Marco S.

Q: how did my nephew create a profile with out a password?

Greetings Everyone,

There are two apple computers at my sister's house which I take care of. They have a 8 month old flat screen mac with probably the latest os. They also have an older mac tower with 10.6.8 on it. I am the person that maintains the computers. I set up profiles for my nephews and when I went back to visit, Some how my nephew was able to create a second profile and give himself admin privalages. I have my own profile which has admin privilages but he does not have my password.

 

After talking to him he tells me was able to do it because of the way the computer was made but that was all he would tell me. Does anyone have any idea how he was able to do that?

 

Thanks for any help

 

Marco

Posted on Oct 9, 2013 11:40 PM

Close

Q: how did my nephew create a profile with out a password?

  • All replies
  • Helpful answers

  • by Kappy,Helpful

    Kappy Kappy Oct 9, 2013 11:49 PM in response to Marco S.
    Level 10 (271,133 points)
    Desktops
    Oct 9, 2013 11:49 PM in response to Marco S.

    The easiest solution is that you have your account configured to use auto-login. That means the computer boots directly into your account without requiring a password be manually entered. Anyone at the computer can then create a second admin account even though they are not the actual admin user. To prevent this you need to turn off auto-login in Users & Groups preferences.

     

    Regardless, you need to be sure auto-login is turned off, then change your password. Also, be sure you remove the user account he created. For further protection you might consider enabling the Firmware Password. The utility will be found on your Snow Leopard DVD in the Utilities folder. This will prevent anyone from being able to turn on the computer without the special firmware password. Be sure you don't forget it.

  • by mende1,

    mende1 mende1 Oct 9, 2013 11:52 PM in response to Marco S.
    Level 10 (93,324 points)
    Desktops
    Oct 9, 2013 11:52 PM in response to Marco S.

    In addition to Kappy's reply, there are also a lot of guides on how to create an administrator account by using the single user mode (hold Command and S keys while your computer is starting).

     

    To prevent this, just enable the EFI password as Kappy said, but note that the EFI password allows you to start up Mac OS X as usual

  • by Marco S.,

    Marco S. Marco S. Oct 9, 2013 11:56 PM in response to Kappy
    Level 1 (14 points)
    Mac App Store
    Oct 9, 2013 11:56 PM in response to Kappy

    Thank you Kappy,

    Are you saying that if the computer starts up with all the profiles listed (which this one does) that from there they can create a profile and give admin privilages? I still don't understand how they can do that since it requires an admin password to create a profile?

  • by mende1,

    mende1 mende1 Oct 9, 2013 11:59 PM in response to Marco S.
    Level 10 (93,324 points)
    Desktops
    Oct 9, 2013 11:59 PM in response to Marco S.

    That's the reason why it makes sense that he used the single user mode, as you need the password to create a new user account in System Preferences > Users & Groups. Kappy told you everything you can do to prevent this: set up an EFI password and disable automatic login (in System Preferences > Users & Groups > Login Options)

  • by Kappy,Solvedanswer

    Kappy Kappy Oct 10, 2013 12:13 AM in response to Marco S.
    Level 10 (271,133 points)
    Desktops
    Oct 10, 2013 12:13 AM in response to Marco S.

    Since that information was not provided, I offered a possible scenario in which he could gain access. If that wasn't it, then you need look elsewhere such as taking advantage of using Single-user Mode. However, unlike Mende, I am not sure how he might have accomplished access because a password should be required to permit modification of the computer's user accounts.

  • by Marco S.,

    Marco S. Marco S. Oct 10, 2013 12:47 AM in response to Kappy
    Level 1 (14 points)
    Mac App Store
    Oct 10, 2013 12:47 AM in response to Kappy

    So if I set up the firmware password will my nephew still be able to use the computer. Do I give him the password or does some other trusted person have to type in the password?

     

    My other question is, how do i set up the EFI password on the new computer since it does not have a DVD player?

     

    Thank you mende1 for your replys as well.

  • by Kappy,Helpful

    Kappy Kappy Oct 10, 2013 9:32 AM in response to Marco S.
    Level 10 (271,133 points)
    Desktops
    Oct 10, 2013 9:32 AM in response to Marco S.

    On the new computer you boot into the Recovery HD. The Firmware Password utility is under the Utilities menu, I believe.

     

    Boot to the Recovery HD:


     

    Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.


  • by Baby Boomer (USofA),

    Baby Boomer (USofA) Baby Boomer (USofA) Oct 10, 2013 9:48 AM in response to Marco S.
    Level 9 (57,623 points)
    Oct 10, 2013 9:48 AM in response to Marco S.

    My other question is, how do i set up the EFI password on the new computer since it does not have a DVD player?

     

    Check out KB Article:  http://support.apple.com/kb/HT1352 and read some of  the suggestion in this thread:  https://discussions.apple.com/thread/4236268?start=0&tstart=0

     

     

    Since the iMac in question is still under warranty, you can call Apple tech support for help.  Do you have AppleCare?

     

     

     

     

     

     

     

     

     

    2ue5vgy.gif

  • by Marco S.,

    Marco S. Marco S. Oct 13, 2013 12:15 AM in response to mende1
    Level 1 (14 points)
    Mac App Store
    Oct 13, 2013 12:15 AM in response to mende1

    Thank you everyone for your help. The computers seems secure for now. I was able to set the firmware password on both computers.

     

    I was wondering though, why does apple have this hole in their system where someone can boot up in single mode and create a profile and give admin privileges?