![]() Our goal should be to move the practice of erasing the entire Mac disk to its own little isolated island in the middle of the Dead Sea. When we may still need to completely erase and install.The security of Erase All Content and Settings.The road to Erase All Content and Settings on macOS.How Erase All Content and Settings works.However, “because that’s the way it’s always been done” isn’t a reason to avoid this new feature that only came to macOS last year with Monterey. They’ve been following this erase/reinstall practice since the computer started taking a permanent place on the desktop in the 1990s. If that makes administrators or security professionals a little queasy, that’s understandable. The idea for reinstalling a clean operating system was born out of an axiom administrators have followed which is to always erase and reinstall computer drives before repurposing them, preparing to retire them, or when troubleshooting has failed.Īpple is practically eliminating this need to erase and reinstall everything and replacing it with just needing to erase the data - leaving the operating system behind. Whew.Jamf Blog has maintained a series of posts for the past few years titled “Reinstall a clean macOS with one button”. ![]() Then I was able to reboot, and be prompted to create a new Admin user. Here is an Apple discussion page showing correct location. ![]() Here's the command that worked: rm -i "/Volumes/Macintosh HD - Data/private/var/db/.AppleSetupDone" But it was moved when the system and data were placed on separate volumes! It's now on the "Macintosh HD - Data" volume. Lots of previous posts show /var/db/.AppleSetUpdone. AppleSetUpdone file from the correct location. Then I could use the Recovery Security utility - turning off protections. It may not have been necessary, but with Terminal, I was able to decrypt the FileVault protection See this online article using these commands: diskutil apfs list # get with FileVault YES, e.g "disk3s2"ĭiskutil apfs listcryptousers /dev/ # capture the (very long)ĭiskutil apfs list # See FileVault is now NO I appreciate the protection against unauthorized usage, but I have the account passwords, the owning AppleID and its password, successful two factor authentication - so I should be able to administer my own system. (Purportedly because of firewire cable issues.) AppleSetUpdone from a different host - I can't successfully mount at my other machine. Bringing the machine up in Disk Target Mode - with the hope of deleting.Changing directory permissions to allow a network access also requires Admin privs.Turning off FileVault requires Admin privs.I created a bootable thumb drive, but can't change the boot disk because of FileVault protection.sudo rm -f /var/db/.AppleSetupDone prompts for the password, but then says account is not a member of Sudoers. Then rm -f /var/db/.AppleSetupDone fails, requiring Sudo. Again, Recovery mode forces a password reset before I could get to terminal. After resetting one password I was able to get to recovery tools. That initially only offers password reset for the two (standard) accounts. Reinstalling, by rebooting in Recovery mode.How can I recover admin privs on an existing account, or create a new admin for this machine? Both now show "Standard" user privileges. It has two user accounts, one previously had Administrator privs. The system had (and still has) FileVault enabled. Afterwards, the Admin account lost its admin privileges.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |