Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 08:58:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 111

MDM docs: Reset Mac password with recovery key (#10033)

Browse source 
- Update the instructions
This commit is contained in:
Noah Talerman 2023-02-23 09:50:00 -05:00 committed by GitHub
parent bc27289034
commit ecf730d9be
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
docs/Using-Fleet/Mobile-device-management.md
View file

@ -48,7 +48,9 @@ Fleet UI:
### Viewing a disk encryption key
The disk encryption key allows you to unlock a Mac if you forgot login credentials. This key can be accessed by Fleet admin, maintainers, and observers. An event is tracked in the activity feed when a user views the key in Fleet.
The disk encryption key allows you to reset a macOS host's password if you don't know it. This way, if you plan to prepare a host for a new employee, you can login to it and erase all its content and settings.
The key can be accessed by Fleet admin, maintainers, and observers. An event is tracked in the activity feed when a user views the key in Fleet.
How to view the disk encryption key:
@ -56,46 +58,17 @@ How to view the disk encryption key:
2. On the **Host details** page, select **Actions > Show disk encryption key**.
### Unlock a macOS host using the disk encryption key
### Reset a macOS host's password using the disk encryption key
How to unlock a macOS host using the disk encryption key:
How to reset a macOS host's password using the disk encryption key:
1. Restart the device while holding Command + R
1. Restart the host. If you just unlocked a host that was locked remotely, the host will automatically restart.
2. Open Terminal
2. On the Mac's login screen, enter the incorrect password three times. After the third failed login attempt, the Mac will display a prompt below the password field with the following message: "If you forgot your password, you can reset it using your Recovery Key." Select the right facing arrow at the end of this prompt.
3. Unlock the disk encryption key by executing a command similar to:
```
security unlock-keychain <path to the secure copy of the
FileVaultMaster.keychain file>
```
3. Enter the disk encryption key. Note that Apple calls this "Recovery key." Learn how to find a host's disk encryption key [here in the docs](#viewing-a-disk-encryption-key).
4. Locate the Logical Volume UUID of the encrypted disk by executing:
```
diskutil cs list
```
5. Unlock the encrypted drive with the Logical Volume UUID and disk encryption key by executing a command similar to:
```
diskutil cs unlockVolume <UUID> -recoveryKeychain <path to the secure copy of the FileVaultMaster.keychain file>
```
6. Turn off disk encryption by executing a command similar to:
```
diskutil cs revert <UUID> -recoveryKeychain <path to the secure copy of the FileVaultMaster.keychain file>
```
Once successful, you can reset the account password using the Reset Password utility and recover data by either logging in to the users account or using the command line.
1. Restart the device while pressing Command + R.
2. Open Terminal and launch the Reset Password utility by executing:
```
resetpassword
```
3. Use the Reset Password utility to reset the accounts password.
4. Restart the computer and log in using the new password.
4. The Mac will display a prompt to reset the password. Reset the password and save this password somewhere safe. If you plan to prepare this Mac for a new employee, you'll need this password to erase all content and settings on the Mac.
## Set up