System Preferences – Software Updates – 10.8

Software Updates have now been incorporated into the Mac App Store, which is not something I’m a massive fan of, but I can see why it’s been done.

The good news is that you can still update the System software using the softwareupdate command in Terminal, so nothings been broken by this change.

Gone is the option to choose how regularly your machine checks for updates.

There are now the following options

Automatically check for updates – tick this if you want to be notified when new updates are available.

Download newly available updates in the background – tick this if you have an unlimited broadband/data connection, with some updates being a couple of GB in size now, its not wise to leave this checked with a limited plan, as you could go over without realising.

Install system data files and security updates – does what it says on the tin.

Automatically download apps purchased on other Macs – I leave this unticked as I prefer to choose what takes up my hard drive space on each machine, rather than having all apps install on all machines automatically.

 

Create a Hidden Administrator

I like to hide the administrator account from prying eyes, this helps add to the security of your machine by not making it obvious what accounts are on the machine.

To do this you need to do a number of things, first of all log in to the Mac with an admin account.

Go to System Preferences, then Accounts, then click on Login Options & change the following options

Display login window as : Name and password
Disable Automatic Login

Next you can either create a new admin account to hide, or you can edit and hide an existing one

Now, right-click (CTRL Click) on the account you wish to hide and choose Advanced Options

Set the User ID to a number less than 500, I usually do between 490 and 499 as there are a few system accounts that use earlier numbers

Now change the Home directory to something someone wouldn’t think to look, a lot of people use /var/

It’s also a good idea to put a . in front of your home folder to hide it further, so the path would be /var/.admin

Now you need to move and rename your actual home folder, to do this it’s easiest to use the Terminal, so open that up and type the following

sudo mv /Users/admin /var/.admin
sudo chown -R admin /var/.admin

Now you need to remove the Public and Sites folders from your home folder, as you already have a Terminal window open then you can enter the following to remove them

sudo rm -R /var/.admin/Public /var/.admin/Sites

OK, now thats all done you need to make some changes to the loginwindow preferences, this can also be done in the Terminal, so enter the following

sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array admin

This will hide any account with a User ID under 500 and add your ‘admin’ account to the hidden users list

Test this by rebooting and logging in as a non-admin user, go to System Preferences and then Accounts, if all is well then the admin account will not show up

Now log out and log in as the hidden admin user, I tend to put some applications on the Desktop of this hidden account, just ones that I’d rather the end user of the machine not use as they have the potential to break their machines if not used correctly (I once had a user use OnyX to display hidden files and then they deleted the mach.kernel as they didn’t recognise the file and thought it could be a virus) so I now keep this out of their reach

Firmware Password Utility

As every good System Administrator should, I set firmware passwords on all my macs.

But one of the frustrations caused by this security precaution is when you are trying to boot a mac into Target Disk Mode, you need to first boot from an installation disk and then run the Firmware Password Utility

To get around this, I create a copy of the Firmware Password Utility on all macs (you could put one on a USB if you wish)

This is done by by following these steps

1. Insert a Mac OS X Installation DVD into your Mac

2. Open Terminal and type the following

cp - R "/Volumes/Mac OS X Install DVD/Applications/Utilities/Firmware Password Utility.app" ~/Desktop

3. Now you can run the utility from your desktop

Also, if you are setting up multiple macs and you wish to have them all use the same firmware password, you can do the following to push it to all machines

1. Set it manually on 1 machine using the utility mentioned above

2. Open Terminal and type the following

sudo nvram security password

you will get an output similar to this

security-password %cd%f8f%bd%98%87%c5%

This is your encoded firmware password, you can now deploy this via Apple Remote Desktop, SSH, or a script.

Please note, this will only work on Intel Macs

To deploy it to other Macs, enter the following into Terminal either locally, via SSH, ARD or other deployment solutions

sudo nvram security-password %cd%f8f%bd%98%87%c5%
 sudo nvram security-mode=command