Automatic Login for Windows XP & Mac OS X

 Computers, Macintosh, Tech Support, Windows  No Responses »
Nov 162010
 

This feature allows other users to start your computer and use the account that you establish to automatically log on. Enabling auto logon makes your computer more convenient to use, but can pose a security risk since anyone can just turn the machine on and access your files.

Mac OS X

This may vary slightly depending on the Version of Mac OS X you are running on.  The steps should be the same, but the positioning of the buttons / prompts can be different…

  1. Open System Preferences
  2. Choose Accounts
  3. Click on Login Options
  4. Unlock System Preferences (if Necessary)
  5. Click on Automatic Login, and choose from the pop up the account you wish to use.  Verify the password.
Windows XP

You can configure Windows XP to automate the logon process if your computer is not part of a domain. Computers configured in a business environment generally have a domain and for those machines the option “Users must enter a username” is not necessary since password has to be used when accessing the local area network or domain.

  1. Click Start, click Run, and type control userpasswords2. This is a shortcut instead of having to click on Start -> Control Panel -> User Accounts.
  2. Uncheck the “Users must enter a username and password to use this computer” check box.
  3. Click Apply.
  4. Enter the user name and password you wish to automatically log on with, and then click OK.
  5. Click OK again and you’re all done.
 Posted by Benjamin at 5:49 pm  Tagged with: , , , , , ,

Fine Tune Volume Adjustment in OS X by Holding Alt+Shift [Shortcuts]

 Computers, Macintosh  No Responses »
Apr 152010
 

If you use a Mac, chances are you regularly adjust the volume using your keyboard’s volume keys. They’re handy enough, but the volume increment is pretty large.

There are at least two hidden options that people are not often aware of.

1) Fine tune volume in OS X by holding down Alt(Option)+Shift then pressing the volume adjuster buttons. Also if you hit the volume down button till it shows the mute sign then hit the mute key it will play very quietly.

2) Shift+ Volume Adjusters allows you change the volume setting, without playing the “tweet” sound. This way you can lower the volume, without anyone realizing it…

3) Option – Hitting Option + Volume Adjusters will bring up the sound control panel, without having to have System Preferences startup & switching to it.

 Posted by Benjamin at 2:48 pm  Tagged with: , ,

applescript “Lock Screen” from another mac on LAN

 Computers, Macintosh  No Responses »
Nov 242009
 

How can you lock your screen from another Macintosh?

The following applescript will allow you to lock the screen, over the network, from any other macintosh. Just keep in mind, “Remote Apple Events” will probably have to be turned on (System Preferences -> Sharing).

property ipNumber : 'Real IP address here'
property userName : 'real username here'
property pasword : 'real password entered here'
set remMachine to 'eppc://' & userName & ':' & pasword & '@' & ipNumber
tell application 'Finder' of machine remMachine to do shell script '/System/Library/CoreServices/Menu Extras/User.menu/Contents/Resources/CGSession -suspend'"
 Posted by Benjamin at 12:58 pm  Tagged with: , ,

File Vault Information

 Add comments
 

What is File Vault?

File Vault is a built-in encryption system for Mac OS X 10.3 and higher, which protects the users home directory on Macintosh OS X systems.  File Vault operates by using a variation on the “Portable Home Folder” system that the Macintosh OS offers.  The principal is that the a new home folder is placed on a AES encrypted disk image, and then old home folder is moved onto this encrypted disk image.

Table of contents

When a user that has a File Vault is logged in the OS mounts the encrypted disk image, and make a hard/soft link to this disk image.  This makes the user’s home directory point directly to the encrypted disk image, thus making the process virtually transparent to the user.  When the user logs off, the disk image is potentially compressed to free unused disk space, and unmounted to prevent unauthorized access.  In Mac OS X v10.4 (Tiger), FileVault stores the encrypted file system as a Sparse Disk Image, which is basically a single large file. In Mac OS X v10.5 (Leopard), FileVault stores the encrypted file system as a new image called a Sparse bundle. Sparse bundles break images into smaller 8MB files called bands, allowing them to be backed up using Leopard’s Time Machine feature in 8 MB increments. Please note: Leopard and Snow Leopard does not automatically convert a Sparse Disk Image into Sparse Bundles.  To do the upgrade, the user must turn off File Vault & then re-enable it.

