Add a user to the Print Operator group

To add a non administrative user to the Print Operators group, you need to enter the following command into a Terminal window

sudo dseditgroup -o edit -u ADMINISTRATOR -p -a USER -t user _lpadmin

You will need to replace ADMINISTRATOR with the shortname of an admin account & you will need to replace USER with the shortname of the account you wish to add to the print operators group

when you hit enter then you will be prompted for your admin password, so enter that, but you will then be prompted “Please enter user password”, enter the password associated with the admin account mentioned in the command

To check if the user has been added to the Print Operators group then enter the following into a Terminal window

dscl . -read /Groups/_lpadmin GroupMembership

Image Capture Extension error

If you are getting this error on 10.7

“Image Capture Extension is trying to modify the printer settings, Type the name and password of a user in the Print Administrators group to allow this”

it is most likely down to the User not running as admin, with a scanner connected to the machine

the simple way of resolving this is to add the User with the problem to the _lpadmin group

to do this, open Terminal and type the following

dseditgroup -o edit -p -a usershortname -u adminshortname -t user _lpadmin

replace usershortname with the short name of the account having the problems and replace adminshortname with the short name of an admin account that you know the password to

once you hit enter it will say ‘Enter User Password’, but you MUST enter the password of the admin account you entered in the command

to verify that this has worked type the following into Terminal

dseditgroup _lpadmin

Check the group membership values at the bottom of the info that it shows and you should have all the admin accounts from the machine and the user account that you just added to the group

Create a Hidden Administrator

I like to hide the administrator account from prying eyes, this helps add to the security of your machine by not making it obvious what accounts are on the machine.

To do this you need to do a number of things, first of all log in to the Mac with an admin account.

Go to System Preferences, then Accounts, then click on Login Options & change the following options

Display login window as : Name and password
Disable Automatic Login

Next you can either create a new admin account to hide, or you can edit and hide an existing one

Now, right-click (CTRL Click) on the account you wish to hide and choose Advanced Options

Set the User ID to a number less than 500, I usually do between 490 and 499 as there are a few system accounts that use earlier numbers

Now change the Home directory to something someone wouldn’t think to look, a lot of people use /var/

It’s also a good idea to put a . in front of your home folder to hide it further, so the path would be /var/.admin

Now you need to move and rename your actual home folder, to do this it’s easiest to use the Terminal, so open that up and type the following

sudo mv /Users/admin /var/.admin
sudo chown -R admin /var/.admin

Now you need to remove the Public and Sites folders from your home folder, as you already have a Terminal window open then you can enter the following to remove them

sudo rm -R /var/.admin/Public /var/.admin/Sites

OK, now thats all done you need to make some changes to the loginwindow preferences, this can also be done in the Terminal, so enter the following

sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array admin

This will hide any account with a User ID under 500 and add your ‘admin’ account to the hidden users list

Test this by rebooting and logging in as a non-admin user, go to System Preferences and then Accounts, if all is well then the admin account will not show up

Now log out and log in as the hidden admin user, I tend to put some applications on the Desktop of this hidden account, just ones that I’d rather the end user of the machine not use as they have the potential to break their machines if not used correctly (I once had a user use OnyX to display hidden files and then they deleted the mach.kernel as they didn’t recognise the file and thought it could be a virus) so I now keep this out of their reach

Firmware Password Utility

As every good System Administrator should, I set firmware passwords on all my macs.

But one of the frustrations caused by this security precaution is when you are trying to boot a mac into Target Disk Mode, you need to first boot from an installation disk and then run the Firmware Password Utility

To get around this, I create a copy of the Firmware Password Utility on all macs (you could put one on a USB if you wish)

This is done by by following these steps

1. Insert a Mac OS X Installation DVD into your Mac

2. Open Terminal and type the following

cp - R "/Volumes/Mac OS X Install DVD/Applications/Utilities/Firmware Password Utility.app" ~/Desktop

3. Now you can run the utility from your desktop

Also, if you are setting up multiple macs and you wish to have them all use the same firmware password, you can do the following to push it to all machines

1. Set it manually on 1 machine using the utility mentioned above

2. Open Terminal and type the following

sudo nvram security password

you will get an output similar to this

security-password %cd%f8f%bd%98%87%c5%

This is your encoded firmware password, you can now deploy this via Apple Remote Desktop, SSH, or a script.

