It’s happened to me more than once that I’ve needed to configure something on a managed Mac laptop at work for which I have no admin access. Normally you can just track down your network administrator, but if it’s after hours or you are traveling, there’s another option: escalate your own account privileges by adding yourself to the admin group.
To add yourself to the admin group, you’ll need to reboot into single user mode and run a couple commands. Here’s how:
First, boot the machine and hold down Command-S until it boots into single user mode. Then, mount the hard disk in read-write mode (and check it for errors) with the following two commands:
/sbin/fsck -fy
/sbin/mount -uw /
We’ll be using the dscl command to add your username to the admin group, but first you need to start directory services or it will return an error:
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
To list the users in the admin group, use the following dscl command:
dscl . read groups/admin users
You won’t see your username, of course, because you aren’t an admin. To add yourself, run the following:
dscl . append groups/admin users yourusername
You can double check that your username is in the list now, then type reboot to restart the machine. When you log in, you’ll see that you’re now in the admin group, with permission to install apps or change any system settings.
ADVERTISEMENT
