If you lost your administrator rights on Mac OS X 10.10 Yosemite, Mac OS X 10.11 El Capitan, macOS 10.12 Sierra or macOS 10.13 High Sierra, you can recover the admin privileges easily by rebooting into Apple’s Setup Assistant tool. This will run before any accounts have been loaded, and will run in “root” mode, allowing you to create accounts on your Mac. Then, you can recover your admin rights via the new administrator account. After that, you can reboot into your recovered admin account and delete the interim administrator account.
Normally, when you set up Mac OS X / macOS for the first time, your initial account will be an administrative one, allowing you to configure the system and install applications. Sometimes rare, errors that occur when upgrading, e.g. from OS x 10.10 Yosemite to OS X 10.11 El Capitan, or restoring from backup, or otherwise when making heavy modifications to the system, could result in your admin account being destroyed so you cannot log in to it or use it for changing system settings.
If it happens then one quick but well-known and convenient trick for recovering administrative status on a system trigger Apple’s Setup Assistant tool. This will run before any accounts have been loaded, and will run in “root” mode, allowing you to create accounts on your Mac.
Even though the Setup Assistant only runs once when you first install Mac OS X / macOS, it remains on your computer and is prevented from running by the presences of a hidden file called ‘.AppleSetupDone‘ in a system folder on your Mac. Therefore, to have the Setup Assistant run again so you can create a fresh admin account, you simply need to remove this file:
- Reboot your Mac and hold ‘Command-S‘ at the boot chimes to load into Single User mode.
- At the command prompt, run the following command to make the filesystem writable: mount -uw /
- Run the following command to remove the hidden file: rm /var/db/.AppleSetupDone
- When complete, enter ‘reboot‘ and the prompt to restart the system, and you will now see the Setup Assistant load when OS X starts up.
- Proceed through its various screens, and create your new account. You might consider using a different username than any previous accounts on the system, to ensure there are no conflicts with the present and faulty accounts.
- Now you can log into the new admin account, and better manage the prior ones on your system, including deleting and recreating them accordingly.
- You should be aware that this method can be used to get administrative access to your Mac OS X / macOS system. This means it is a potential security risk. Anyone can reset account passwords or get admin access in this way, and be able to access all files on your computer.
- For getting a higher security level, be sure that all sensitive material on your system is password-protected or even better, encrypted. Even if someone gains access to your account, without your keychain password or the password for the encrypted files, they will not be able to access them. Consider to enable Apple’s FileVault and encrypting any external drives you use with your Mac (including Time Machine backups), to secure access to your files.
- The next option is to set a firmware password for your Mac, which will prevent booting to alternative boot modes and external disks. To do this, reboot to the OS X installation drive (be it a DVD or the Recovery HD partition in OS X Lion or later), choose your language when prompted, and then choose the ‘Firmware Password‘ option in the Utilities menu. Enter your password in the appropriate fields, and then nobody will be able to reset PRAM, boot to Safe Mode, Single User mode, or to alternative boot drives unless they either disable the password or supply it when prompted.
Easily recover lost admin right on Mac OS X 10.10 Yosemite, Mac OS X 10.11 El Capitan, macOS 10.12 Sierra or macOS 10.13 High Sierra by reactivating Apple’s Setup Assistant tool. Be aware that this option is also a security risk to your mac.
Stay tuned! 😉