crwdns2894164:0crwdne2894164:0

Released in November 2020, the 13" MacBook Air features Apple's Arm-based M1 SoC with an 8-core CPU and up to an 8-core GPU. (Model A2337 / EMC 3598 with two Thunderbolt 3 ports)

crwdns2886949:061crwdne2886949:0 crwdns2858137:0crwdne2858137:0

Why is the account locked?

I have a MacBook Air (M1) model and the localadmin account is locked. This account is the only one on the computer with admin rights. It does have a teacher (mobile) account and the teacher can sign in. It is connected to an AD server. This computer is running Big Sur and was not upgrade from a previous macOS. 

I did restart computer and tried SMC which it didn't work. I tried to invoke Recovery and that didn't work either. 

I did wait the 24 hour period and it is still local admin account is still locked.

crwdns2893858:0crwdne2893858:0 crwdns2893862:0crwdne2893862:0

crwdns2894050:0crwdne2894050:0

crwdns2889612:0crwdne2889612:0 2

crwdns2893872:0crwdne2893872:0:

i have the same problem. i tried to go to recovery but its not working. i cant open terminal or any. i shuted down and held command + R but nothing happened. i dont know what to do.

crwdns2893770:0crwdnd2893770:0crwdne2893770:0

@Amh Sh If this is an M1 machine, you need to press and hold power to access recovery options rather than the old cmd+R

crwdns2893770:0crwdnd2893770:0crwdne2893770:0

crwdns2892346:0crwdne2892346:0

crwdns2886779:03crwdne2886779:0

Is it have MDM like Jamf or Apple Business Manager? If it does, that’s a setting that can be enabled. On a normal Mac me or you would buy retail (which will not be managed, it’s added after the fact) the account will not lock this way - M1 might stop you for 5 minutes and go up until you have to on an M1 but Intel Macs permit unlimited chances. If you see “profiles” in System Preferences, then it’s managed. If nothing works, the password needs to be reset by IT - especially with MDM. I mention this because you said you work for a school district. A lot of MDM solutions “escrow” the FileVault key, so you need to call for this 99% of the time.

If it isn’t managed or all else fails, use Terminal:

Apple silicon:

  • Press and hold the power button until you see the startup options
  • Click Options. Let the Mac boot - no intervention is needed.
  • The Mac will ask for a known user account that's an admin. If you know none select forgot all passwords.
  • It may ask for an Apple ID. Any good MDM allows you to force sign out and remove activation lock if needed. Hopefully it was blocked.
  • Click on Utilities at the top bar and find Terminal
  • Enter resetpassword and press Return
  • If required enter the FileVault key. Again any good MDM “escrows” this.
  • Reset the password and the machine should be good to go.
  • NOTE: You may have to reset the user’s password as well. Make it easy and force a reset in Jamf before handing it back.

    Intel:
  • Shut down the Mac and press Commnd+R together before turning the system on, and then press and release the power button. Keep holding until you see MacOS Recovery start.
  • If it asks for an admin, select Forgot all passwords. T2 Macs can activation lock, but they tend to go to the utility options - but yes, it can sometimes be an issue here as well.
  • Click on Utilities at the top bar and find Terminal.
  • Enter resetpassword and press Return
  • If required enter the FileVault key. Again any good MDM “escrows” this.
  • Reset the password and the machine should be good to go.
  • NOTE: You may have to reset the user’s password as well. Make it easy and force a reset in Jamf before handing it back.

crwdns2894046:0crwdne2894046:0

crwdns2889612:0crwdne2889612:0 0

crwdns2893872:0crwdne2893872:0:

Yes we use Jamf to manage the MacBooks. I did try to unlock it on the backend but it is still locked. I will need to take the users computer and see if I can invoke Recovery and terminal in to reset the password without losing anything.

crwdns2893770:0crwdnd2893770:0crwdne2893770:0

@Philip Fisher I've clarified the steps a bit for you. It's 99% similar, but there are a few small differences with Apple Silicon that matter, which matter somewhat with T2 Macs but aren't as major.

I suspected MDM because of the hard 24 hour lock that never cleared - that's not a normal behavior on "unmanaged" Macs. You need to reset more often then not once MDM is used.

I'm from a time when the most you had on the admin side was Apple Remote Desktop, and you needed a boot DVD to pull tricks like this. There was no real protection so if say you set a EFI password on an A1181 MB all I'd have to do is remove some RAM/add a stick and zap the NVRAM/PRAM. At one point when Intel was all Apple used I had instructions on one of my old phones to get into single user mode - my teachers were afraid of anyone seeing that ;).

crwdns2893770:0crwdnd2893770:0crwdne2893770:0

@Nick- I have the computer and tried to invoke recovery using Cmd-R and the logo comes up and the status bar then goes to the sign in screen. I get the red dot at the top by the battery icon for a few seconds.

I am not sure what else to try except to wipe it and start over again.

crwdns2893770:0crwdnd2893770:0crwdne2893770:0

crwdns2892346:0crwdne2892346:0

Most often, it is best to contact support or the administration right away. Otherwise, the issue with blocking will not be resolved in any way.

crwdns2894046:0crwdne2894046:0

crwdns2889612:0crwdne2889612:0 0
crwdns2892346:0crwdne2892346:0

If you've been using your Mac for a long time, there are probably a lot of programs on it that you don't need anymore. Uninstall them - it's easy to reinstall them if you need to. I found some handy tips on the Internet, and it said to select the programs that have been sitting around for a long time and uninstall them. By default, macOS just moves apps to the trash, but they can leave behind settings files and other junk. It doesn't take up much space, but you can get rid of it, too, if you use App Cleaner to remove it.

crwdns2894046:0crwdne2894046:0

crwdns2889612:0crwdne2889612:0 0
crwdns2892346:0crwdne2892346:0

crwdns2893896:0crwdne2893896:0

Philip Fisher crwdns2893898:0crwdne2893898:0
crwdns2894754:0crwdne2894754:0:

crwdns2894766:024crwdne2894766:0 126

crwdns2894768:07crwdne2894768:0 618

crwdns2894768:030crwdne2894768:0 3,215

crwdns2894770:0crwdne2894770:0 19,094