Help

AdminUserRecoveryInfo.plist and High Sierra

jhuls
Contributor III

Posted on ‎09-29-2017 07:31 AM

So I updated my MacBook Pro to High Sierra this week and today I was looking in /Volumes and found a Preboot folder containing various items that includes a AdminUserRecoveryInfo.plist. In looking at the contents I can't help but wonder if this is a little concerning. I'm not going to post the contents because frankly I don't know how sensitive it might be but I'll just say that it contains the admin accounts on the system along with hashes. Does anyone know anything about this file and can shed some light on it?

2 REPLIES 2

kowsar_ahmed
Contributor

Posted on ‎09-29-2017 07:41 AM

Just had a look myself. Will be interested to find out more on this too...!

0 Kudos

jdhii
New Contributor

Posted on ‎10-11-2017 01:23 PM

I found the same file; was the only modified file under the "Volumes" folder early this a.m. (EST zone). Also experienced random oddities, like activated guest user accounts and modified IMAP mail settings. Concerned about privacy/data security.

Any advice would be appreciated. Will provide obfuscated contents of the .plist if requested.

0 Kudos