macOS

Reset the macOS Setup Assistant

When you first start using a brand-new Mac or performed a clean install of macOS, you are presented with Setup Assistant, it creates the first user account and sets up some initial information, such as keyboard layout and locale.

Under certain circumstances it can be advantageous to re-run the Setup Assistant after this initial setup has been done. New accounts created with the Setup Assistant will have administrative privileges.

Why Bother?

There may come a time when you need to set up a second user account on a Mac while attempting to solve a user account related issue. If a Mac has only one user account and the user is unable to login then creating this second account can be helpful to solve the problem.

.AppleSetupDone

Every time macOS boots, it checks for the existence of the .AppleSetupDone file located in the /var/db/ directory. This empty file is created after the completion of Setup Assistant. By removing this file, macOS will assume that Setup Assistant has never been run and will launch it as soon as macOS boots.

Removing .AppleSetupDone

Boot the Mac into Single-User Mode: Start up the Mac whilst holding down COMMAND-S. After a few moments, you'll see the Mac boots to the command line.

Mount the filesystem as R/W:

mount -uw /

Remove the file so macOS will re-run Setup Assistant:

rm /var/db/.AppleSetupDone

Now restart the Mac:

reboot

The Mac will restart and boot, only this time the Setup Assistant will launch

Security Concerns

By now, you're probably wondering why should this be even possible, since someone may use this to gain access to a Mac. Indeed, re-running Setup Assistant would certainly allow for an unauthorized person to create a new account with administrative privileges and gain access to the Mac along with your data, providing it is not encrypted.

In terms of security, physical access trumps almost every method of preventing unauthorized access not involving encryption. While a little more complicated with the SSD technology Apple uses in their product lines, access to your data can easily be done simply by removing the Mac's storage device and connecting it to another.

This is where encryption methods such as Firmware Password and FileVault 2 are useful. With a Firmware Password set, it must be entered if the Mac is being booted either into Single-User Mode or to another boot volume. FileVault 2 takes this one step further by performing full disk encryption, preventing any form of access to your data unless authorized by entering your user account password - even if the drive is removed and attached to another Mac.

 

© 2019 Mteam7 Network. All rights reserved.