Please note, this will only work on Intel Macs

To deploy it to other Macs, enter the following into Terminal either locally, via SSH, ARD or other deployment solutions

sudo nvram security-password %cd%f8f%bd%98%87%c5%
 sudo nvram security-mode=command

Tips for speeding up your Mac

1. Hard Drive Space
You should keep a minimum of 10% of your Hard Drive free to ensure smooth running of your machine, I normally aim for 15-20% free, so I still have a bit of space to play with

If you are unsure of whats exactly is taking up your hard drive then you can use a utility like DaisyDisk (Available on the Mac App Store) to track down those space hogs.

2. Clear Your Desktop
Lots of people use their Desktop as the store for all their files, this increases the amount of time it takes to startup as all of the preview icons need to load, so by storing these files elsewhere in the filesystem then you will improve startup times

3. Disable Login Items
Lots of items starting at login will also slow down your machine, and often, these will continue to run in the background, taking up memory and utilising the processor unnecessarily, to prevent this, do the following

Open System Preferences

Click on Users & Groups

Click on your account in the window on the left

Click on the Login Items tab to the right

Click on the items you no longer wish to run at startup, such as iTunes helper, VM Fusion helper and click on the minus button at the bottom of the window to remove them.

4. Disable Dashboard
I haven’t used Dashboard since 10.4, so I tend to disable it, you can do this by opening a Terminal window and typing the following

defaults write com.apple.dashboard mcx-disabled -boolean YES

then

killall Dock

This will fully disable Dashboard so you will not even be able to run it manually by clicking on the icon in /Applications, to re-enable it if you change your mind then you can do type the following into a Terminal window

defaults write com.apple.dashboard mcx-disabled -boolean NO

then

killall Dock

5. Repair Permissions
I recommend repairing permissions after every software update, but most people don’t have time to do get round to this as well, until the machine becomes slow and unresponsive.

To do this, navigate to /Applications/Utilities

Open Disk Utility

Click on your startup volume (Usually named Macintosh HD)

Click on the First Aid tab and click on Repair Permissions at the bottom of the screen

6. Repair Disk
Sometimes disks will develop directory structure corruption over time, this isn’t a problem if dealt with promptly, but in the worst cases will need attention from a specialist application such as diskwarrior.

To check if your drive needs this doing you can run a verify disk from Disk Utility, as follows

Open Disk Utility (from /Applications/Utilities)

click on your startup volume

click on the First Aid tab and click on Verify Disk

If all is well you will receive a green message signalling the drive is fine

If its not then you will recieve a red message stating the cause of the error

To run a repair disk you will need to boot from a non system drive, such as a Mac OS X Installation Disk, or a home made Bootable USB

Once you have booted from one of those then you will need to run Disk Utility again, and this time click on your startup volume and choose First Aid, then click on Repair Disk.

This may need running more than once, although my recent experiences have shown that it will keep running until it has resolved the issues.

7. OnyX
Finally I use OnyX to clear out a few caches and log files, I’d recommend sticking with the default options with this app, a free download from Titanium Software, just make sure you download the version that matches your Operating System, if you are unsure which OS you are running then you can find out by clicking on the Apple Icon in the top left corner of the screen and clicking on About This Mac

8. Add more RAM
Put as much RAM as you can afford into your mac, I’d recommend the minimum on the following Operating Systems

10.4 (Tiger) – 1GB

10.5 (Leopard) – 2GB

10.6 (Snow Leopard) – 2GB

10.7 (Lion) – 4GB

9. Reboot
A lot of people hardly ever reboot their macs, and for some unknown reason are even strongly against doing this, even though the majority of the time a reboot fixes a lot of issues, I’d always choose this option on a slow running mac, in case there are some applications that have been closed but refuse to release the RAM for the OS to reuse