Case of the Missing Admin Account

Last night I attended the October meeting of the Oceanside Mac User Group (OMUG).  One of the presenters was discussing her experience installing OSX 10.9 Mavericks.  It seems that during the installation the installer converted her admin account  to a parental controlled account and left the machine with no functioning admin account and no way to turn off the parental controls.  This particular issue peaked my curiosity and stared me on my Halloween Parental Control Bypass Quest.

What Didn’t Work

My first line of reasoning revolved around adding a new user from the command line.  I looked at using variations of  dscl, dsenableroot, and dseditgroup.  Unfortunately these commands are meant to work from the command line of a functioning machine.  Each of the commands I tried required me to run in sudo or to specify a admin user and password, neither of which was possible in this case.  It became obvious to me that the Root User Account was the back door that I needed to get into the system.  The only downside to this solution is that under normal circumstances you would enable the Root user from the Open Directory Utility, which requires an admin account.   After a bit of head banging frustration I realized that I needed a solution that would enable the Root account via booting into Single User Mode (SUM).

The Answer

It turns out the the answer lies in 2 commands.  launchctl, and passwd.  Launchctl loads, and unloads daemons/agents and generally controls launchd.  In our case we need the launchctl command to load and startup Open Directory  in Single User Mode.  With Open Directory functional we can enable the Root account and provide a password using the passwd command.  At this point we can logout of Single User Mode, login to OSX Mavericks as Root, fix the user account that was damaged, log out of Root, login using the repaired admin user account, and finally disable the Root account.

Here’s How It’s Done

  1. Shut Down the computer.  I don’t know why, but I never seem to be able to get this to work by just restarting. The next command only seems to work if the computer is shut down.  Go Fig?
  2. Hold down the Command + s while you turn on the machine.  In case there is any question the command key is the key to the left or right of the space bar on a normal mac keyboard.  If you are using a Windows keyboard it will likely be your ctrl key unless you have changed that through the keyboard settings.  Also I recommend a WIRED keyboard for this.  I have found that wireless keyboards can be hit and miss with this since some of them need driver software to work and since we are trying to boot into Single User Mode the drivers haven’t been loaded.  Hold the CMD+S keys down until the screen goes black & a bunch of white type starts scrolling up the screen.  You can let go at this point and eventually you will get to a screen that looks like this.
  3. Type /sbin/fsck -fy at the prompt.  This is an optional step that checks the directory structure of the disk.  While it is optional there is really no reason to skip it. Your screen should look like this.
  4. Type /sbin/mount -uw / at the prompt.  This step mounts your hard drives.  Be sure to type a space between the mount and the -uw.  Also there is a space between the -uw and the /.  Also -UW is not the same as -uw.  Your screen should look like this.
  5. Type launchctl load /System/Library/LaunchDaemons/ at the prompt. This command gets Open Directory loaded up. Please note: your web browser may show this line as if there’s a carriage return after the word type.  Your web browser is just formatting my text.  Everything from the L in launch all the way to the T in plist  should be on one line with a space between the words launchctl and load, and another space between load and /.  Your screen should look like this.
  6. Type passwd root at the prompt.  This command actually enables the Root account and changes the password.  you will be prompted for a new password twice.  for this demo I used 1234 since I knew I would be disabling Root as soon as I was done.  Your screen should look like this.
  7. Type exit at the prompt.  This command logs you out of Single User Mode and boots the machine normally.  Your machine will look like this when you type exit, and like this when it has rebooted into multiuser mode.
  8. Click on Other and log in as Root.  Your screen should look like this.

At this point you can turn off parental controls, add new users, or do whatever other fixes you need to do.

Here Is How To Undo It

Obviously it is VERY dangerous to leave a Root User account functional on you Mac.  So with that in mind here is how you can disable the Root account.

  1. Open System Preferences.  You can get your system preferences by clicking on the system preferences program in the applications menu, or by pulling down on the Apple menu (or if you like me, by clicking in your dock).  Your screen should look like this.
  2. Click on Users & Groups.  When the system preferences loads up, you need to click on users and groups which is in the first column and usually the fourth or fifth one down from the top.  The system preferences looks like this.
  3. Authenticate (If  You Need To):  There is a pretty good chance you’re going to need authenticate.  In order to do so you will need to click the padlock in the lower left-hand corner and provide a user ID that has administration privileges and a password.  Your screen should look something like this.
  4. Click on Login Options:  Now that you’re authenticated you need to click on the login options.  You’ll find login options about 1 inch above the padlock you just clicked.  The logging options look like this.
  5. Click on Join:  After you click on login options you’ll notice that the right side of the window has changed.  At the bottom there is a small button that says join.  When you click the join button a new panel will slide down from the top of the window.  Your screen should look something like this.
  6. Click on Open Directory Utility:  Inside the new panel that dropped down from the top of the network system preferences, you’ll see a large button that says Open Directory utility.  When you click the Open Directory utility button a new program called Open Directory utility launches.  Your screen should look something like this.
  7. Authenticate Again:  You’ll notice that at the bottom of this new window there is another padlock.  Click on it again, and enter in an administration user ID and password.  Your screen should look something like this.
  8. Go to the Edit menu & click on Disable Root User:    Finally we can disable the root user.  We do this by going over to the edit menu and pulling down to the menu option that says disabled root user.  Here’s a close-up of the pertinent menu.

Wrapping It Up

With the root user once again safely disabled, your Mac should be back to its normal, no drama self.  While I haven’t actually tested it, I believe that this exact same procedure should work all the way back to OS X 10.7.  Prior to that, I’m not positive that the launchctl command is needed.

About Chris Barczys

Chris has spent over 20 years integrating Apple technologies into the business and personal lives of those around him. From humble beginnings as a fry cook at McDonalds he has held positions ranging from sales to CIO. At age 18 he opened his first consulting firm, Computec Consulting. After seven years in consultancy, he accepted an offer to become CIO for Pacific Turbine Support, a position he held for over 10 years. With the closing of Pacific Turbine Support, he decided to return to his consultancy roots and is currently “The Head Genius” of Personal Mac Geniuses. He is also proud to be serving as a board member of the Oceanside Mac User Group.