How to Change Permissions on Mac from Admin to Standard User (via Terminal) — A Step-by-Step Guide

Preet AmlaniPreet Amlani
3 min read

So, you’ve gotten cozy with that Admin account on your Mac, and now you need to bring it back down to a Standard user. Perhaps it’s your personal device you’re sharing with friends or family, or maybe you just like to keep things extra secure. Whatever the reason, shifting user permissions on macOS is a useful skill. This guide will teach you exactly how to do it—with a dash of Terminal magic to make you feel like a certified tech guru.

1. Why Adjust User Permissions?

  1. Enhanced Security: Running as an Admin user can expose your system to risk if you accidentally click the wrong link or install malicious software. Standard users face fewer risk factors.

  2. Better Control: If you’re sharing the Mac with multiple people, you want to control who can install apps, change system settings, or access sensitive files.

  3. Safe Experimentation: For developers or tinkerers, having an Admin account and a Standard account can prevent you from messing up critical system settings if you make an error.

  4. Simplicity: While dscl lets you manage users in macOS, dseditgroup provides a cleaner, more direct way to add or remove members from groups—like the admin group.

  5. Security: Removing Admin rights from a user means they can’t install software or change critical system settings without admin credentials.

  6. Prevent Mishaps: If you share your Mac or have colleagues/family members who need access, limiting their privileges can stop “accidental” system changes that lead to bigger headaches.

2. The One-Liner Command

Here’s the star of the show:

sudo dseditgroup -o edit -d [USERNAME] -t user admin

Replace [USERNAME] with the actual username you’re demoting. This could be a local account name or an AD username if you’re in an enterprise environment.

Let’s break it down:

  • sudo: Grants you superuser privileges to make system-level changes.

  • dseditgroup: Apple’s command-line utility to manage group memberships.

  • -o edit: Indicates you’re editing a group’s membership list.

  • -d: Stands for “delete,” meaning you’re removing a user from the group.

  • -t user: Specifies the type is a user (as opposed to a group or something else).

  • admin: The group you’re editing. By removing a user here, you’re revoking their Admin rights.

3. Verify the New Privileges

You can confirm that the user has been successfully removed from the admin group:

dscl . read /Groups/admin GroupMembership
  • If everything went well, the username you removed should no longer appear in the list.

Alternatively, check via the System Settings (or System Preferences):

  1. Click the Apple Menu () and go to System Settings (or System Preferences).

  2. Select Users & Groups (or Users & Accounts).

  3. Find the user. You should see Standard instead of Admin.

4. How to Promote a Standard User Back to Admin (In Case You Change Your Mind)

If you need to revert your changes, just add the user back into the admin group:

sudo dseditgroup -o edit -a [USERNAME] -t user admin
  • -a stands for “add,” effectively restoring Admin privileges.

6. Troubleshooting and Tips

  • Command Not Working? Make sure you’re logged in as an Admin or using an account with sudo privileges.

  • Password Prompt Doesn’t Show Characters? Terminal won’t display anything as you type your password (not even asterisks)—this is normal. Type carefully and press Enter.

  • Working with AD Environments? Just confirm the username matches what’s recognized on your Mac (often something like john.doe, jdoe, etc.). The command syntax is the same.

Enjoyed this guide? 🚀 Stay tuned for more Mac tips, Terminal tricks, and security hacks! Got questions or your own pro tips? Drop a comment below—I’d love to hear from you! 🔥👇

0
Subscribe to my newsletter

Read articles from Preet Amlani directly inside your inbox. Subscribe to the newsletter, and don't miss out.

macOS #UserManagementpermissionsPrivilege Escalation

Written by

Preet Amlani
Preet Amlani