Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: No admin account on High Sierra

Got a new imac pro and used migration assistant from the old computer. Tried to rename the user account on the new imac and lost admin privileges. Now there is no admin account on the computer.


Have tried single user mode but cannot delete any files. If I install the new OS from recovery mode it just reinstalls the OS without an admin account.

iMac Pro, macOS High Sierra (10.13.2)

Posted on

Reply
Question marked as Helpful

Jan 14, 2018 12:51 PM in response to dmph47 In response to dmph47

Tried to rename the user account on the new imac and lost admin privileges.


That will do it.


Read the lengthy procedure that follows. You should probably print it vs. writing down the steps or trying to repeat it from memory. Don't be put off by the length of the instructions. Some of the steps are optional. It's very easy and will only take a few moments.


It is also overly conservative, but I have used it myself recently and I know it will work. There is another technique described in the following Discussion: Re: Lost Administrator Access. It seems to me that it should work just as well; I simply haven't tried it.


If you have questions please reply to this Discussion, not that one.



First please tell me that you have not enabled FileVault. If you don't know, open System Preferences > Security & Privacy > FileVault. If it says "FileVault is turned on for the disk ..." then you won't be able to fix it and you might as well stop reading. Write back for recommendations.


Then, please make sure you have a reliable backup in the event something unexpected occurs. To learn how to use Time Machine please read Use Time Machine to back up or restore your Mac - Apple Support.


Confirm both of those before proceeding.


Then: Read and follow the instructions below with care.



As I understand it, you have a Mac with no Administrator accounts. Of course that is not supposed to be possible, but if that really is the case you can use the following technique to create a new, temporary Administrator account, the sole purpose of which will be to log in as an Administrator that can give your normal account Admin privileges.


There may be other techniques to recover from the "impossible" circumstance in which you find yourself, but the following is one that I have successfully used in the past.


It will not work in the following circumstances:


  • If you configured an EFI Firmware Password that will preclude recovery, unless you know that password.
  • It won't work if you encrypted your startup volume with FileVault.

Please read everything that follows before continuing. If you have only the one computer you will need to print this for reference.


  • Power on or restart your Mac.
  • At the chime or grey screen, hold and S on your keyboard (two fingers) to enter single-user mode.
  • At the localhost:/ root# prompt, type


fsck -fy

...and press Return.

This is a simple check for file system integrity and is optional. It may take a few minutes to complete during which time various messages will appear. None of them are relevant unless they indicate some unrecoverable error. Be patient. If you get concerned that the system has stalled or become unresponsive press the Return key. Nothing will happen other than to echo the Return character, advancing the text on the screen, confirming your Mac has not completely frozen.

When the integrity check completes pressing the Return key will result in the localhost prompt again, waiting for your input.


At the localhost:/ root# prompt, type each of the following lines, exactly as written, including capitalization, one line at a time, each line followed by the Return key. There is a single space preceding the first "slash" ( / ) character in each line:


mount -uw /

rm /var/db/.AppleSetupDone

reboot


The Mac will restart, and then take you through the entire setup and registration process that you have not seen since you originally unboxed it. Do not be concerned—none of the above deletes any information. All your pre-existing user accounts will still available, assuming they were not already erased prior to beginning this procedure.


Do not elect to transfer your information from another Mac: When you get to the "Transfer Information to This Mac" screen, select "Do not transfer any information now" and press Continue. Have your existing Apple ID and password ready. At the "Create a Computer Account" screen, create the new, temporary account using a different "Full name" and "Account name" than the one you already use. Remember the password you select. You don't have to sign in to iCloud or anything else you might decide to do if you wanted to use that User Account for anything else.


When it completes, log in under that new account. Use System Preferences to change your normal account to "Allow user to administer this computer". Log out, log in under your normal account and verify you can use it without restriction.


After that, you can safely delete the temporary account you just created by following these instructions: Delete a user or group - Apple Support. Before removing it, confirm you don't need any of the files you might have created in that Account.

Question marked as Helpful

Jul 10, 2018 12:34 PM in response to dmph47 In response to dmph47

I had this exact problem, but the solution from other users was useless to me because I had FileVault turned on.


Essentially, you are going to trick your computer into starting up with a new administrator account. This should not have any effect on your computer, but it's always smart to backup all of your files before making software changes.


1. Turn your computer off

2. When you turn your computer back on, immediately press and hold Command - S until you see white text loading onto a blank screen (you may have to log in to your computer first, that is completely normal).

