Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Lost Administrator Access

Hello There!


It seems I have lost administrator access to my macbook pro. This happened after I tried to change my username in System Preferences > User Names & Groups. I pressed the unlock icon, entered my password, then changed my username. However the username did not change after doing this. It stayed the same. I didn't think much of this. I restarted the computer, logged in to my same user name with password on the lock screen. Now I get the following message:

User uploaded file

Notice how there is no user name in the top box. I didn't type anything in this box, because I haven't asked diskutil to make any changes.


But now I don't have any administrator access. I cannot install anything, and when I try to unlock any preference pane, a similar windows pops up with nothing in the username box. I tried entering my current user name, the user name i tried to change it to, the name of the mac as seen in terminal... None of them worked. I used the only password I've ever used for this macbook. None of these combinations worked, everytime I am denied and the window shakes left to right.


User uploaded file

User uploaded file

I basically cant install or change anything on my Mac now. What is going on (is it a virus?) How do I fix this?

MacBook Pro, macOS High Sierra (10.13.2)

Posted on Jan 5, 2018 3:55 PM

Reply
Question marked as Best reply

Posted on Jan 5, 2018 5:50 PM

First please tell me that you have not enabled FileVault. If you don't know, open System Preferences > Security & Privacy > FileVault. If it says "FileVault is turned on for the disk ..." then you won't be able to fix it and you might as well stop reading. Write back for recommendations.


Then, please make sure you have a reliable backup in the event something unexpected occurs. To learn how to use Time Machine please read Use Time Machine to back up or restore your Mac - Apple Support.


Confirm both of those before proceeding.


Then: Read and follow the instructions below with care.



As I understand it, you have a Mac with no Administrator accounts. Of course that is not supposed to be possible, but if that really is the case you can use the following technique to create a new, temporary Administrator account, the sole purpose of which will be to log in as an Administrator that can give your normal account Admin privileges.


There may be other techniques to recover from the "impossible" circumstance in which you find yourself, but the following is one that I have successfully used in the past.


It will not work in the following circumstances:


  • If you configured an EFI Firmware Password that will preclude recovery, unless you know that password.
  • It won't work if you encrypted your startup volume with FileVault.

Please read everything that follows before continuing. If you have only the one computer you will need to print this for reference.


  • Power on or restart your Mac.
  • At the chime or grey screen, hold and S on your keyboard (two fingers) to enter single-user mode.
  • At the localhost:/ root# prompt, type


fsck -fy

...and press Return.

This is a simple check for file system integrity and is optional. It may take a few minutes to complete during which time various messages will appear. None of them are relevant unless they indicate some unrecoverable error. Be patient. If you get concerned that the system has stalled or become unresponsive press the Return key. Nothing will happen other than to echo the Return character, advancing the text on the screen, confirming your Mac has not completely frozen.

When the integrity check completes pressing the Return key will result in the localhost prompt again, waiting for your input.


At the localhost:/ root# prompt, type each of the following lines, exactly as written, including capitalization, one line at a time, each line followed by the Return key. There is a single space preceding the first "slash" ( / ) character in each line:


mount -uw /

rm /var/db/.AppleSetupDone

reboot


The Mac will restart, and then take you through the entire setup and registration process that you have not seen since you originally unboxed it. Do not be concerned—none of the above deletes any information. All your pre-existing user accounts will still available, assuming they were not already erased prior to beginning this procedure.


Do not elect to transfer your information from another Mac: When you get to the "Transfer Information to This Mac" screen, select "Do not transfer any information now" and press Continue. Have your existing Apple ID and password ready. At the "Create a Computer Account" screen, create the new, temporary account using a different "Full name" and "Account name" than the one you already use. Remember the password you select. You don't have to sign in to iCloud or anything else you might decide to do if you wanted to use that User Account for anything else.


When it completes, log in under that new account. Use System Preferences to change your normal account to "Allow user to administer this computer". Log out, log in under your normal account and verify you can use it without restriction.


After that, you can safely delete the temporary account you just created by following these instructions: Delete a user or group - Apple Support. Before removing it, confirm you don't need any of the files you might have created in that Account.

