Apple Event: May 7th at 7 am PT

> Add to your calendar

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Level 1

6 points

How to recover file vault encrypted network accounts

Each machine we provision holds the same master password. However, when using network mobile accounts, the option to reset the password with the master password at login is not an option as it is with local accounts. My fear is that my users may at some point forget their password, and while we can reset it in our openLDAP system, the machine will still require the old password to convert the filevault encryption.

In addition, I am also aware that you can mount the .sparsebundle with the hdid command in terminal, but this still requires (i believe) the users original password to mount.

Thank you in advance.

Posted on Apr 17, 2011 11:35 AM

Reply

Best reply

Level 2

230 points

Posted on Apr 17, 2011 3:15 PM

This is what I use to recover lost AD passwords for mobile accounts:

BELC07F20Z4DD6L:~ ssh administrator@the_host_name_of_the_computer_you_want_to_reach

(enter the administrator password to logon)

sudo security unlock-keychain/Library/Keychains/FileVaultMaster.keychain

(enter the password to unlock FileVault masterkeychain)

sudo hdiutil chpass/Users/username/username.sparsebundle -recover/Library/Keychains/FileVaultMaster.keychain -newstdinpass

(enter new password twice. type carefully)

reboot

After the reboot the user should try and login. The user should be prompted to reset their password at the login window.

View in context

3 replies

Best reply

Level 2

230 points

Apr 17, 2011 3:15 PM in response to xryancx

This is what I use to recover lost AD passwords for mobile accounts:

BELC07F20Z4DD6L:~ ssh administrator@the_host_name_of_the_computer_you_want_to_reach

(enter the administrator password to logon)

sudo security unlock-keychain/Library/Keychains/FileVaultMaster.keychain

(enter the password to unlock FileVault masterkeychain)

sudo hdiutil chpass/Users/username/username.sparsebundle -recover/Library/Keychains/FileVaultMaster.keychain -newstdinpass

(enter new password twice. type carefully)

reboot

After the reboot the user should try and login. The user should be prompted to reset their password at the login window.

Reply

Level 1

6 points

Apr 17, 2011 3:38 PM in response to FL_MacTech

Awesome. I will be testing this out tomorrow and will report back. Thank you for your help!

Reply

Level 1

6 points

Apr 18, 2011 7:28 AM in response to xryancx

You rock dude. The syntax was missing a few spaces here and there but I figured it out. Thanks so much!

Reply

How to recover file vault encrypted network accounts

Welcome to Apple Support Community

A forum where Apple customers help each other with their products. Get started with your Apple ID.

Learn more Sign up