No admin account on T2 MacBook with Big Sur

Question

Level 1

6 points

No admin account on T2 MacBook with Big Sur

Unable to create missing admin account. I’m working on an A1989 T2 MacBook Pro on Big Sur, with no admin account. I am trying to forensically image it and need admin rights to run the imaging software on it, boot it to the imaging tool or to unlock the drive in TDM to image via another Mac.

It had a firmware password and is FileVault encrypted (for which I do have the Recovery Key). It was administered via JAMF, but has been removed from their system so according to JAMF, it cannot help at this point.

I tried resetting the password to get access, which worked but then I discovered that it was missing an admin accounts (the admin account is still on there, it has just lost admin rights somehow and shows as a standard user). There is no admin account showing on the system.

I have turned off the firmware password.

I have removed the AppleSetupDone file. After multiple restarts it will not reboot into the setup menu. I have tried resetting the NVRAM via ⌘ ⌥ P R, and that appears to do it’s thing, but it still will not reboot into the setup menu.

I found someone’s post elsewhere mentioned that removing the AppleDiagnosticsSetupDone file got theirs to reboot to the setup menu so I tried that as well, but it still will not reboot into the setup menu.

I have a second similar MacBook in the same boat. I was able to get the same procedure to work on third similar MacBook with the same problem except that one was not FileVault encrypted and I did not have to remove the file with Diagnostics in the name.

Any suggestions would be greatly appreciated.

Posted on Jul 28, 2021 5:12 PM

Reply

Answer 1

Best reply

TheLittles

Level 10

193,089 points

Jul 28, 2021 5:44 PM in response to Surrealdeal

Surrealdeal Said:

"No admin account on T2 MacBook with Big Sur: Unable to create missing admin account. I’m working on an A1989 T2 MacBook Pro on Big Sur, with no admin account. I am trying to forensically image it and need admin rights to run the imaging software on it, boot it to the imaging tool or to unlock the drive in TDM to image via another Mac."

-------

Boot into Recovery Mode:

In Recovery Mode, you will be prompted to enter a password. See what user is shown, and if a password that you enter works.

Reply

Answer 2

HWTech

Level 9

56,648 points

Jul 28, 2021 6:08 PM in response to Surrealdeal

If you were able to remove the Firmware Password Lock does this mean you were able to boot into Recovery Mode or Internet Recovery Mode? If so, then launch the Startup Security Utility and enable the option to boot from a USB drive. Boot from a USB drive to attempt to access the data on the internal SSD.

If you cannot boot into Recovery Mode or Internet Recovery Mode, then there is nothing else you can do if Target Disk Mode does not work. You can try contacting a professional data recovery service such as Drive Savers or Ontrack to have them attempt to make a forensic image. Both vendors provide free estimates and both are recommended by Apple.

Unfortunately Apple's implementation of the security features on the T2 Macs is buggy and broken. I had one of our organization's Macs which had two admin user accounts on it. I was able to boot normally and log into both accounts without issue. However, when I attempted to boot into Recovery Mode and Internet Recovery Mode I was unable to complete the task due to authentication issues. I was only prompted for one of the two admin user accounts and neither password word work to authenticate in Recovery Mode. I ended up deleting one of the admin user accounts and tried Recovery Mode again. I was still only presented with the user name for the now deleted admin account. I entered the password and it was accepted so I could finish booting into Recovery Mode (I don't recall which of the two admin user account passwords I used -- I think it was the password for the now deleted admin user account).

Keep in mind that you will need to authenticate in order to allow the T2 security chip to decrypt the internal SSD which is hardware encrypted by the T2 security chip. There are a lot of ways to lose access to data on a T2 Mac.

Reply

Answer 3

HWTech

Level 9

56,648 points

Jul 30, 2021 8:06 PM in response to Surrealdeal

When you deleted the ".AppleSetupDone" file was the process successful or was there an error message? You may need to temporarily disable SIP first, but make sure to re-enable SIP after you are finished deleting the file. I have not tried to do delete the ".AppleSetupDone" file from Big Sur, but it did work for Catalina.

Reply

Answer 4

Surrealdeal Author

Level 1

6 points

Aug 3, 2021 10:22 AM in response to HWTech

No error when removing ".AppleSetupDone" and I've checked the directory. It is gone, but still no setup after rebooting. I'm not with it now, but I'll check SIP & let you know if that changes anything. Were you just suggesting I disable SIP to be able to delete the .AppleSetupDone file?

Reply

Answer 5

HWTech

Level 9

56,648 points

Aug 3, 2021 12:24 PM in response to Surrealdeal

Surrealdeal wrote:

Were you just suggesting I disable SIP to be able to delete the .AppleSetupDone file?

Correct. I recall I had to disable SIP to delete the file while booted into Recovery Mode with Catalina. I've never tried to delete the file from Big Sur or from a T2 Mac so I'm not sure if there would be any differences.

Reply

Answer 6

Surrealdeal Author

Level 1

6 points

Jul 30, 2021 3:20 PM in response to HWTech

Yes, Recovery Mode is where I was able to turn off the Firmware Password and get into Terminal to remove the setup file. I can change the users passwords and create new users, just not Admin users.

Reply

No admin account on T2 MacBook with Big Sur

Similar questions