Do you need to recover user data with Target Disk Mode, but you don’t have the user’s FileVault 2 password?
- Cannot Enter Password To Unlock The Disk Macintosh Hdmi
- Cannot Enter Password To Unlock The Disk Macintosh Hd
I will show you how to unlock FileVault 2 after you connect the Mac using Target Disk Mode. Open video clip. This can be very helpful for IT Departments that need to access user data when an employee is let go and you don’t have the user’s password.
When I put in the incorrect password it goes back to the select disk and when I click unlock the 'enter password popup comes up and I can enter a password again. I have pulled the HD from the mac and connected it to a windows 7 box and as expected the drive is detected but no drive letters assigned and I can do anything with them in disk managment. If you forget your account password or it doesn't work, you might be able to reset your password. If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences. You can then turn it on again to generate a new key and disable all older keys. Let me know if you have any questions.
How to boot a Mac into Target Disk Mode (TDM)
- Had a strange issue with my Mac where the password box was not popping up and I couldn't log-in. I think it is 2014 model btw. So I tried to delete the HD and reinstall. I think I also have restored the 1.51 Gb OSX base system back on and it no longer appears as an external disk.
- Resetting your Password. Apple includes several options for resetting account passwords in OS X.
- If you are not allowed to use a password to unlock the drive encrypted by BitLocker in Windows, you can use the recovery key to get access to the computer. If you forget the password or you cannot get access to the drive, the recovery key will be one of the solutions.
Think of Target Disk Mode as if you are turning your Mac into an External Hard Drive. Once you plug the Target Mac into the host Mac using a USB/Thunderbolt Cable you can access all of the Target Mac’s files on the Host Mac. It’s really a great tool for moving data, especially useful for fast file backup, transfers or data recovery.
Mounting the and unlocking the drive.
Once you have booted your Mac into Target Disk Mode and it’s pluged into the host Mac you will be see a GUI message after a few moments.
If the Mac is not encrypted and doesn’t have a T2 the drive will just mount as Macintosh HD on the Desktop.
If you know the user’s password, type it in and the drive will mount.
Attempting to unlock FileVault 2 TDM “diskutil apfs unlockVolume -passphrase”
You may have used this command in the past if you needed to unlock FileVault in the Recovery Partition.
diskutil apfs unlockVolume /dev/apfs_volume_id_goes_here -passphrase personal_recovery_key_goes_here
Rich Trouton wrote a great article on how to unlock FileVault 2 in the Recovery Partition. You can find that article here.
You would think we could use the same command to mount the drive with TDM. Let’s try it.
Trying to use the following command.
diskutil apfs unlockVolume /dev/disk3s5 -passphrase _recovey_key_here
Will give the error
Error unlocking APFS Volume: APFS Volume Target Disk Mode Unlock requires that you supply a specific user (-69486)
The GUI unlock pop-up only has the option to unlock with user’s password.
Gathering the information that you need to unlock the drive using the Personal Recovery Key.
Let’s get started. You will only need 3 things.
- APFS Volume ID
- UUID of the Personal Recovery User
- FV2 Personal Recovery Key
First let’s get the APFS Volume ID of the Target Mac. On the host Mac run this command in the Terminal.
diskutil apfs list
Look all the way at the bottom for
Name: Macintosh HD
You will also see Mount Point: Not Mounted
and FileVault: Yes (Locked)
You will need to grab
disk4s5
from APFS Volume Disk (Role)
This is the Target Mac’s Volume ID.2. Get the Personal Recovery User UUID
Run this command to get the UUID of the Personal Recovery User. Don’t forget to put the Volume ID that you grabbed above in
apfs_volume_id_here
diskutil apfs listUsers /dev/apfs_volume_id_here
3. Personal Recovery Key
Visualizador de archivos pdf. Now that you have the all 3 things we can now unlock the drive.
Unlocking the Drive using the Personal Recovery User and Personal Recovery Key.
Let’s unlock the drive! The command is
diskutil apfs unlockVolume /dev/disk_volume_ID_here -user personal_recovery_user_UUID_here
After typing in the command you will have a prompt that says
Passphrase
. Paste or type the Mac’s Recovery Key in and hit enter.NOTE: for the PRK you have to include all the dashes and use all CAPS.
If you don’t you will get this error
Passphrase incorrect or user does not exist
Once you type in the correct PRK you will be see this message.
