Recover Mac endpoints
Follow these steps to recover Macs.
If users forget their login password, there are several ways they can regain access to their computer.
- If the user was the last person to be logged into the computer, they can use the Sophos Self Service Portal, see Retrieve recovery key via Self Service Portal.
- Users can start their computer with an external Mac startup disk and then use Terminal commands to unlock the disk.
- Users can start their computer in target disk mode and then use Terminal commands to unlock the disk.
- Users can start their computer with macOS Recovery and then use Terminal commands to unlock the
disk.
For information on working with Terminal commands, see Unlock HFS+ volumes with Terminal commands and Unlock APFS volumes with Terminal commands.
You can help users to regain access. These instructions tell you what the users will see and what they need to do. They must:
On endpoints running macOS 10.12 or earlier, a new recovery key will be created and stored in Sophos Central. A recovery key can only be used once. If you need to recover a computer again later, you need to retrieve a new recovery key.
On endpoints running macOS 10.13 and Apple File System (APFS), no new recovery key is created. The existing recovery key remains valid.