10.6: Unlock screens using any admin password

Nov 04, '10 07:30:00AM

Contributed by: Anonymous

Snow Leopard only hintMac OS X 10.6 tightened security and now one administrator user cannot unlock the screensaver of another admin user. However, many IT professionals need to be able to grant their users admin access to their Macs while still being able to effectively administer the machine in their absence.

Visiting a users machine to resolve a help desk ticket is frustrating if that users screen is locked and the user has left for the day, is out to lunch, in a meeting, etc.

To enable an admin to unlock another admins screensaver you simply edit a file on the machine, edit the file: /etc/pam.d/screensaver, changing

account required pam_group.so no_warn group=admin,wheel fail_safe
to
account sufficient pam_group.so no_warn group=admin,wheel fail_safe

You'll need to use a text editor capable of modifying and saving system files; e.g. any CLI editor used with sudo, or a GUI editor like TextWrangler if done in advance. It is not necessary to log out or restart. In fact if you visit a machine that is locked in this way and have SSH access to it you can modify this file and then unlock the screensaver using your admin account.

[crarko adds: I tested this, and it works as described.]

Comments (22)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20101103055948533