4 replies
Question marked as Best reply

Jan 5, 2018 5:50 PM in response to Mutant_Bunny

First please tell me that you have not enabled FileVault. If you don't know, open System Preferences > Security & Privacy > FileVault. If it says "FileVault is turned on for the disk ..." then you won't be able to fix it and you might as well stop reading. Write back for recommendations.


Then, please make sure you have a reliable backup in the event something unexpected occurs. To learn how to use Time Machine please read Use Time Machine to back up or restore your Mac - Apple Support.


Confirm both of those before proceeding.


Then: Read and follow the instructions below with care.



As I understand it, you have a Mac with no Administrator accounts. Of course that is not supposed to be possible, but if that really is the case you can use the following technique to create a new, temporary Administrator account, the sole purpose of which will be to log in as an Administrator that can give your normal account Admin privileges.


There may be other techniques to recover from the "impossible" circumstance in which you find yourself, but the following is one that I have successfully used in the past.


It will not work in the following circumstances:


  • If you configured an EFI Firmware Password that will preclude recovery, unless you know that password.
  • It won't work if you encrypted your startup volume with FileVault.

Please read everything that follows before continuing. If you have only the one computer you will need to print this for reference.


  • Power on or restart your Mac.
  • At the chime or grey screen, hold and S on your keyboard (two fingers) to enter single-user mode.
  • At the localhost:/ root# prompt, type


fsck -fy

...and press Return.

This is a simple check for file system integrity and is optional. It may take a few minutes to complete during which time various messages will appear. None of them are relevant unless they indicate some unrecoverable error. Be patient. If you get concerned that the system has stalled or become unresponsive press the Return key. Nothing will happen other than to echo the Return character, advancing the text on the screen, confirming your Mac has not completely frozen.

When the integrity check completes pressing the Return key will result in the localhost prompt again, waiting for your input.


At the localhost:/ root# prompt, type each of the following lines, exactly as written, including capitalization, one line at a time, each line followed by the Return key. There is a single space preceding the first "slash" ( / ) character in each line:


mount -uw /

rm /var/db/.AppleSetupDone

reboot


The Mac will restart, and then take you through the entire setup and registration process that you have not seen since you originally unboxed it. Do not be concerned—none of the above deletes any information. All your pre-existing user accounts will still available, assuming they were not already erased prior to beginning this procedure.


Do not elect to transfer your information from another Mac: When you get to the "Transfer Information to This Mac" screen, select "Do not transfer any information now" and press Continue. Have your existing Apple ID and password ready. At the "Create a Computer Account" screen, create the new, temporary account using a different "Full name" and "Account name" than the one you already use. Remember the password you select. You don't have to sign in to iCloud or anything else you might decide to do if you wanted to use that User Account for anything else.


When it completes, log in under that new account. Use System Preferences to change your normal account to "Allow user to administer this computer". Log out, log in under your normal account and verify you can use it without restriction.


After that, you can safely delete the temporary account you just created by following these instructions: Delete a user or group - Apple Support. Before removing it, confirm you don't need any of the files you might have created in that Account.

Jan 5, 2018 7:20 PM in response to John Galt

John,


FileVault is not turned on. I've never configured an EFI Firmware Password as far as I know.


However I cannot activate time Machine because I do not have a backup disk or external HD, and I can't make a new partition because I have Bootcamp installed (making a new partition will destroy the partition table, I know from experience).


I can't afford to lose my data but I also can't afford to be stuck out of admin privileges. So, how risky is this procedure?


I was told on another forum to try in recovery mode: rm /Volumes/name_of_your_main_volume/private/var/db/.AppleSetup


What are your thoughts on the methods in this forum thread: macos - How can I get admin access to a Mac without knowing the current password? - Ask Different?

Jan 6, 2018 6:02 AM in response to Mutant_Bunny

That should work just fine. I’m just describing the procedure that I used recently, and that I know will work. It’s probably also overly conservative.


That question and answer is over five years old, which is usually a bad sign. However, the "Create a new admin account" is identical to what I wrote, and more importantly I know it works with High Sierra because I used it myself last November.


Also, I no longer get involved in no backup situations after having had one person completely hose her system because she didn't type the commands correctly. No backup. So, it's now an essential prerequisite as far as I'm concerned.

Lost Administrator Access

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.