• Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    10 Tips on Policy Enforcement and Tracking for Mac OS X

    Large deployments of Mac OS X based systems are becoming more and more prevalent. In some ways, this is due to one to one programs and more frequent enterprise deployments of Mac OS X. As such, people are more and more looking to manage systems. And any time you have systems being managed, those using managed systems start looking to break the management of the computers. Therefore, a new topic comes up: trying to discern when a system has broken out of the management framework. For example, how do you know when users have broken your firmware password? How do you know when they’ve circumvented your managed preferences framework to…

  • Mac OS X,  Mac Security,  Mass Deployment

    Those Pesky Firmware Passwords

    The summer is upon us. Our users are watching videos like this one: While it’s actually way easier than what they show here, let’s look at stopping people from circumventing our admin goodness using the old school firmware password. Keep in mind, these passwords are somewhat easily reversible as they’re encrypted in a junior varsity way, so don’t use the same password that you use for anything else. To create our password in a script, we’re going to use EFIPW available http://code.google.com/p/efipw. Move the download to somewhere like /usr/local/bin folder. Then, to set the password to supah-secret: efipw_0.2b.py -p supah-secret -m command The client will now be in command mode,…