When using FileVault, it is not possible to select which parts of the disk to encrypt, only the users home directory is encrypted. So File Vault is not a form of whole disk encryption, such as PGP Whole Disk Encryption, or CheckPoint’s Pointsec.  Similarly, specific files or folders cannot be encrypted using FileVault, although the same encrypted disk image technology can be used for this purpose through the Disk Utility Application.

Known Issues

Here is the list of known issues with File Vault, that I am aware of, please feel free to submit more (either through comments, or email):

  • Adobe Updater has issues with File Vault – This means that in an organization, you will need to have an user or IT Professional download the update from the Adobe Web Site, and manually run the installer.
  • The IT department will not be able to run some updates remotely.  For example, Microsoft Office Updates are run on a per user basis.  I currently use Apple Remote Desktop to access Idle Machines, and push the updates out to the systems.  Since File Vault users home directory is accessable through ARD we may not be able to do this.
  • Unlike Pointsec, the Macintosh User has the ability to turn off FileVault.  There is no way to prevent the user from turning off the File Vault Encryption.  So if it is a requirement from IT, the user can abort the encryption, or turn it off once done encrypting.
  • Since this is not a whole disk encryption, this does not protect any additional drives, and any content that is placed outside of your home directory is totally unencrypted.
  • File Vault’s Content is automatically encrypted and decrypted on the fly. Although early versions were slow and caused system to temporarily hang when used with disk-intensive applications, such as sound and video editing, the performance of FileVault has been improved in more recent versions of Mac OS X.
    • There is a perceived slow down in the boot up & login sequence with File Vault turned on.
  • File Vault requires the user to logged out to Enable or Disable File Vault.  This could be hours of down time to Enable or Disable File Vault.  The File Vault Sparse Disk Image does not get compacted, until the user logs out…  But this is a voluntary option, File Vault will ask the user if they wish to compact the image.  So if the user never authorizes the compaction, the unused space on the image may never get reclaimed.
  • If the user attempts to turn off File Vault, and is unable to (eg, the OS reports that there is not enough disk space), try to free more disk space.  File Vault needs significant amounts of disk space, to move the data out of the encrypted disk image.  This disk space requirement could be 2-3 times the size of the current user folder, or higher.
  • Sophos Antivirus may freeze on Login with File Vaulted systems.
    • This behaviour is also described in the current Sophos 4.9.19 (Feb 2009) Readme:   ”(DEF 19925) On OS X 10.5.x with FileVault enabled, the on-access scanner can cause deadlocks.” http://downloads.sophos.com/readmes/readmacx.html (Translation – Login freezes & locks up when logging in with FileVault & On-Access scanning turned on.)
    • First detected in July 2008, as per Apple Forums (http://discussions.apple.com/thread.jspa?threadID=1629343&tstart=57 )
    • Confirmed with March 2009 Update (Sophos Version 4.9.20, Threat Engine 2.84.1, and Threat Data 4.39, March 2009)
    • “The below command can help to alleviate the issue.We have made it possible for the user to change the number of threads that we use for scanning with, this helps to alleviate the issue by having more SAVI threads available when the machine is opening the FileVault bundle.By default we use 4 threads. This can be increased by running this command: CMD: defaults write /Library/Preferences/com.sophos.sav WorkerThreads -int 15
      • The number at the end of the command, in this example, 15, is the number of threads to be spawned at startup.
      • Please note that each additional thread will take up approx 8Mb of memory.
      • Customers should be advised to test this before implementing it across their network.
      • This is not a fix, but a work-around. The tech said he didn’t know if Snow Leopard (OSX 10.6) or the next full version of Sophos would address the issue further.
    • This issue is not listed in the Readme for Sophos Antivirus 4.9.26 w/Threat Detection engine 2.90.1, as of September 2009.  It is unclear if the above workaround has been added to the application, or if a fix has been incorporated.  This maybe fixed in Sophos v7.xx, I have not been able to confirm this.
    • If running Leopard or Snow Leopard, Sophos Version 7.05 or higher is required.  If upgrading to Snow Leopard, uninstall any previous version of Sophos, upgrade, and then install 7.05 or higher.  (http://www.sophos.com/support/knowledgebase/article/62329.html)
  • Backup software, at this time, can not incrementally backup the File Vault, and can not reliably backup a sparse image file.  So most Backup software require the user to be logged in, before any chance of a backup of the File Vault could occur.  This can prevent the backup of the machine, and risks loss of data.
    • System can NOT be set to auto-log out, since Backup software may require the user to be logged in to backup the File Vault.
    • For Retrospect, The SpareImage Files must be set to ignored (in preferences) or a filter setup to ignore SpareImage files.
    • If handled improperly, or the File Vault was created under 10.4x, the File Vault would not be incrementally backed up, and would require a new copy of the file vault for each backup.  This would quickly fill up the available space on the backup device.
    • Retrospect 8 has the same limitations with File Vault ( http://forums.dantz.com/showtopic.php?tid/28927/)
  • Time Machine, can incrementally backup a File Vault (created under 10.5x), but it requires the user to be logged out (at the login window).
    • Time Machine users need to exclude their user folder, when using File Vault.  If they do not, they will be backing up their user folder twice.  Once from the virtual home directory, and once from the Sparse Bundle image file, when logged out.  This is normally added when you switch to File Vault, but if you clear your exclusions or run a script that repopulates it, you may need to re-add it.
    • File Vault users do not get a “transparent” time machine backup every hour of the day.  The only time the Time Machine backup occurs when the user is logged out & the Time Machine drive attached.  Most users do not leave there systems logged out for any significant length of time.  This requires the user to be accept downtime, while the system backups up.
    • File Vault users have to manually restore file through the file system. The “Galaxy” user interface is not available.
    • Requires the purchase of a additional hard drive (~$100-150 for a 750Gb or 1 Tb drive) or a Leopard (or Snow Leopard) based network share (eg. Drive Shared from a Snow Leopard / Leopard based computer, Time Capsule, or Airport Extreme Shared drive(s))
    • The System should be set to auto-logout when idle, to assist in getting regular backups of the File Vault.
    • the proper to backup a File Vault with Time Machine is
      • Attach the Time Machine backup drive.
      • After the Time Machine backup drive shows up in Finder, then log out of your FileVault account and make sure the logout window specifically says that it’s backing up the FileVault.
      • Time Machine does not backup the Entourage database, if Entourage is running.  Entourage somehow prevents Time Machine from backing up the database, if Entourage is running.
        • To force a backup of Entourage
          • Quit Entourage, My Day, and any other MS product.
          • Go to Time Machine, and choose Backup now.
      • Time Machine, can be sensitive to drive issues, and silently fail or become stuck.
        • If the Free Space Allocation table is damaged, Time Machine can become “stuck” at the Preparing phase and never finish preparing.  Eventually the system will eventually lock up (system is still responsive, but drive related function may not occur in a timely manner, eg can’t log out, reboot, restart, or start an application).

