Taking over an account in MacOS X

A user recently left our company, and he didn’t clean up any part his laptop. He didn’t tell us his account password and he didn’t create an account that we could use. We wanted to gain access to his laptop and to recover any company data before reformatting the hard drive and reassigning the laptop. I knew that the steps would be (1) boot to single user mode, and (2) clobber his password so we could use his account. I had never done that before, and a search on the net didn’t turn up anything exactly as I needed. Here’s the commands I did.

  1. Boot to single user mode. There’s lots of advice on how to do this. Basically, hold down ⌘-S while the system boots until you see text on the screen.

  2. Mount the filesystem read/write. I just type mount /

  3. Normally I’d use niutil to modify netinfo entries. In single-user mode, though, that doesn’t work. The netinfo daemon isn’t running. Rather than figure out what it takes to run the netinfo daemon, I figured out what it takes to do this stuff directly on the netinfo database files.

  4. Verify that you can read the netinfo database. I use: nicl -raw /var/db/netinfo/local.nidb -list /users

  5. Clobber the password. In my case, I just wanted to destroy it. That way I could log in as this user with no password at all. nicl -raw /var/db/netinfo/local.nidb -destroyprop /users/joesmith passwd

    Where joesmith is the userid that I needed to access.

    If you don’t know the short user name of the user you’re trying to manipulate, the list from the previous step will show you the short names. Non-system (i.e. real people’s) user accounts will be listed last. Intuition will usually tell you which one you want.

  6. Type exit to finish booting normally into multi-user mode. I was able to login as the user and just press “enter” for their password.

I did this on Panther, but I have tested the nicl command on Tiger and it seems to behave the same. I can’t see any reason why this wouldn’t work exactly the same on Tiger as it does on Panther.

Comments aren't enabled for this post.