There's a way to put a password on it. Also don't let other people touch your computer.

All Unices have a single user mode. And no, you want to have it.
It could save your ass in your future.

>>54384067
>>54384083
it's called "firmware password" and you use the install media

>>54384083

OP here.

A guy at work got locked out of his computer today, lost the admin password. I went and did this and looked like a genius. When I came down off my high I realized that it was way too easy to do.

>>54384127
So?

>>54384118

OP here.

Couldn't you just remove the mobo battery to get around that one? Install media also too easy.

>>54384127
>physical access

there's no system that takes longer than 60 seconds to get into with full physical access & no encryption on drives.

Are you promoted to set up a root password when installing OSX? If not, how do you sudo on a mac?

>>54384139
No in case of Apple Macs.

>>54384181

Why not? Aside from the fact that they are physically hard to take apart?

>>54384127
>i want to start an Apple hate thread because some option that they operating system is expected to have.

>>54384196
EFI password is stored in NVRAM. Yo have to reemplace a chip to unlock a "forgotten" EFI pasword.

>>54384207

I'm not hating on Apple, I realize this feature is a part of all *nix systems.

>>54384196
They're written to nonvolatile memory.

>>54384164
Sudo *you user password* if you are part of the Wheel group.
The first account created always is part of that group.

>>54384164
Just like when installing Debian, the first normal user account is added to a group with sudo access

>>54384229

Ohoo that's cool. Do server mobos usually have this option? If not, is it possible to save it in a TPM?

>>54384139
apparently all you need to do ca. 2009 is reset the PRAM, which is very easy

>“This is a tutorial mainly for the people at my school who wish to modify their macbooks, leased by the school. These computers are protected by the firmware password. This prevents you from booting up into Single User Mode, Verbose Mode, Safe Mode, Target Disk mode, and boot off of an external hard drive or network. There is a very simple way to remove these restrictions.”

/g/ and the media can rave about reconstructing farook's device key from the silicon it's etched on. apple's finally looking seriously at this aspect of the boot process

>>54384127
Wouldve been more impressive if you werent fizzled up on drugs, you apple hipster junkie

>>54384181
>>54384196
>>54384229
>>54384248
>>54384285
this is a bad line of discussion

to reset the NVRAM/PRAM on a Mac you hold Command-Alt-P-R as it boots

OP here with a question relating to my adventure.

When I reset the guy's password through single user, why did I have to run fsck first?

>>54384388
to verify the disk before modifying it. you didn't have to, strictly speaking, but it's wise before attempting to modify the FS through that shell

>>54384477

How is changing the root password modifying the FS?

>>54384510
Because it's modifies a file, ergo, modifies the filesystem

>>54384510
it updates the /etc/passwd file with a new password hash. if the system was improperly shut down, that could possibly cause huge problems. fsck takes 2-3 minutes

>>54384537

Doesn't journaling basically make fsck unnecessary though?

>>54384547
not if the journal is corrupted. there's a small chance of something bad happening under certain conditions (can't log into any account for example) but an fsck takes minutes.

in single user mode you're generally stressed to change some essential config, and you don't have the luxury of getting feedback from the running system. think how modifying /etc/sudoers by hand could possibly fuck things up sometimes

Anyways thanks for the contribution everybody. I'm still not sure about the safety of this feature, considering (in the mac case) how easy it would be to destroy someone's data or encrypt their drive with a different password. I realize that physical access without encryption is always unsafe, considering you can just remove the drive and access its contents on a different computer, but I still feel this feature makes it a little too quick and easy to really fuck someone's shit up.

Oh one more thing. There isn't an equivalent of this procedure on windows right? Because the "administrator" account isn't created if the first user account made is an administrator? Basically, there is no root account to log into?

How would you go about removing/changing an administrator's password in windows if there is only one account?

>>54385163
Administrator always exists, but it's disabled by default. You can probably delete it safely but it might still be a good idea in case shit hits the fan.

>>54385197

Hmm. So without being able to log into your own administrator account (because you forgot the password) how could you re-enable the default administrator account? Would you have to do it with a boot disk and ctrl+f10 command prompt?

>>54384547
You do realize how shitty HFS+ is

>>54384067
Firmware password helps a bit but really you want full disk encryption

>>54384067
Mount it and run

 rm /var/db/.applesetupdone 

To get a cool intro video

>>54385298
Haven't used Windows for years but if memory serves me right, the built-in administrator account is accessible if you boot in safe mode.

>>54385667

and the password for said account is what by default? administrator?

>>54384067
If you're depending on software to protect you in the case of compromised hardware you deserve to be hurt.

>>54385660

Does doing this allow you to create a new admin account?

>>54385740
Yeah, it goes through the user creation just like a new install. Ive done it on 10.2, 10.4, 10.5 and 10.7.

>>54385795

So then you can create a new admin account, and change/delete the password of the one you forgot? Interesting this usually isn't listed as a password recovery option on most websites.

>>54385886
Yeah, It also sets the computer name to <newusersfirstname>'s <modelofmac>

Probably because its too "complicated" for most macbabbys.

>>54385298
There are tools that ignore the permission settings. For just about any OS, the general procedure is 1)boot from other media, 2) change admin/root hash, reboot.

>>54385918

You mean like booting into an ubuntu livecd, then changing the /etc/passwd file on the affected drive?

>>54385907

Why does it change the computer name? Does it change the other user account names/passwords?

>>54384142
This

I was surprised by how easy and effective bitlocker was when we pushed it out in my domain
> try to bypass standard boot sequence? Fuck you, 25 digit randomly generated alpha numeric encryption key.
> standard boot sequence? Enjoy

Without it, it takes 2 minutes and a bootable to bypass Windows security.

>>54385973
It change it because it thinks its a brand new install. No, it just creates an account with admin so you can do whatever.

>>54384067
This is top /g/ material. Faith restored.

>>54386054

OP here.

Yeah it was a good time.

This only works on unencrypted drives though, so no important info could be stolen