knesbitt
asked on
How To Log In With Administrator Account
I originally created an account that had Admin status and named "Tom Jones". Then I joined my computer to my Windows 2008 Domain, logged into the machine with an Active Directory also named "Tom Jones" and made it a mobile account, so now my account is cached. The problem now is that when I log on to my machine it logs on to the "Tom Jones" mobile account that does not have Admin privliges and I can't perform any administrative tasks. I know the password to the original "Tom Jones", but it defaults to "Tom Jones" account that has no Admin rights. Does anyone have any idea how to get into my original "Tom Jones" account? If I removed my Mac from the Domain will it help the situation. Thanks.
your active directory user account Tom Jones, is this user member of administrators group or domain admins ? and you mean if you log in when the computer not connected to the domain you got restricted user ?
Hi,
you confused your system using two accounts with the same name. You will need to add another account from command line, booted in the single user mode. Following links should help:
<http://support.apple.com/kb/HT1492>
<http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/>
you confused your system using two accounts with the same name. You will need to add another account from command line, booted in the single user mode. Following links should help:
<http://support.apple.com/kb/HT1492>
<http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/>
Hi,
If the 'shortname' is not the same, you can use that in the login promt, the default for your first account is 'tomjones'.
You can also boot from your 10.6 DVD and use the Password Reset utility to change the password, if they are the same, to make it different.
Hope it helps.
If the 'shortname' is not the same, you can use that in the login promt, the default for your first account is 'tomjones'.
You can also boot from your 10.6 DVD and use the Password Reset utility to change the password, if they are the same, to make it different.
Hope it helps.
If the shortnames are both same resetting password will not work. AD account usually has a precedence (depends on actual settings in the Search path)
You could also boot into Single User Mode (aka plain terminal)
Navigate to /private/var/db/dslocal/no des/Defaul t/users
and Add another shortname for the local account. It will be in a plist file, username.plist, and you should look for this key:
name
jap
Jakob Peterhänsel
Add another line with your alternate shortname.
Save, and reboot.
Login with the new shortname added.
Navigate to /private/var/db/dslocal/no
and Add another shortname for the local account. It will be in a plist file, username.plist, and you should look for this key:
name
jap
Jakob Peterhänsel
Add another line with your alternate shortname.
Save, and reboot.
Login with the new shortname added.
PS: You boot into Single User Mode by holding down CMD+S while rebooting... ;-)
BE CAREFUL!
BE CAREFUL!
ASKER
Thanks for the help guys. I decided to use the method RobertCerny provided in the links. I am having problems with entering the commands listed in the links. I am new to the Mac environment, so please have pity on me.
When I type in "dscl / -create /Users/localadmin" I get an error that says "launch_msg(): Socket is not connected Data source (/) is not valid."
What could I be doing wrong?
When I type in "dscl / -create /Users/localadmin" I get an error that says "launch_msg(): Socket is not connected Data source (/) is not valid."
What could I be doing wrong?
Hello,
the link is not valid for 10.6 Snow Leopard. If you're on 10.6, simply exchange '/' with '.'
The command will be:
dscl . -create /Users/toddharris
the link is not valid for 10.6 Snow Leopard. If you're on 10.6, simply exchange '/' with '.'
The command will be:
dscl . -create /Users/toddharris
ASKER
Now I am getting:
launch_msg(): Socket is not connected
For Single User Mode you must run the following command to enable use of dscl .
launchctl load /system/library/launchDaem ons/com.ap ple.Direct oryService sLocal.pLi st
dscl local only
launch_msg(): Socket is not connected
For Single User Mode you must run the following command to enable use of dscl .
launchctl load /system/library/launchDaem
dscl local only
Yeah, 'dscl' is a tool to modify a running Directory. The local or a remote one. In Single User mode no directory is loaded.
Why not jus edit the plist and got over the trouble? ;-)
Why not jus edit the plist and got over the trouble? ;-)
ASKER
Marook,
OK. Excatly how do I navigate to /private/var/db/dslocal/no des/Defaul t/users? When I type that in all I get is /private/var/db/dslocal/no des/Defaul t/users: is a directory. How do I actually get to that folder. I know nothing about Linux or Mac so just assume I know nothing a describe step by step.
Thanks so much.
OK. Excatly how do I navigate to /private/var/db/dslocal/no
Thanks so much.
cd /private/var/db/dslocal/no des/Defaul t/Users
ASKER
OK that worked. Where do I go from here? Remember, I don't know what a username.plist is, much less ever edited one.
