Skip to content

Recover Mac endpoints

If users forget their login password, there are several ways they can regain access to their computer.

  • If the user was the last person to be logged into the computer, they can use the Sophos Self Service Portal. See Retrieve recovery key via Self Service Portal.
  • Users can start their computer with an external Mac startup disk and then use Terminal commands to unlock the disk.
  • Users can start their computer in target disk mode and then use Terminal commands to unlock the disk.
  • Users can start their computer with macOS Recovery and then use Terminal commands to unlock the disk.

For information on working with Terminal commands, see Unlock APFS volumes with Terminal commands.

For information on changing starting the computer from an external Mac startup disk, see Change your Mac startup disk.

For general information on macOS recovery, see About macOS Recovery on Intel-based Mac computers.

You can help users to regain access. These instructions tell you what the users will see and what they need to do.

They must:

  1. Switch on the endpoint computer and wait until the Recovery key ID is displayed.

    The recovery key ID is displayed only for a few minutes. To display it again, users must restart their computer.

  2. Call the administrator and tell them the recovery key ID.

    You can give them the recovery key. See Retrieve recovery key (Macs).

  3. Click the question mark icon in the Password field.

    A message is displayed.

  4. Click the arrow icon next to the message to switch to the recovery key field.

  5. Enter the recovery key.

  6. For users imported from Active Directory, you need to do the following extra steps:

    1. Reset the existing password in Active Directory. Then generate a preliminary password and give it to the user.
    2. Tell the user to click Cancel in the Reset Password dialog and enter the preliminary password instead.
  7. Follow the on-screen instructions to create a new password.

  8. If prompted, click Create New Keychain.

Users can access their computer's startup volume again.