Cant gain admin status.

Discussion in 'OS X Mavericks (10.9)' started by patrickgc, Sep 16, 2014.

  1. patrickgc macrumors newbie

    Joined:
    Sep 15, 2014
    #1
    Hello, having this problem that i cant gain administrator access, and i cant make any changes at all.

    Here i am ( In danish ) trying to manage my power settings. i click the lock in the left bottom corner, and i get this menu where im asked to enter a name and a password. I dont got a administrator on my computer it appears, how do i deal with that? Login to my current user doesnt work.

    Any suggestions?
     

    Attached Files:

  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #3
    Follow these steps to make a new admin account, then you can use that account to give your existing account admin rights.

    Hold command-s when booting to get to single user mode.

    At the command line that comes up type this in then return to mount the drive.

    Code:
    mount -uw /
    Then type this in and hit return. This will cause the new system setup routine to run at the next boot.

    Code:
    rm /var/db/.AppleSetupDone
    Now type reboot and the system will restart. When it starts you will get the new system setup process. Just go through that and setup an admin account. Call it temp or whatever because we will delete it later.

    Now login to the new admin account the go to Users & Groups in System Preferences and select you old real account and give it admin rights.

    Now reboot and login to you real account. Make sure it has admin right like you want and it if does, go back to User & Groups and delete the temp admin account we made.
     
  3. alksion macrumors 68000

    alksion

    Joined:
    Sep 10, 2010
    Location:
    Los Angeles County
    #4
    So if someone gains unlawful entry to a standard user because they guessed an easy password. Having a separate admin account with a secure password would make no difference because it can easily be removed or changed?

    Is encryption the only means of protection?
     
  4. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #5
    Exactly. Apple has made it ridiculously easy to reset passwords if someone steals your Mac. Turning on Filevault encryption is definitely the way to go. I turn it on first thing with every Mac I buy.
     
  5. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #6
    FileVault and setting an EFI password would double it, because locking down the EFI would prevent someone from booting into single user mode too.
     
  6. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #7
    I use an EFI password just to make my Mac essentially a paperweight if it is stolen, but it is not really necessary to prevent single user mode since having FV2 on already does that.
     
  7. alksion macrumors 68000

    alksion

    Joined:
    Sep 10, 2010
    Location:
    Los Angeles County
    #8
    In theory, if a Mac was in a business environment, what would one do? Use open or active directory with a network account or the equivalent of a domain controller?
     
  8. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #9
    I'm not up to speed on how AD works with Macs, so can't comment. I think things would work the same as without FV on though since once you login the Mac works normally.
     
  9. alksion macrumors 68000

    alksion

    Joined:
    Sep 10, 2010
    Location:
    Los Angeles County
    #10
    What you're saying is that one could use single user mode to create an admin account even if the Mac was connected to a network account?
     
  10. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #11
    Yes, I don't see how having a networked account would stop one from entering single user mode and doing what I described earlier.
     
  11. chrfr macrumors 604

    Joined:
    Jul 11, 2009
    #12
    A network account doesn't obviate the need for encryption and a firmware password to keep eyes off the data on the disk.
     
  12. alksion macrumors 68000

    alksion

    Joined:
    Sep 10, 2010
    Location:
    Los Angeles County
    #13
    I appreciate your responses. When you refer to EFI, are you talking about an HDD lock found on similar Windows BIOS motherboards or are we referring to Apple's activation lock with an Apple ID?
     
  13. chrfr macrumors 604

    Joined:
    Jul 11, 2009
    #14
    It's most like the BIOS lock. You can get what is effectively the equivalent of activation lock by enabling "find my Mac".
     
  14. alksion macrumors 68000

    alksion

    Joined:
    Sep 10, 2010
    Location:
    Los Angeles County
    #15
    So how do people deploy this on an enterprise level? Surely they don't distribute individual Apple ID's for each client. A master Apple ID?
     
  15. chrfr macrumors 604

    Joined:
    Jul 11, 2009
    #16
    That's one way to do it.
     
  16. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #17
    http://training.apple.com/osx

    You can setup "profiles" so when an employee sets up their new Mac on the network it gets setup however the profile is configured. There is some material at this link on it. I don't know enough about it to say if a profile can force an EFI password or not.

    I know you can buy "enterprise" licenses for apps.

    Like chrfr said, the EFI (Extensible Firmware Interface) performs the function of the old PC BIOS.
     

Share This Page