[chromad] Devices booted from Developer mode unexpectedly - NO policy blocking dev mode |
||||
Issue descriptionChrome OS Version: 69 What steps will reproduce the problem? -Put device in DEV mode and install test image - Login get to Chromad Chromebox -Reboot - See boot message "Developer mode is disabled on this device by system policy" What is the expected result? DEV mode working What happens instead? Developer mode blocked, device is wiped. LOGS: See crbug.com/887232 where we collected data in DEV before it rebooted to verified mode.
,
Sep 27
I don't think we do anything special for dev mode on AD devices. Are you sure DeviceBlockDevmode is not set?
,
Sep 27
If it's not set on any GPO - this is a bug. Could you check the same case with cloud management?
,
Oct 7
aluong@: Does this issue happen only with Active Directory managed devices?
,
Nov 22
,
Nov 23
Apparently we use DevBlockMode setting from the cloud policy. Which I guess is enabled because FRE is enabled? How should we handle it?
,
Nov 23
Issue 893300 has been merged into this issue.
,
Nov 23
,
Nov 27
I thought FRE was disabled on all production domains?
,
Nov 30
Just to confirm with folks on this thread. This is not with a customer's production domain right? It looks like this is tied to chromadm-lab domain only? Any chance FRE was enabled on this domain for testing?
,
Dec 7
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5e0cf7a00cbfd603110566ea6754f2db68e6e40b commit 5e0cf7a00cbfd603110566ea6754f2db68e6e40b Author: Roman Sorokin <rsorokin@chromium.org> Date: Fri Dec 07 13:34:27 2018 Mark DeviceBlockDevmode support by google_cloud only Active Directory devices apply the setting that come from device cloud policy. BUG=chromium:889893 Change-Id: I0738f35dfdad56042c388699f811b43f3a530501 Reviewed-on: https://chromium-review.googlesource.com/c/1365595 Commit-Queue: Roman Sorokin <rsorokin@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Cr-Commit-Position: refs/heads/master@{#614681} [modify] https://crrev.com/5e0cf7a00cbfd603110566ea6754f2db68e6e40b/components/policy/resources/policy_templates.json
,
Jan 11
Hi customer using chrome active directory is reporting this today Chrome 72. Policy from AD was set to no block dev mode, however it didn't work. Customer also deprovisioned in ChromAD cloud console as well. Workaround that was successful: Wipe device Sign in with personal Gmail account Wipe device Set DEV mode Result: no more messages saying ""Developer mode is disabled on this device by system policy"
,
Jan 11
Policy from AD does nothing. It depends on policy from cloud during enrollment |
||||
►
Sign in to add a comment |
||||
Comment 1 by alu...@chromium.org
, Sep 27