Disaster Recovery:

  • This assumes that the hard drive is physically intact. Put the drive into a 2.5″ enclosure and hook it up to another Mac.
    • First attempt to open the Disk Image, by going to the new drive’s USERS folder, and double clicking on the File Vault users disk image (it should be named the same as the users SHORTNAME).  This should then cause the system to prompt for the password.  Once the password is entered, it should mount as a disk image.
    • If that doesn’t work, try this use an Admin account (call it user2) to mount user1′s FileVault using the following command in Terminal :sudo hdiutil attach /Volumes/UpInFlames/Users/user1/user1.sparsebundlewhere UpInFlames is the volume name of your MacBook drive. You’ll need the password of the user2 as well as the password on the sparsebundle.

Recommendations:

  • Move your iTunes and iPhoto libraries into /Users/Shared. FileVault takes your entire home folder and encrypts it into one big file; by moving iPhoto, iTunes, and movie files out, you can keep the size of this file down and improve reliability. In iTunes, go into Prefereces:Advanced, and select where to keep your iTunes Library. Make sure you check the box that says “Keep iTunes Music Library Organized” (this screenshot should help). Then go into Advanced:Consolidate Library and iTunes will move all your files for you. For iPhoto, just move your iPhoto Library. The next time you launch iPhoto it will ask you to point it towards your library. Then again, if you have, shall we say photographs of a “private” nature, you might want to leave them where they are so the will be encrypted.
  • System Preferences –> Security  –> Turn on Log Out after XX minutes of Inactivity     — Set to 30 minutes
    • Set only if using Time Machine.  Do not set if using Retrospect.
  • System Preferences –> Security  –> Turn on Use Secure Virtual Memory
  • System Preferences –> Security  –> File Vault –>  Master Password
    • This allows you to establish a master password so that you can retrieve the File Vault information, if the user forgets their password.

 Posted by Benjamin at 2:50 pm  Tagged with: , , , , , , , , ,

Prevent Non-Admin users from Changing Wireless networks

 Computers, Macintosh  No Responses »
Oct 062009
 

By default, in Mac OS X Leopard, any user can adjust the wireless network settings and connect to any available network. This may be convenient for most situations, but many users might wish to restrict non-administrator users from changing these settings.

