How to Reset Forgotten Administrator Password on macOS

macmacospasswords

We recovered a MacBook from our Marketing manager; it was the only Mac in the company so our skills with it are somewhat limited.

The Mac boots fine and logs in, but we are stuck with doing admin-type things. Whenever we wish to install an app, or change settings, etc, we are prompted for the admin password – which we do not know. It is possible we could ask the ex-Marketing manager but she is ex-staff and I don't know her personal number.

I know in Windows I have a variety of options, eg boot from a Linux CD with tools to reset the Windows admin password, but I am an ignoramus about this on the Mac.

Alternatively, we consider it may be possible to reformat the Mac and reinstall MacOS, but in this situation we don't have any of the CDs – the lady "lost" them somehow, which includes MacOS as well as Adobe Creative Suite plus MS Office. I'd prefer to retain the software (which was legitimately purchased).

If anyone has suggestions I would be grateful – thank you.

Best Answer

There are at least three ways to reset the login password of an account.

Using Reset Password.app on the recovery partition:

  1. Hold command-R on startup.
  2. Select Utilities > Terminal.
  3. Run resetpassword, which opens the Reset Password application.
  4. Select the volume and account and reset the password.

Using dscl in single user mode:

  1. Hold command-S on startup.
  2. Run mount -uw /.
  3. Run launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist in 10.7 or later or launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist in 10.6 or earlier.
  4. Run dscl . passwd /Users/username password where username is the name of the account and password is the new password.
  5. Run reboot.

Creating a new admin account:

  1. Hold command-S on startup.
  2. Run mount -uw /.
  3. Run rm /var/db/.AppleSetupDone.
  4. Run reboot.
  5. Go through the steps of creating a new account.
  6. Reset the password of the old account from the Users & Groups preference pane.

If FileVault 2 is enabled, you need to enter a password to start up in single user mode, and the list of accounts in Reset Password.app will be empty, so none of these methods can be used.

None of the methods above resets the password of the login keychain. If automatic login is enabled, you can print the password of the login keychain by running a command like this in single user mode before resetting the login password:

sudo ruby -e 'key=[125,137,82,35,210,188,221,234,163,185,31];IO.read("/etc/kcpassword").bytes.each_with_index{|b,i|break if key.include?(b);print [b^key[i%key.size]].pack("U*")}'

Related Question