Global policies apply to both admin users and regular users in macOS. Be careful when you set your policies so that you don’t inadvertently lock out admin users.

Use these steps to unlock affected user accounts, including admin users.
If you lock out an Open Directory admin

In Terminal, use this command:

sudo pwpolicy -n /LDAPv3/ldapi://%2Fvar%2Frun%2Fldapi clearaccountpolicies 

If you lock out a local admin

Start the computer in single user mode. To start in single user mode, hold Command-S at startup.

Use the following commands to remove the global password policy when the shell prompt appears:

/sbin/fsck -fy

/sbin/mount -uw /

/bin/launchctl load /System/Library/LaunchDaemons/

/usr/bin/pwpolicy -n /Local/Default clearaccountpolicies
After entering the commands, press Control-D to restart the computer normally.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.