Users should follow these steps:

  1. Log in as an administrator and go to the “Network” system preferences.
  2. Select the AirPort interface and click the “Advanced” button.
  3. In the AirPort tab, use the plus (+) or minus (-) buttons to add or remove wireless networks, only adding desired networks to the list.
  4. Uncheck “Remember any network this computer has joined”
  5. Check both “Disconnect from wireless networks when logging out”
  6. Check “Require Administrator password to control AirPort”.
  7. Click “OK” to save changes.
  8. With the advanced options closed and the AirPort interface still selected, uncheck “Ask to join new networks”.
  9. Click “Apply” to save changes.

 Posted by Benjamin at 3:00 pm  Tagged with: ,

Is partitioning hard drives on Mac OS X recommended or advisable?

 Computers, Macintosh, Tech Support  No Responses »
Oct 052009
 

Is partitioning hard drives on Mac OS X recommended or advisable?  (Based off a Super User submission)

There is certainly no problem with creating another partition for your user data (aka home folder). In fact, this is a very common thing to do on *nix based operating systems.

In fact, with Leopard & Snow Leopard, it is as simple as opening System Preferences, going to the Accounts Preference Panel, and choosing Advanced Options.  Relocate your User directory, and reboot…

But is it necessary?  No.  What about backing up the user data?  On the Macintosh, if you need to reinstall the OS, you do not necessarily need to lose your user data, and applications.  The normal installs & upgrades, will leave your data and applications intact.  The only time when your data is in danger of being lost is if you do a Erase & Insall.  The Install & Archive, or simply install, will leave everything intact.

But still, backing up all your data on OS X is as simple as copying your Home directory, which shouldn’t take long to do and restore. Do you really need to go through the hassle of partitioning  if it is only for a once-off occurrence?

Anytime you partition your drive, ask yourself, what happens in two years when I run low on disk space?  When you partition the drive, your making it virtually impossible to repartition it later.  Both partitions have to have free space, to allow you even consider resizing the partitions, and often it’s unlikely that Free space will be in the right sections of the hard drive partitions.

The concept of seperating “user” space, and Operating System space has existed for a long time, but didn’t become popular in the mainstream until Windows NT, and Windows 2000 arrived.  Even then, in the Windows world, often it’s not usable in the this pure form.

Instead, you had hard core gamers, that would create a “main windows” partition, and create a secondary partition that contained their backup image, the current set of drivers, the installers for their games, and applications, and possibly their user “data”…  After all, with Windows, you have to restore the OS, and applications, since the registry has to be preserved.  You can’t just restore a game, or application, without the proper registry settings…

 Posted by Benjamin at 6:23 am  Tagged with: , ,

New Sound Input Controls

 Computers, Macintosh  No Responses »
Sep 012009
 
Screen-shot-2009-09-01-at-11.13.35-AM.png

Screen shot 2009-09-01 at 11.13.35 AM.png

Typically with Mac OS X you have the volume control slider in the menu bar, and then if you want to make any other changes you would have to open System Preferences -> Sound and then make your changes….

I presume this is new in Snow Leopard, since I have not seen this documented previously, and I have never seen this before installing Snow Leopard….

Screen shot 2009-09-01 at 11.13.41 AM.png

If you option-Click on the Sound Volume control in the menu bar, an Output & Input Device menu will appear that will allow you to re-assign your active Output device & Input Devices.

A very welcome feature to those that will end up using it. Off the top of my head, anyone that needs to use headphones part of the time… Or podcasters, or….

 Posted by Benjamin at 11:19 am  Tagged with: , ,

Laptop fan running constantly? Check this first…

 Computers, Macintosh, Tech Support  No Responses »
Jun 092009
 

Typically Mac OS X is configured to set the default printer to the last printer you just used…  But that’s not always correct…

In some cases, people with laptops have attempted to use a printer that isn’t available, and that has caused the laptop’s fan to run constantly, since Mac OS X is attempting to retry to a printer that is no longer available.  For example, a work printer that is not available from home…

So, if your machine is running the fan alot, check your printer queues, to see if you have orphan print jobs…  Open System Preferences, go to Print & fax, and see if there are any print jobs stuck in the queues….

 Posted by Benjamin at 2:52 pm  Tagged with: ,
Page 1 of 2 1 2
© 2011 The Matrix Data BankSuffusion theme by Sayontan Sinha