Change passwords from the command line

If you believe that your admin password has been compromised then it is always a good idea to change it, the dilemma is, if you have the same password for hundreds of machines, then it will be quite a hassle to go round to them all and change it, so you have 2 options

1. Invest in Apple Remote Desktop (ARD) to manage your machines.
2. SSH into all machines and change them that way.

I have ARD, so I will guide you through using that, the solution is in essence the same for either option, it’s just a hell of a lot quicker with ARD.

First, you need to select all the machines you wish to make the amendment on, then, you need to select the Send Unix Task option, you will want to run this as root, so select that option, then type the following into the command window

dscl . -passwd /Users/USERNAME PASSWORD

change USERNAME for the short name of the account you wish to change the password of, and swap PASSWORD for the new password, if you don’t set a new password then it will blank the password and then you will need to set a new one the next time you log in

One downside to this timesaving tip is that the next time you log in to the machines, you will need to have knowledge of the old password, so you can unlock the login keychain for that account.

When using this via SSH, you will need to sudo, otherwise it will fail.

And it goes without saying that this should NEVER be attempted on an account that has been filevault encrypted!

Mac startup keys

You can change the way that your mac boots by pressing & holding the following key combinations as the machine starts up

Option (ALT) – Display all bootable volumes

This will normally show you any internal hard drives, CD’s or DVD’s which are currently capable of booting from as well as external hard drives, USB keys, CD’s or DVD’s which could be used to boot the machine. If you have bootcamped your mac then this will enable you to choose between OS X or Windows.
If you have set a firmware password, then you will be presented with a padlock and a box to enter a password.

Shift – Safe Boot

This will disable any non system startup items, this can be very useful in troubleshooting a variety of issues.

C – Boot from CD

Hold this down until the machine boots from the CD, this can take a while sometimes so I would recommend the ALT method for this, this will be disabled if a firmware password is enabled.

T – Target Disk Mode

This will basically turn your mac into an external hard drive, connect it to another mac & you will have full access to all data on the machine, this will be disabled if you have a firmware password enabled.To boot into Target Disk Mode with a firmware password enabled, you will need to log in, and then select the Target Disk Mode option from within the Startup Disk preference pane located in System Preferences.

N – NetBoot

Startup from a NetBoot server.

X – Force Mac OS X Startup

This can be used if you have multi-boot machines and have set the default disk to be a non mac partition.

CMD-V – Verbose Mode

Verbose Mode shows you all that is going on whilst your machine is booting, very useful in troubleshooting as you can spot the faulting items.

CMD-S – Single User Mode

Command Line Interface, should only really be used for machines that are having serious issues, you can run a file system check (fsck) or Applejack if you have that installed.

CMD-R – Recovery Mode

On Machines with 10.7 installed then this will normally boot from the Recovery partition, although I believe the new Mac Mini Servers will connect to the internet and run a recovery over the net

Switch to admin via Terminal

Quite often I will arrive at a users machine and need to perform an administrative task, to do this without logging them out I choose to use the Terminal and change to an administrative user that way, here is my guide on how to do this.

Open the Terminal application

(Located in /Applications/Utilities)

for this example my administrative user is named localadmin, so whenever you see this just replace it with your administrative user

type the following

su localadmin

when you hit enter you will be prompted for your password, once you enter this correctly you will now be running as the administrative user.

You will not be able to SU to an admin user account without a password set