READ: This is coming from someone who bypassed the web filter, printed from school printers on a personal laptop by finding the IP address, got past a local IP internet block multiple times and was left alone by admin and IT after a few years. The enterprise lock (and device policies) is stored on the cloud and tied to the device serial number. There is no way to remove the admin tie without having it removed by the administrator who applied it, or installing a “clean” motherboard (at that point, just replace the entire freaking Chromebook due to the price of a new board). The screw trick really only works on the “CR-48” (5+ years old) Chromebooks, and those have been retired and sold as surplus due to 100% of these early units being considered EOL (in other words, no more updates=scrap). UNLESS THE SCHOOL CANNOT AFFORD NEW CHROMEBOOKS (literally impossible since they get funding just by blocking the XXX sites anyone who went through puberty knows about), the screw trick IS PATCHED.
This is an iCloud activation lock for Chromebooks. Everyone STOP ASKING - IT CANNOT BE DONE! These machines are deployed this way to PREVENT what I got away with in high school! As the old generation left, the next generation who got it done and found the holes made it harder. If it was possible to permanently neutralize it so it never comes back, do you not think people who can remove the management (and can afford to risk killing the unit) would be buying them for almost nothing and trying to fix them?
The enterprise enrollment is tied to the serial number and is loaded on the device through the cloud. In addition, it is stored on the device locally just in case they’re kept offline - it is truly persistent. In addition to local storage, the profile gets restored to the device if you erase it by using the stored forced enrollment policies. THERE IS NO WORKAROUND. It sounds like an ex school machine since iBoss has a education specific variant. I’m not shocked since schools are already infamously lazy about removing BIOS/EFI passwords from decommissioned systems.
With these “managed” Chromebooks, the only option is to return the unit as defective (because it *is*), especially with the eBay MBG. Only once it’s removed can you powerwash it and turn it into a “normal Chromebook” again.
It’s still your final call on what to do, but I would have just returned it and dinged the seller’s stats for negligence, and forced them to pay for shipping as well. The reason is these locks cripple these Chromebooks as a entire unit for outsiders. The seller’s negligence is not my issue to fix. You have a solid case against the seller, especially if they assumed it was clean without checking and then listing it as if it was okay for end user use and did not disclose this issue. Unless you somehow got a really nice one, send it back and try again - ex school Chromebooks are rarely worth saving and tend to be more beaten up, or BER if anything major is busted. Let the seller take the financial hit since it should have been sold for parts.
The main issue with school surplus is it tends to be in worse condition then corporate surplus used by businesses/professionals selling their old machine. In some school districts, they tend to back off with even a little parental pushback due to the low purchase price, which is why these managed Chromebooks regularly flood the market with residual remote management. While rare, some schools are flat out unwilling/afraid to hold the student/parents accountable for the damaged Chromebook, and it gets dumped on the market with the student induced damage and residual management. The only time they stand their ground is parents who give in or it’s hard to push back. Because of this, some districts sell them to the “student” (really the parents) to shift the cost of damage if/when it happens! They ironically stand their ground when a Mac is damaged ($$), but not Chromebooks ($) unless it is BER. THERE IS A REASON PEOPLE WHO KNOW BETTER AVOID EX SCHOOL CHROMEBOOKS ON THE SECONDHAND MARKET WHEN POSSIBLE. THEY ARE OFTEN JUNK, OR RIDDLED WITH MANAGEMENT! I AM NOT GOING TO ARGUE WITH THEM FOR NOT DOING THEIR JOB WITH THEIR OLD CHROMEBOOK — I AM GOING TO SCRAP IT! Unless it is cheap, these make no sense to buy as the schools tend to hold onto them until the Google AUP lifetime is towards the end (usually only ~6 months-1 year left, or EOL when you get it)… The issue is you're SOL when they're no longer updated since Google maintains a list, so it’s YOUR FAULT for not checking. If it's not intact, it's almost certainly "managed" despite being disposed of. The biggest red flag is it will often require a school managed Google account, OR an .edu eMail from that college who sold it.