MacOS – Reset Admin password for macOS Mojave

filevaultmacbook promacosmojavepassword

This is a MacBook Pro running macOS Mojave 10.14.6 with FileVault enabled.

In my case the problem is that at the login page, when the computer starts, the admin user account doesn't appear but after logging in as standard user I see that there is an admin. My brother who created the admin forgot the password.

Users and Groups Image

I was thinking to press command + S when the Mac starts , in order to create a new admin, but with FileVault enabled single user mode does not work.

Is there still a possibility to recover the admin password?

My question is slightly different than those for which it was marked as duplicate because in those answers are explained:

  1. Single User Mode(Command+S). As I have explained in my question, with
    FileVault enabled single user mode does not work.

  2. Recovery Mode(Command+R) . When in the terminal, in recovery mode, I type
    resetpassword I have not the possibility to choose the admin account but it's
    choosen standard account and i think that if I reset the password in this way
    I will reset the standard user password and not the admin one.

Best Answer

You can't reset the admin's password but you can create a new admin.

Essentially it's the same procedure as in this answer:

How can I get admin access to a Mac without knowing the current password?

  1. Boot to Recovery Mode holding +R on startup
  2. Open Disk Utility and unlock the encrypted volume. The encrypted volume is an sub-item of the internal drive and greyed out. Select it and hit mount/activate. Use the password of the standard user to unlock it.

  3. Open Terminal from the Utilities menu and enter (to execute a typed command you have to hit the ⏎ Enter/Return key):

    rm /Volumes/<main_volume_name>/private/var/db/.AppleSetupDone

    Replace <⁠main_volume_name⁠> with the name of your main volume (usually Macintosh HD). Example:

    rm /Volumes/Macintosh\ HD/private/var/db/.AppleSetupDone

  4. Enter reboot to reboot your Mac

  5. Login with your standard user (to unlock the disc), then follow the instructions to create a new admin user (similar to configuring a new Mac)
  6. The new admin can't unlock the disk - the account has to be added by another admin user, because the new admin can't promote himself to a FileVault unlocker. Check this by entering in Terminal: sudo fdesetup list.
  7. With the new admin promote the standard user to admin and reboot

  8. Login as old standard/now admin user, open Terminal and enter

    sudo fdesetup add -user exstandarduser -usertoadd newadmin

    Example:

    sudo fdesetup add -user lorenzoalfieri -usertoadd adminlorenzo

    Then you will be asked for passwords: first enter the password of exstandarduser to authenticate him and second the password (set in step 5) of newadmin.

    Check that the new admin is added to the FV users: sudo fdesetup list

  9. Reboot and login as new newadmin
  10. Downgrade the exstandarduser admin to a standard user.
  11. Clean up the old admin.
  12. Finally create new recovery key(s): sudo fdesetup changerecovery -personal and make a (physical) note of it|them and store it at a safe place.
  • Resetting the admin password with resetpassword after unlocking the disk is not possible.

  • Changing the password of the admin with dscl after unlocking the disk is apparently not possible - the old password is still required.

    Example:

    dscl -f /Volumes/Macintosh\ HD/var/db/dslocal/nodes/Default localonly -passwd /Local/Target/users/<user_name> some_password
Related Question