PCs

Rescue Macs with lost admin passwords using Reset Password utility

Erik Eckel offers the solution to one of the most common Mac support questions -- how to reset a lost or forgotten user account password.

It's one of the most common Mac support calls my consulting office receives: how to crack the original password supplied when a Mac was first deployed. Because so many users utilize only a single primary user account, and set their Macs to automatically log in when booting, the password is ultimately forgotten. But then critical system updates or new application installation is held up because no one remembers the initial password entered when Setup Assistant was originally run.

Recovery from such a scenario is simple. Apple includes a Reset Password utility on the Mac OS X Install DVD that shipped with the computer.

Using the Reset Password utility

Begin by booting the Mac while depressing the C key. Then insert the Mac OS X Install DVD. The Mac OS X Installer will start. Click Utilities and choose Reset Password.

The Reset Password utility will open. Specify the volume containing the user account you wish to reset (by default most main Mac volumes are named Macintosh HD) and from the supplied user account drop-down menu, select the primary account that is inaccessible. Next you must enter and re-enter a new password within the provided fields, then click Save.

If you wish to reset permissions and access control lists (ACLs) for the user's Home folder, click the Reset button. Then exit the Mac OS X Installer and restart the Mac.

Require greater security?

Mac users particularly worried about security can prevent the Reset Password utility's use by leveraging the Firmware Password utility. Mac users can configure a firmware password and prevent others from starting the computer using a boot DVD or secondary operating system.

To enable Apple's Firmware Password, start from the Mac OS X Install DVD as with the Reset Password utility. Click Utilities and choose Firmware Password Utility. For Mac OS X Leopard and Snow Leopard users, the Firmware Password application will open. Check the box for Require Password To Start This Computer From Another Source. Enter the password within the Password field and enter the password a second time within the Verify field, then click OK. Confirm the operation, click the lock to prevent more changes and choose Quit to close the window.

Note that the method's not foolproof. Any local administrator user can log back on to the system and reverse the setting. Anyone with physical access to the computer can also circumvent the process, and removing the drive and connecting it to another system would likely result in the system's data being compromised.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

2 comments
Spitfire_Sysop
Spitfire_Sysop

Great article Erik. My question is about reversing the firmware password setting. You said that any local administrator can do it but how would you go about doing that if the setting was originally set from the boot disk which you can no longer load without a password?

themacjesus
themacjesus

Hi Spitfire_Sysop! The answer to your question really depends on the year of your model Mac hardware. But the general consensus is that if your gear is a 2010 or later model, then you would need to schedule an appointment with the Apple Genius Bar since only they can properly reset the forgotten EFI password using their own internal system applications. Hope this helps!