PSA: Delete One File To Recover Admin On Any Mac

Recover admin on a Mac

I’m about to show you how you can recover admin on any Mac by deleting one file. Are you frightened yet? You probably should be. I was, when I first learned of this trick. It works on almost any version of OS X and macOS, including the High Sierra beta.

Recover admin on a Mac
It’s amazingly easy to recover admin control over a Mac. There’s a way to make it harder, though.

Reasons to Know This Trick

If you’ve ever found yourself forgetting the administrator’s password on a Mac, this trick is a good thing. It resets OS X or macOS to the state it was in right after installation. You’ll go through all of the normal steps you would take when installing a Mac. It will ask for your time zone, to enable Find My Mac, etc.

Then it will guide you through creating a new user, with administrative privileges. Once that’s complete, you’ll be able to log into macOS or OS X as that user. Even better, you’ll be able to recover admin on that Mac.

How to Recover Admin On a Mac by Deleting One File

The first thing you need to do for this is boot into single-user mode. This means rebooting the Mac, and pressing Command-S at the startup chime. Keep the keys pressed until you see a black screen with white text. This is single-user mode.

Next, you need to mount the file system and make it accessible. Type in this command:

/sbin/mount -uw /

Once that’s done, you can delete the file that tells your operating system the initial setup process is complete. Type this command:

rm /var/db/.AppleSetupDone

Now, when you reboot your Mac, it will run the Setup Assistant all over again. Rebooting is easy. Type this.

reboot

Your Mac will restart and boot normally, running the Setup Assistant before it reaches the login screen. You’ll be able to set up a new user account with admin privileges

Now That I’ve got You Freaked Out …

It’s time to tell you how to prevent someone from doing this to you. The key here is to turn on FileVault. Go to System Preferences -> Security & Privacy -> FileVault. Once that’s done, estimates are it would take 34 years of brute force attacks to crack the encryption.

Once you’re in the correct System Preferences pane, click the lock icon to make changes. Then click Turn On FileFault, and you’ll be asked to provide a way to unlock your disk and reset your password. You can use your iCloud account, or create a recovery key.

Physical Security Matters, Too

If there ever was a reason to turn on FileVault, this is it. If you ever lose your Mac or it’s stolen, it’s all too easy for the thief to delete that file and get your Mac back into the Setup Assistant.

5 thoughts on “PSA: Delete One File To Recover Admin On Any Mac

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.