krypted.com

Tiny Deathstars of Foulness

OS X has the ability to delete all of the firmware variables you’ve created. This can get helpful if you’ve got a bunch of things that you’ve done to a system and want to remove them all. If you run nvkram followed by a -p option you’ll see all of the configured firmware variables: nvram -p If you run it with a -d you’ll delete the given variables that you define (e.g. boot-args): nvram -d boot-args But, if you run the -c you’ll wipe them all: nvram -c

September 30th, 2016

Posted In: Mac OS X

Tags: , , , ,

A nifty little feature of nvram is the ability to delete all of the firmware variables you’ve created. This can get helpful if you’ve got a bunch of things that you’ve done to a system and want to remove them all. If you run nvkram followed by a -p option you’ll see all of the configured firmware variables:

nvram -p

If you run it with a -d you’ll delete the given variables that you define (e.g. boot-args):

nvram -d boot-args

But, if you run the -c you’ll wipe them all:

nvram -c

September 21st, 2016

Posted In: Mac OS X, Mac OS X Server

Tags: , ,

A nifty little feature of nvram is the ability to delete all of the firmware variables you’ve created. This can get helpful if you’ve got a bunch of things that you’ve done to a system and want to remove them all. If you run nvkram followed by a -p option you’ll see all of the configured firmware variables: nvram -p If you run it with a -d you’ll delete the given variables that you define (e.g. boot-args): nvram -d boot-args But, if you run the -c you’ll wipe them all: nvram -c

October 4th, 2015

Posted In: Mac OS X

Tags: , ,

OS X has the ability to delete all of the firmware variables you’ve created. This can get helpful if you’ve got a bunch of things that you’ve done to a system and want to remove them all. If you run nvkram followed by a -p option you’ll see all of the configured firmware variables: nvram -p If you run it with a -d you’ll delete the given variables that you define (e.g. boot-args): nvram -d boot-args But, if you run the -c you’ll wipe them all: nvram -c

September 24th, 2015

Posted In: Mac OS X, Mac Security, Mass Deployment

Tags: , , , ,

A nifty little new option that came in OS X 10.9 Mavericks and stays in Yosemite is the ability to delete all of the firmware variables you’ve created. This can get helpful if you’ve got a bunch of things that you’ve done to a system and want to remove them all. If you run nvkram followed by a -p option you’ll see all of the configured firmware variables: nvram -p If you run it with a -d you’ll delete the given variables that you define (e.g. boot-args): nvram -d boot-args But, if you run the -c you’ll wipe them all: nvram -c

October 31st, 2014

Posted In: Mac OS X, Mac OS X Server, Mass Deployment

Tags: , , , ,

A nifty little new option in OS X 10.9 Mavericks is the ability to delete all of the firmware variables you’ve created. This can get helpful if you’ve got a bunch of things that you’ve done to a system and want to remove them all. If you run nvkram followed by a -p option you’ll see all of the configured firmware variables: nvram -p If you run it with a -d you’ll delete the given variables that you define (e.g. boot-args): nvram -d boot-args But, if you run the -c you’ll wipe them all: nvram -c Enjoy!

October 23rd, 2013

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , ,

The summer is upon us. Our users are watching videos like this one: While it’s actually way easier than what they show here, let’s look at stopping people from circumventing our admin goodness using the old school firmware password. Keep in mind, these passwords are somewhat easily reversible as they’re encrypted in a junior varsity way, so don’t use the same password that you use for anything else. To create our password in a script, we’re going to use EFIPW available http://code.google.com/p/efipw. Move the download to somewhere like /usr/local/bin folder. Then, to set the password to supah-secret: efipw_0.2b.py -p supah-secret -m command The client will now be in command mode, unless the password is typed in. This disables booting from anything but internal hard drives. Full mode is a bit more annoying as it requires a password every reboot: efipw_0.2b.py -p supah-secret -m full Now, we can take off our tin foil hats. Disabling EFI passwords is then as easy as sending the following through ARD: nvram -d security-mode nvram -d security-password The above would need to be part of any ARD templates that involve a bless command, etc… Now that we’ve used some of the worse encryption ever, I’ll queue up Dirty Deeds, Done Dirt Cheap and sip some Budweiser. Enjoy.

July 1st, 2011

Posted In: Mac OS X, Mac Security, Mass Deployment

Tags: , , , ,

It’s summer! And at many schools that means that the kids are gone and it’s time to start imaging again. And imaging means a lot of rebooting holding down the N key. But wait, you have ARD access into all those computers. And you have automated imaging tools. This means you can image the whole school from the comfort of your cabin out by the lake. Just use ARD and a little automation and you’ll be fishing in no time! If you haven’t used the bless command to restart a client to NetBoot server then you’re missing out. The bless command is used to set the boot drive that a system will use. It comes with a nifty –netboot option. Define the –server and (assuming you have one nbi) you can reset the boot drive by sending a “Unix command” through ARD: bless --netboot --server bsdp://192.168.210.9; restart I added the restart for posterity. This is something everyone with an automated imaging environment really needs to put into their ARD command templates! Now, that all works fantastic in a vanilla environment. But in more complex environments you will need potentially more complex incantations of these commands. Well, Mike Bombich wrote all this up awhile back and so I’ll defer to his article on nvram and bless here to guide you through any custom settings you’ll need. It’s a quick read and really helpful. What else are you gonna’ do while you’re fishing anyway… BTW, if you have more than three beers, please put the MacBook down. And if you don’t, at least close both terminal and ARD. And email. And iChat. Actually, just close the machine now…

June 17th, 2011

Posted In: Mac OS X, Mac OS X Server, Mass Deployment, Network Infrastructure

Tags: , , ,

To reset the open firmware password you can either reboot while resetting PRAM 3 or more times or just pull out the RAM, reboot and reseat it after the next restart.  Have fun with that.

March 18th, 2008

Posted In: Mac OS X, Mac OS X Server

Tags: , , , ,