![Unlock Unlock](https://www.bitdefender.com/media/uploads/2017/06/1722-3-1024x764.png)
Unlocked and mounted APFS Volume attached via Target Disk Mode
Copying Files
One last note if you need to copy files from the user’s folder. If you navigate to the user’s folder and see that you do not have permission to view Desktop, Documents or Downloads. This is not a problem.
All you need to do is copy the entire user folder over to the Host Mac. You will be prompted to enter in an admin password. This is the admin password on the Host Mac not the Target Mac. Once the User folder is copied over you will have access to all files.
Thanks
I wanted to thank someone who clarified this procedure and also helped test to make sure it worked.
Thank you Mr. Anonymous!!!
I hope this article has helped you. If you have any questions or comments please don’t hesitate to Contact Me.
Transfer pics from android to laptop. If you're using a Mac with the Apple T2 Security Chip, Startup Security Utility offers three features to help secure your Mac against unauthorized access: Firmware password protection, Secure Boot, and External Boot.
Open Startup Security Utility
- Turn on your Mac, then press and hold Command (⌘)-R immediately after you see the Apple logo. Your Mac starts up from macOS Recovery.
- When you're asked to select a user you know the password for, select the user, click Next, then enter their administrator password.
- When you see the macOS utilities window, choose Utilities > Startup Security Utility from the menu bar.
- When you're asked to authenticate, click Enter macOS Password, then choose an administrator account and enter its password.
Set a firmware password
You can use a firmware password to prevent anyone who doesn't have the password from starting up from a disk other than your designated startup disk. To set a firmware password in Startup Security Utility, click Turn On Firmware Password, then follow the onscreen instructions. Learn more about firmware passwords.
You can also change your external boot setting to prevent even those who know the firmware password from starting up from external media.
Change Secure Boot settings
Use these settings to make sure that your Mac always starts up from a legitimate, trusted operating system.
Full Security
Full Security is the default setting, offering the highest level of security. This is a level of security previously available only on iOS devices.
During startup, your Mac verifies the integrity of the operating system (OS) on your startup disk to make sure that it's legitimate. If the OS is unknown or can't be verified as legitimate, your Mac connects to Apple to download the updated integrity information it needs to verify the OS. This information is unique to your Mac, and it ensures that your Mac starts up from an OS that is trusted by Apple.
If FileVault is enabled while your Mac is attempting to download updated integrity information, you're asked to enter a password to unlock the disk. Enter your administrator password, then click Unlock to complete the download.
If the OS doesn't pass verification:
- macOS: An alert informs you that a software update is required to use this startup disk. Click Update to open the macOS installer, which you can use to reinstall macOS on the startup disk. Or click Startup Disk and choose a different startup disk, which your Mac will also attempt to verify.
- Windows: An alert informs you that you need to install windows with Boot Camp Assistant.
If your Mac can't connect to the Internet, it displays an alert that an Internet connection is required.
- Check your Internet connection, such as by choosing an active network from Wi-Fi status menu in the menu bar. Then click Try Again.
- Or click Startup Disk and choose a different startup disk.
- Or use Startup Security Utility to lower the security level
Medium Security
During startup when Medium Security is turned on, your Mac verifies the OS on your startup disk only by making sure that it has been properly signed by Apple (macOS) or Microsoft (Windows). This doesn't require an Internet connection or updated integrity information from Apple, so it doesn't prevent your Mac from using an OS that is no longer trusted by Apple.
If the OS doesn't pass verification:
- macOS: An alert informs you that a software update is required to use this startup disk. Click Update to open the macOS installer, which you can use to reinstall macOS on the startup disk. This requires an Internet connection. Or click Startup Disk and choose a different startup disk, which your Mac will also attempt to verify.
- Windows: An alert informs you that you need to install windows with Boot Camp Assistant.
No Security
No Security doesn't enforce any of the above security requirements for your startup disk.
Change External Boot settings
Cannot Enter Password To Unlock The Disk Macintosh Hdmi
Use this feature to control whether your Mac can start up from an external hard drive, thumb drive, or other external media. The default and most secure setting is ”Disallow booting from external media.” When this setting is selected, your Mac can't be made to start up from any external media. Attempting to do so will cause your Mac to display a message that your security settings do not allow this Mac to use an external startup disk.
To allow your Mac to use an external startup disk:
Cannot Enter Password To Unlock The Disk Macintosh Hd
- Open Startup Security Utility.
- Select ”Allow booting from external media.”
Your Mac doesn't support booting from network volumes, whether or not you allow booting from external media. - If you want to select an external startup disk before restarting your Mac, quit Startup Security Utility, then choose Apple menu > Startup Disk.