Aller au contenu principal

Commercialisé en novembre 2020, ce MacBook Air 13" est doté du système sur une puce (SoC) M1 Apple. Modèle A2337 / EMC 3598 avec deux ports Thunderbolt 3.

Questions au sujet de 56 Voir tout

Why is the account locked?

I have a MacBook Air (M1) model and the localadmin account is locked. This account is the only one on the computer with admin rights. It does have a teacher (mobile) account and the teacher can sign in. It is connected to an AD server. This computer is running Big Sur and was not upgrade from a previous macOS. 

I did restart computer and tried SMC which it didn't work. I tried to invoke Recovery and that didn't work either. 

I did wait the 24 hour period and it is still local admin account is still locked.

Répondre à cette question J'ai le même problème

Cette question est-elle utile ?

Indice 2

Commentaires:

i have the same problem. i tried to go to recovery but its not working. i cant open terminal or any. i shuted down and held command + R but nothing happened. i dont know what to do.

par

@Amh Sh If this is an M1 machine, you need to press and hold power to access recovery options rather than the old cmd+R

par

Ajouter un commentaire

1 Réponse

Is it have MDM like Jamf or Apple Business Manager? If it does, that’s a setting that can be enabled. On a normal Mac me or you would buy retail (which will not be managed, it’s added after the fact) the account will not lock this way - M1 might stop you for 5 minutes and go up until you have to on an M1 but Intel Macs permit unlimited chances. If you see “profiles” in System Preferences, then it’s managed. If nothing works, the password needs to be reset by IT - especially with MDM. I mention this because you said you work for a school district. A lot of MDM solutions “escrow” the FileVault key, so you need to call for this 99% of the time.

If it isn’t managed or all else fails, use Terminal:

Apple silicon:

  • Press and hold the power button until you see the startup options
  • Click Options. Let the Mac boot - no intervention is needed.
  • The Mac will ask for a known user account that's an admin. If you know none select forgot all passwords.
  • It may ask for an Apple ID. Any good MDM allows you to force sign out and remove activation lock if needed. Hopefully it was blocked.
  • Click on Utilities at the top bar and find Terminal
  • Enter resetpassword and press Return
  • If required enter the FileVault key. Again any good MDM “escrows” this.
  • Reset the password and the machine should be good to go.
  • NOTE: You may have to reset the user’s password as well. Make it easy and force a reset in Jamf before handing it back.

    Intel:
  • Shut down the Mac and press Commnd+R together before turning the system on, and then press and release the power button. Keep holding until you see MacOS Recovery start.
  • If it asks for an admin, select Forgot all passwords. T2 Macs can activation lock, but they tend to go to the utility options - but yes, it can sometimes be an issue here as well.
  • Click on Utilities at the top bar and find Terminal.
  • Enter resetpassword and press Return
  • If required enter the FileVault key. Again any good MDM “escrows” this.
  • Reset the password and the machine should be good to go.
  • NOTE: You may have to reset the user’s password as well. Make it easy and force a reset in Jamf before handing it back.

Cette réponse est-elle utile ?

Indice 0

Commentaires:

Yes we use Jamf to manage the MacBooks. I did try to unlock it on the backend but it is still locked. I will need to take the users computer and see if I can invoke Recovery and terminal in to reset the password without losing anything.

par

@Philip Fisher I've clarified the steps a bit for you. It's 99% similar, but there are a few small differences with Apple Silicon that matter, which matter somewhat with T2 Macs but aren't as major.

I suspected MDM because of the hard 24 hour lock that never cleared - that's not a normal behavior on "unmanaged" Macs. You need to reset more often then not once MDM is used.

I'm from a time when the most you had on the admin side was Apple Remote Desktop, and you needed a boot DVD to pull tricks like this. There was no real protection so if say you set a EFI password on an A1181 MB all I'd have to do is remove some RAM/add a stick and zap the NVRAM/PRAM. At one point when Intel was all Apple used I had instructions on one of my old phones to get into single user mode - my teachers were afraid of anyone seeing that ;).

par

@Nick- I have the computer and tried to invoke recovery using Cmd-R and the logo comes up and the status bar then goes to the sign in screen. I get the red dot at the top by the battery icon for a few seconds.

I am not sure what else to try except to wipe it and start over again.

par

Ajouter un commentaire

Ajouter une réponse

Philip Fisher sera éternellement reconnaissant.
Nombre de vues :

Dernières 24 heures : 99

7 derniers jours : 818

30 derniers jours : 3,601

Total : 14,153