Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Cant gain admin status.

P

patrickgc

macrumors newbie
Original poster
Sep 15, 2014
4
0
Hello, having this problem that i cant gain administrator access, and i cant make any changes at all.

Here i am ( In danish ) trying to manage my power settings. i click the lock in the left bottom corner, and i get this menu where im asked to enter a name and a password. I dont got a administrator on my computer it appears, how do i deal with that? Login to my current user doesnt work.

Any suggestions?
 

Attachments

  • Skærmbillede 2014-09-16 kl. 12.46.44.png
    Skærmbillede 2014-09-16 kl. 12.46.44.png
    237.5 KB · Views: 125
Follow these steps to make a new admin account, then you can use that account to give your existing account admin rights.

Hold command-s when booting to get to single user mode.

At the command line that comes up type this in then return to mount the drive.

Code: 
mount -uw /

Then type this in and hit return. This will cause the new system setup routine to run at the next boot.

Code: 
rm /var/db/.AppleSetupDone

Now type reboot and the system will restart. When it starts you will get the new system setup process. Just go through that and setup an admin account. Call it temp or whatever because we will delete it later.

Now login to the new admin account the go to Users & Groups in System Preferences and select you old real account and give it admin rights.

Now reboot and login to you real account. Make sure it has admin right like you want and it if does, go back to User & Groups and delete the temp admin account we made.
 
Weaselboy said:
Follow these steps to make a new admin account, then you can use that account to give your existing account admin rights.

Hold command-s when booting to get to single user mode.

At the command line that comes up type this in then return to mount the drive.

Code: 
mount -uw /

Then type this in and hit return. This will cause the new system setup routine to run at the next boot.

Code: 
rm /var/db/.AppleSetupDone

Now type reboot and the system will restart. When it starts you will get the new system setup process. Just go through that and setup an admin account. Call it temp or whatever because we will delete it later.

Now login to the new admin account the go to Users & Groups in System Preferences and select you old real account and give it admin rights.

Now reboot and login to you real account. Make sure it has admin right like you want and it if does, go back to User & Groups and delete the temp admin account we made.
Click to expand...

So if someone gains unlawful entry to a standard user because they guessed an easy password. Having a separate admin account with a secure password would make no difference because it can easily be removed or changed?

Is encryption the only means of protection?
 
MacOG728893 said:
So if someone gains unlawful entry to a standard user because they guessed an easy password. Having a separate admin account with a secure password would make no difference because it can easily be removed or changed?

Is encryption the only means of protection?
Click to expand...

Exactly. Apple has made it ridiculously easy to reset passwords if someone steals your Mac. Turning on Filevault encryption is definitely the way to go. I turn it on first thing with every Mac I buy.
 
Weaselboy said:
Exactly. Apple has made it ridiculously easy to reset passwords if someone steals your Mac. Turning on Filevault encryption is definitely the way to go. I turn it on first thing with every Mac I buy.
Click to expand...

FileVault and setting an EFI password would double it, because locking down the EFI would prevent someone from booting into single user mode too.
 
yjchua95 said:
FileVault and setting an EFI password would double it, because locking down the EFI would prevent someone from booting into single user mode too.
Click to expand...

I use an EFI password just to make my Mac essentially a paperweight if it is stolen, but it is not really necessary to prevent single user mode since having FV2 on already does that.
 
Weaselboy said:
I use an EFI password just to make my Mac essentially a paperweight if it is stolen, but it is not really necessary to prevent single user mode since having FV2 on already does that.
Click to expand...

In theory, if a Mac was in a business environment, what would one do? Use open or active directory with a network account or the equivalent of a domain controller?
 
MacOG728893 said:
In theory, if a Mac was in a business environment, what would one do? Use open or active directory with a network account or the equivalent of a domain controller?
Click to expand...

I'm not up to speed on how AD works with Macs, so can't comment. I think things would work the same as without FV on though since once you login the Mac works normally.
 
Weaselboy said:
I'm not up to speed on how AD works with Macs, so can't comment. I think things would work the same as without FV on though since once you login the Mac works normally.
Click to expand...

What you're saying is that one could use single user mode to create an admin account even if the Mac was connected to a network account?
 
MacOG728893 said:
What you're saying is that one could use single user mode to create an admin account even if the Mac was connected to a network account?
Click to expand...

Yes, I don't see how having a networked account would stop one from entering single user mode and doing what I described earlier.
 
MacOG728893 said:
What you're saying is that one could use single user mode to create an admin account even if the Mac was connected to a network account?
Click to expand...

A network account doesn't obviate the need for encryption and a firmware password to keep eyes off the data on the disk.
 
Weaselboy said:
Yes, I don't see how having a networked account would stop one from entering single user mode and doing what I described earlier.
Click to expand...

chrfr said:
A network account doesn't obviate the need for encryption and a firmware password to keep eyes off the data on the disk.
Click to expand...

I appreciate your responses. When you refer to EFI, are you talking about an HDD lock found on similar Windows BIOS motherboards or are we referring to Apple's activation lock with an Apple ID?
 
MacOG728893 said:
I appreciate your responses. When you refer to EFI, are you talking about an HDD lock found on similar Windows BIOS motherboards or are we referring to Apple's activation lock with an Apple ID?
Click to expand...
It's most like the BIOS lock. You can get what is effectively the equivalent of activation lock by enabling "find my Mac".
 
MacOG728893 said:
So how do people deploy this on an enterprise level? Surely they don't distribute individual Apple ID's for each client. A master Apple ID?
Click to expand...

http://training.apple.com/osx

You can setup "profiles" so when an employee sets up their new Mac on the network it gets setup however the profile is configured. There is some material at this link on it. I don't know enough about it to say if a profile can force an EFI password or not.

I know you can buy "enterprise" licenses for apps.

Like chrfr said, the EFI (Extensible Firmware Interface) performs the function of the old PC BIOS.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back