipe hosts](../website/assets/images/articles/[email protected])
+
+_Available in Fleet Premium_
+
+In Fleet, you can lock and wipe macOS, Windows, and Linux hosts remotely. This allows you to easily deal with situations
+where a host might have been lost or stolen, or to remotely prepare a device to be re-deployed to another end user.
+
+**Note**: lock/unlock and wipe commands are queued and will run when the device next comes online.
+
+## Lock a host
+
+1. Navigate to the **Hosts** page by clicking the "Hosts" tab in the main navigation header. Find the device you want to lock. You can search by name, hostname, UUID, serial number, or private IP address in the search box in the upper right corner.
+2. Click the host to open the **Host Overview** page.
+3. Click the **Actions** dropdown, then click  **Lock**.
+4. A confirmation dialog will appear. Confirm that you want to lock the device. The host will now be marked with a "Lock pending" badge. Once the lock command is acknowledged by the host, the badge will update to "Locked".
+
+## Wipe a host
+
+1. Navigate to the **Hosts** page by clicking the "Hosts" tab in the main navigation header. Find the device you want to lock. You can search by name, hostname, UUID, serial number, or private IP address in the search box in the upper right corner.
+2. Click the host to open the **Host Overview** page.
+3. Click the **Actions** dropdown, then click  **Wipe**.
+4. Confirm that you want to wipe the device in the dialog. The host will now be marked with a "Wipe pending" badge. Once the wipe command is acknowledged by the host, the badge will update to "Wiped".
+
+## Unlocking a host
+
+**Note**: When a macOS host is locked, Fleet generates a 6 digit security PIN. This PIN must be physically input into the host in order to unlock it.
+
+To unlock a locked host:
+
+1. Navigate to the **Hosts** page by clicking the "Hosts" tab in the main navigation header. Find the device you want to lock. You can search by name, hostname, UUID, serial number, or private IP address in the search box in the upper right corner.
+2. Click the host to open the **Host Overview** page.
+3. Click the **Actions** menu, then click **Unlock**.
+    - **macOS**: A dialog with the PIN will appear. Type the PIN into the device to unlock it.
+    - **Windows and Linux**: The command to unlock the host will be queued and the host will unlock once it receives the command (no PIN needed).
+5. When you click **Unlock**, the host will be marked with an "Unlock pending" badge. Once the host is unlocked and checks back in with Fleet, the "Unlock pending" badge will be removed.
+
+
+## Lock and wipe using `fleetctl`
+
+You can lock, unlock, and wipe hosts using Fleet's command-line tool `fleetctl`:
+
+```shell
+fleetctl mdm lock --host $HOST_IDENTIFIER
+```
+
+```shell
+fleetctl mdm unlock --host $HOST_IDENTIFIER
+```
+
+```shell
+fleetctl mdm wipe --host $HOST_IDENTIFIER
+```
+
+`$HOST_IDENTIFIER` can be any of the host identifiers: hostname, UUID, or serial number.
+
+Add the `--help` flag to any command to learn more about how to use it.
+
+**Note**: for macOS hosts, the `mdm unlock` command will return the security PIN, which must be typed into the device in order to finish unlocking it.
+
+<meta name="articleTitle" value="Lock and wipe hosts">
+<meta name="authorFullName" value="JD Strong">
+<meta name="authorGitHubUsername" value="spokanemac">
+<meta name="category" value="guides">
+<meta name="publishedOn" value="2024-07-09">
+<meta name="articleImageUrl" value="../website/assets/images/articles/[email protected]">
diff --git a/articles/sysadmin-diaries-lost-device.md b/articles/sysadmin-diaries-lost-device.md
diff --git a/website/config/routes.js b/website/config/routes.js
@@ -488,6 +488,7 @@ module.exports.routes = {
   'GET /docs/using-fleet/mdm-commands': (req,res)=> { return res.redirect(301, '/guides/mdm-commands');},
   'GET /docs/using-fleet/log-destinations': (req,res)=> { return res.redirect(301, '/guides/log-destinations');},
   'GET /guides/how-to-uninstall-osquery': (req,res)=> { return res.redirect(301, '/guides/how-to-uninstall-fleetd');},
+  'GET /guides/sysadmin-diaries-lost-device': (req,res)=> { return res.redirect(301, '/guides/lock-wipe-hosts');},
 
   //  ╔╦╗╦╔═╗╔═╗  ╦═╗╔═╗╔╦╗╦╦═╗╔═╗╔═╗╔╦╗╔═╗   ┬   ╔╦╗╔═╗╦ ╦╔╗╔╦  ╔═╗╔═╗╔╦╗╔═╗
   //  ║║║║╚═╗║    ╠╦╝║╣  ║║║╠╦╝║╣ ║   ║ ╚═╗  ┌┼─   ║║║ ║║║║║║║║  ║ ║╠═╣ ║║╚═╗