Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
How to change user from "Staff" to Standard or Managed?
- Thread starter sparkie7
- Start date
- Sort by reaction score
I don’t think that is the reason. Can you please describe what happens when you try to delete the user?
When I try to delete it says : "To delete this user you need to enter their password". When I do it says, it doesn't work, so it won't allow it. And I know it's the right password as when I log in to it after a restart the password is correct. I even tried the Admin password (same password) and it doesn't work
To delete a user from Terminal
to keep the folder /Users/<user name>
to securely remove the home folder of the user
Code:
sudo sysadminctl -deleteUser <user name>to keep the folder /Users/<user name>
Code:
sudo sysadminctl -deleteUser <user name> -keepHometo securely remove the home folder of the user
Code:
sudo sysadminctl -deleteUser <user name> -secure
Last edited:
Thank you for the suggestions. When I tried this, it asked for the password. I entered it and got this......
2022-03-19 21:29:41.548 sysadminctl[4202:69741] Invalid option: (to)
2022-03-19 21:29:41.549 sysadminctl[4202:69741] Usage: sysadminctl
-deleteUser <user name> [-secure || -keepHome] (interactive || -adminUser <administrator user name> -adminPassword <administrator password>)
-newPassword <new password> -oldPassword <old password> [-passwordHint <password hint>]
-resetPasswordFor <local user name> -newPassword <new password> [-passwordHint <password hint>] (interactive] || -adminUser <administrator user name> -adminPassword <administrator password>)
-addUser <user name> [-fullName <full name>] [-UID <user ID>] [-GID <group ID>] [-shell <path to shell>] [-password <user password>] [-hint <user hint>] [-home <full path to home>] [-admin] [-roleAccount] [-picture <full path to user image>] (interactive] || -adminUser <administrator user name> -adminPassword <administrator password>)
-secureTokenStatus <user name>
-secureTokenOn <user name> -password <password> (interactive || -adminUser <administrator user name> -adminPassword <administrator password>)
-secureTokenOff <user name> -password <password> (interactive || -adminUser <administrator user name> -adminPassword <administrator password>)
-guestAccount <on || off || status>
-afpGuestAccess <on || off || status>
-smbGuestAccess <on || off || status>
-automaticTime <on || off || status>
-filesystem status
-screenLock <status || immediate || off || seconds> -password <password>
Pass '-' instead of password in commands above to request prompt.
'-adminPassword' used mostly for scripted operation. Use '-' or 'interactive' to get the authentication string interactively. This preferred for security reasons
*Role accounts require name starting with _ and UID in 200-400 range.
I did. And without the < > right?
Because when I did, it asked me to enter the Password
I tried again and got this.....
2022-03-19 21:36:14.935 sysadminctl[4430:74292] ----------------------------
2022-03-19 21:36:14.935 sysadminctl[4430:74292] No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !
2022-03-19 21:36:14.935 sysadminctl[4430:74292] ----------------------------
2022-03-19 21:36:15.039 sysadminctl[4430:74292] User todel can not be deleted (it's either last admin user or last secure token user neither of which can be deleted).
Yes I did. See post above, what I got back from Terminal, it says:
“User todel can not be deleted (it's either last admin user or last secure token user neither of which can be deleted)”
Any ideas how to fix?
All in all, this sounds to me as if the user you are trying to delete the other user from is not an admin user. There must be at least one admin user on your Mac.
Sorry, I must have replied while you were editing the post.
First, make sure that your account has admin rights.
https://support.apple.com/guide/mac-help/set-up-other-users-on-your-mac-mtusr001/mac
You can turn off the secure token with
Code:
sudo sysadminctl -secureTokenOff todelTerminal Results for..
My user (Admin): 2022-03-19 22:42:27.221 sysadminctl[5358:89594] Secure token is DISABLED for user John
User - that I want to delete: 2022-03-19 22:43:56.090 sysadminctl[5402:90483] Secure token is ENABLED for user todel
I do have an Admin user. The one I'm trying to delete is not designated as Admin
No worries.
I tried that command but got this:
2022-03-19 22:45:36.119 sysadminctl[5458:91579] Operation is not permitted without secure token unlock.
It seems you have to enable secure token for your user, John, in order to disable and delete the user todel.
Some information from Apple about Using Secure Token on page 101
“In macOS 11, setting the initial password for the very first user on the Mac results in that user being granted a secure token.”
https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf
Yes, it's on
I have a MacBook Pro (15-inch, 2017)
I installed Mac OS Monterey today. But that extraneous user I've had around for a while and just thought it was time to delete it.
Under any circumstances do not delete this account, macOS is stopping for good reasons. It may be the only admin with a secure token. Secure token is used to authenticate users to be FileVault and volume owners. Deleting this user may make you mac non-bootable (can't generate FileVault user that is used to unlock the encrypted disk drive) and system updates will fail (no volume owners).
Generate a new admin user, you may be prompted to enter the password for todel as they have a secure token, log out of the account you are in, log into that new admin user. On login the new user will be given a new secure token. You can then delete user todel.
I already have a an Admin user. It looks like I need to assign or enable a token for it. Any ideas how to go about this?
Was there no warning in System Preferences? It should give you a clue there if FileVault is not configured for all users.
What is the output of this command?
sudo fdesetup list -extendedDoes it include your primary user account there?
If not, I suppose you could manually add your primary user account with this (might have to use this with sudo):
sysadminctl -secureTokenOn <username> -password - interactive (note the whitespace between the dash and “interactive”)If this works, then you could add your primary user to FileVault:
sudo fdesetup add -usertoadd <username>