Skip to main content

Using a Personal Recovery Key and a LAPS account to gain access to a Computer

Updated over 2 months ago

Description

If an end user forgot the password for their Apple Silicon computer, we can use a valid personal recovery key to unlock the disk and then log into the computer with a LAPS account or any other user account with a known password.

Gaining Access to a FileVault Enabled Computer if the User doesn't know their Password

  1. Reboot the computer to land at the FileVault login screen.

  2. Press Option+Shift+Return to toggle to toggle the option to enter the Personal Recovery Key.

  3. Type in a valid FileVault recovery key.

  4. The macOS load (progress bar) will show since you entered the PRK and accessed the disk. Then it will land at a login screen.

  5. Pick a user account that you know the password to and enter it.

    1. If you are not seeing an account at the login screen, toggling Command+Option at the Login Screen will show you the username and password fields.

    2. If using a LAPS password:

      • To find the LAPS password, click View under Inventory > Local User Accounts on the computer's inventory record.

      • To help with O's and 0's in LAPS passwords, copy and paste this to a text notepad and use a mono font which will add marks to zeros.

      • You will have limited time to perform these actions if using a LAPS password, 1hr by default after viewing the password in Jamf Pro.

Did this answer your question?