3. Enter in the following commands, and after each command, hit Enter. Be mindful of the spaces (before -uw, after -uw, after rm,


/sbin/mount -uw /


rm /var/db/.AppleSetupDone


reboot


4. You will have to login and choose preferences such as language and country. Your data should still be safe.

5. System Preferences > Users and Groups, click the padlock to make changes.

6. Highlight your normal user account and select "allow user to administer this computer". Click the padlock again.

7. Log out of this account and into your normal account, to check that everything is in working order.

8. You can now go to System Preferences > Users and Groups and delete the temporary admin account


And that should solve it! Hope that works for you.

There’s more to the conversation

Read all replies
Question marked as Helpful

Jan 14, 2018 12:51 PM in response to dmph47 In response to dmph47

Tried to rename the user account on the new imac and lost admin privileges.


That will do it.


Read the lengthy procedure that follows. You should probably print it vs. writing down the steps or trying to repeat it from memory. Don't be put off by the length of the instructions. Some of the steps are optional. It's very easy and will only take a few moments.


It is also overly conservative, but I have used it myself recently and I know it will work. There is another technique described in the following Discussion: Re: Lost Administrator Access. It seems to me that it should work just as well; I simply haven't tried it.


If you have questions please reply to this Discussion, not that one.



First please tell me that you have not enabled FileVault. If you don't know, open System Preferences > Security & Privacy > FileVault. If it says "FileVault is turned on for the disk ..." then you won't be able to fix it and you might as well stop reading. Write back for recommendations.


Then, please make sure you have a reliable backup in the event something unexpected occurs. To learn how to use Time Machine please read Use Time Machine to back up or restore your Mac - Apple Support.


Confirm both of those before proceeding.


Then: Read and follow the instructions below with care.



As I understand it, you have a Mac with no Administrator accounts. Of course that is not supposed to be possible, but if that really is the case you can use the following technique to create a new, temporary Administrator account, the sole purpose of which will be to log in as an Administrator that can give your normal account Admin privileges.


There may be other techniques to recover from the "impossible" circumstance in which you find yourself, but the following is one that I have successfully used in the past.


It will not work in the following circumstances:


  • If you configured an EFI Firmware Password that will preclude recovery, unless you know that password.
  • It won't work if you encrypted your startup volume with FileVault.

Please read everything that follows before continuing. If you have only the one computer you will need to print this for reference.


  • Power on or restart your Mac.
  • At the chime or grey screen, hold and S on your keyboard (two fingers) to enter single-user mode.
  • At the localhost:/ root# prompt, type


fsck -fy

...and press Return.

This is a simple check for file system integrity and is optional. It may take a few minutes to complete during which time various messages will appear. None of them are relevant unless they indicate some unrecoverable error. Be patient. If you get concerned that the system has stalled or become unresponsive press the Return key. Nothing will happen other than to echo the Return character, advancing the text on the screen, confirming your Mac has not completely frozen.

When the integrity check completes pressing the Return key will result in the localhost prompt again, waiting for your input.


At the localhost:/ root# prompt, type each of the following lines, exactly as written, including capitalization, one line at a time, each line followed by the Return key. There is a single space preceding the first "slash" ( / ) character in each line:


mount -uw /

rm /var/db/.AppleSetupDone

reboot


The Mac will restart, and then take you through the entire setup and registration process that you have not seen since you originally unboxed it. Do not be concerned—none of the above deletes any information. All your pre-existing user accounts will still available, assuming they were not already erased prior to beginning this procedure.


Do not elect to transfer your information from another Mac: When you get to the "Transfer Information to This Mac" screen, select "Do not transfer any information now" and press Continue. Have your existing Apple ID and password ready. At the "Create a Computer Account" screen, create the new, temporary account using a different "Full name" and "Account name" than the one you already use. Remember the password you select. You don't have to sign in to iCloud or anything else you might decide to do if you wanted to use that User Account for anything else.


When it completes, log in under that new account. Use System Preferences to change your normal account to "Allow user to administer this computer". Log out, log in under your normal account and verify you can use it without restriction.


After that, you can safely delete the temporary account you just created by following these instructions: Delete a user or group - Apple Support. Before removing it, confirm you don't need any of the files you might have created in that Account.

Jan 14, 2018 12:51 PM

Reply Helpful (20)

Feb 5, 2018 1:17 AM in response to John Galt In response to John Galt

Hi John,

Love the simple instructions. Thanks. Tried the solution but hit a wall.

Appears that Apple patched .AppleSetupDone to address a security concern.


So now, when I try to mount -uw / , (typed correctly including spaces) it says something about bailing.

And when I try to rm .AppleSetupDone, it denies access.


Any help?

Feb 5, 2018 1:17 AM

Reply Helpful
User profile for user: dmph47

Question: No admin account on High Sierra