Well,
execute this:
ls |grep -v _
it will display several plist files including the one with your shortname. Let's say it's named "knesbitt.plist". Now you need to edit it.
pico knesbitt.plist
Use keyboard key to navigate through the text and find the info which marook mentioned:
<key>name</key>
<array>
<string>knesbitt</string>
create new entry or change "knesbitt" to something else
Press Ctrl+O followed by Ctrl+X to stop pico and reboot
execute this:
ls |grep -v _
it will display several plist files including the one with your shortname. Let's say it's named "knesbitt.plist". Now you need to edit it.
pico knesbitt.plist
Use keyboard key to navigate through the text and find the info which marook mentioned:
<key>name</key>
<array>
<string>knesbitt</string>
create new entry or change "knesbitt" to something else
Press Ctrl+O followed by Ctrl+X to stop pico and reboot
Hi again,
OK, seems like you need to use 10-60 min on learning what you are doing.. ;-)
This google search should get you going:
http://www.google.com/search?rls=en&q=os+x+terminal+tutorial&ie=UTF-8&oe=UTF-8
Best,
OK, seems like you need to use 10-60 min on learning what you are doing.. ;-)
This google search should get you going:
http://www.google.com/search?rls=en&q=os+x+terminal+tutorial&ie=UTF-8&oe=UTF-8
Best,
ASKER
Thanks guys getting nowhere. Thinking about formatting hard drive and reinstalling. Trying to follow instructions but getting nowhere fast. Ran "ls |grep -v" and get Usage: grep [OPTION]... PATTERN [FILE]...
I think you need a space between the 'pipe' | and the grep command.
Anyway, maybe it's better for you to study the terminal in other conditions than this, even though having a solution to fix normaly get you to look into the details.
If you have another Mac, you can also boot your Mac in Target Mode (hold down T during reboot) to put it into FireWire disk mode. Then use GUI tools on the other Mac to work the problem.
Anyway, maybe it's better for you to study the terminal in other conditions than this, even though having a solution to fix normaly get you to look into the details.
If you have another Mac, you can also boot your Mac in Target Mode (hold down T during reboot) to put it into FireWire disk mode. Then use GUI tools on the other Mac to work the problem.
ASKER
I wish I had that luxury. Thanks anyway. Is there anyone here that can tell me verbatim exactly what to type? I have a screen and I am at the prompt that says:
:/ root#
What next?
:/ root#
What next?
ASKER
OK. I am in Pico. I see the
<key>name<key>
<array>
<string>tomjones</string>
<string>tom.jones</string>
<string>tom.jones@abc.com< /string>
<string>tom.jones@abc.loca l</string>
I am thinking about changing all these fields to something totally different. Then when I get in using the local TJones admin account I delete the offending user and recreate under a different account. Is this correct?
<key>name<key>
<array>
<string>tomjones</string>
<string>tom.jones</string>
<string>tom.jones@abc.com<
<string>tom.jones@abc.loca
I am thinking about changing all these fields to something totally different. Then when I get in using the local TJones admin account I delete the offending user and recreate under a different account. Is this correct?
Hi,
ADD another:
<string>localadmin</string >
then use the Control-X and and hit Enter to confirm save.
Reboot and see if you can login with
User: localadmin
Pass: the password on your account. ;-)
ADD another:
<string>localadmin</string
then use the Control-X and and hit Enter to confirm save.
Reboot and see if you can login with
User: localadmin
Pass: the password on your account. ;-)
ASKER
Don't think that is an option. I could only get into plist file for user that network user that did not have enough rights. I could not get GREP to list all the plist file. If I could somehow get Grep to work I could see what plist files were available.
Also, when I try to do CTRL-O I get "Error writing Tom.Jones.plist: Read-only file system.
Also, when I try to do CTRL-O I get "Error writing Tom.Jones.plist: Read-only file system.
About the error writing: You are not 'root'. Use this:
sudo pico tomjones.plist (I assume that is the name of the file)
It will ask you for your local admin password. :-)
The file for both accounts should be there. Else, that's where we have the trouble... :-/
so,
cd /private/var/db/dslocal/no des/Defaul t/Users (get to the folder)
ls -lha (list the folders content, in Long mode and human readable sizes)
sudo pico tomjones.plist
- do your edit
control-X
Enter to confirm... Better?
sudo pico tomjones.plist (I assume that is the name of the file)
It will ask you for your local admin password. :-)
The file for both accounts should be there. Else, that's where we have the trouble... :-/
so,
cd /private/var/db/dslocal/no
ls -lha (list the folders content, in Long mode and human readable sizes)
sudo pico tomjones.plist
- do your edit
control-X
Enter to confirm... Better?
ASKER
OK. Was able to do a ls in directory. Found file named tjones.plist. I just added <string>localadmin</string >. Still getting Read Only Error.
ASKER
Marook,
I followed your sudo suggestion, but it does not ask me for password. When I get in and make changes I still get Read Only Error.
I followed your sudo suggestion, but it does not ask me for password. When I get in and make changes I still get Read Only Error.
Hmm, do a
sudo bash
to enter a full terminal as root. Asking for password?
sudo bash
to enter a full terminal as root. Asking for password?
ASKER
Does not ask for password. All I get is bash-3.2#. Make changes in Pico, but still get same error.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. Thanks anyway. Learned alot in the mean time. Luckily, I don't have any important files on my machine.
You're welcome!