When you first start using a brand-new Mac or performed a clean install of OS X, you are presented with Setup Assistant, allowing you to create the first user account and specify some initial information, such as keyboard layout and locale.
Under certain circumstances, it can be advantageous to re-run the Setup Assistant. Using some command-line trickery, we can do just this without having to erase and reinstall OS X.
What Setup Assistant Does
Setup Assistant is designed to run on the first boot of a fresh install of OS X, which is why you'll only see it when booting up a a brand-new Mac or one that has been erased and had OS X reinstalled.
Besides options for keyboard layout, time zone and asking if you'd like to register, Setup Assistant also lets you create a new user account. As Setup Assistant assumes the account it is creating to be the first, it is always given administrator privileges.
There may come a time when you need to set up a second user account on a Mac while attempting to resolve a user account issue. If a Mac has only one user account and it seems to be unable to log in correctly (getting stuck at the login window, for example), having a second account will allow you to access OS X and continue troubleshooting.
By re-running Setup Assistant, we can use the process to create a user account that will automatically have administrator privileges, without having to do so via System Preferences, which we might not be able to access.
There are other reasons why re-running it can be advantageous, though in my experience, the above has always been the most common reason to do so. Sure, you can create user accounts using a number of commands, but Setup Assistant is just far easier.
Every time OS X boots, it checks for the existence of a file known as
.AppleSetupDone. This empty file is created after the completion of Setup Assistant. It doesn't exist on a brand-new, out-of-the-box Mac, nor on one that has had a clean installation of OS X.
By removing this file, OS X will assume that Setup Assistant has never been run and will launch it as soon as OS X boots.
Setup Assistant is also run with root privileges, which is why it can create a new user account with administrator privileges without the need for any authorisation.
To remove this file, we need to boot the Mac into Single-User Mode. This provides a method of interacting with OS X via the command-line, with full root privileges.
Start up the Mac whilst holding down
⌘-S. After a few moments, you'll see the Mac boot to the command line.
Before continuing, the filesystem must be checked and mounted, so files are't immediately accessible to interact with. To do this, enter the two commands that are displayed within the prompt, one at a time.
The following command will check the filesystem to ensure there are no problems. Enter:
The next command will then mount the filesystem for it to be accessible:
/sbin/mount -uw /
With the filesystem mounted and accessible, it's time to remove the file so OS X will re-run Setup Assistant:
After that, simply enter
reboot and your Mac will restart and boot normally. Only this time, Setup Assistant will launch.
By now, you're probably wondering why should this be even possible, since someone may use this to gain access to a Mac. Indeed, re-running Setup Assistant would certainly allow for an unauthorised person to create a new account with administrative privileges and gain access to the Mac along with your data.
In terms of security, physical access trumps almost every method of preventing unauthorised access not involving encryption. While a little more complicated with the SSD technology Apple uses in their product lines, access to your data can easily be done simply by removing the Mac's storage device and connecting it to another.
This is where encryption methods such as Firmware Password and FileVault 2 are useful. With a Firmware Password set, it must be entered if the Mac is being booted either into Single-User Mode or to another boot volume. FileVault 2 takes this one step further by performing full disk encryption, preventing any form of access to your data unless authorised by entering your user account password - even if the drive is removed and attached to another Mac.