PSA: Delete One File To Recover Admin On Any Mac

2 minute read
| Quick Tip

I’m about to show you how you can recover admin on any Mac by deleting one file. Are you frightened yet? You probably should be. I was, when I first learned of this trick. It works on almost any version of OS X and macOS, including the High Sierra beta.

Recover admin on a Mac

It’s amazingly easy to recover admin control over a Mac. There’s a way to make it harder, though.

Reasons to Know This Trick

If you’ve ever found yourself forgetting the administrator’s password on a Mac, this trick is a good thing. It resets OS X or macOS to the state it was in right after installation. You’ll go through all of the normal steps you would take when installing a Mac. It will ask for your time zone, to enable Find My Mac, etc.

Then it will guide you through creating a new user, with administrative privileges. Once that’s complete, you’ll be able to log into macOS or OS X as that user. Even better, you’ll be able to recover admin on that Mac.

How to Recover Admin On a Mac by Deleting One File

The first thing you need to do for this is boot into single-user mode. This means rebooting the Mac, and pressing Command-S at the startup chime. Keep the keys pressed until you see a black screen with white text. This is single-user mode.

Next, you need to mount the file system and make it accessible. Type in this command:

/sbin/mount -uw /

Once that’s done, you can delete the file that tells your operating system the initial setup process is complete. Type this command:

rm /var/db/.AppleSetupDone

Now, when you reboot your Mac, it will run the Setup Assistant all over again. Rebooting is easy. Type this.

reboot

Your Mac will restart and boot normally, running the Setup Assistant before it reaches the login screen. You’ll be able to set up a new user account with admin privileges

Now That I’ve got You Freaked Out …

It’s time to tell you how to prevent someone from doing this to you. The key here is to turn on FileVault. Go to System Preferences -> Security & Privacy -> FileVault. Once that’s done, estimates are it would take 34 years of brute force attacks to crack the encryption.

Once you’re in the correct System Preferences pane, click the lock icon to make changes. Then click Turn On FileFault, and you’ll be asked to provide a way to unlock your disk and reset your password. You can use your iCloud account, or create a recovery key.

Physical Security Matters, Too

If there ever was a reason to turn on FileVault, this is it. If you ever lose your Mac or it’s stolen, it’s all too easy for the thief to delete that file and get your Mac back into the Setup Assistant.

5 Comments Add a comment

  1. Jeff Butts

    Only when in physical possession. When you boot into single-user mode, there are no network drivers loaded.

  2. brett_x

    I agree that this sounds scary, but if you have physical possession of the machine, unless it’s fully encrypted, all bets are off. You can mount a drive via target disk mode and copy the entire drive if it’s not encrypted and (as Anna pointed out) there is no firmware password set.
    I guess the real issue is that someone (a roommate etc) could do this, and you would continue using the machine without knowing.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account