No subject


Mon Oct 29 21:31:58 EDT 2012 

the-firmware-password-in-mac-os-x/ ) ever since 2011 overruling the firmwar=
e password is not so easy and that it generally requires an Apple technicia=
n to do. Dani, or anyone else, is this the case that disabling an unknown f=
irmware password requires a trip over to see Dale Kentner? ;-)

------------------------------------
Donald Duff-McCracken
Technical Services Manager
Mapping, Analysis & Design
Faculty of Environment
University of Waterloo
(519) 888-4567 x32151
https://uwaterloo.ca/environment-computing/about/people/donald-duff-mccrack=
en

------------
To request help from MAD please use Request Tracker. For info see:
https://rt.uwaterloo.ca/~wwwrt/cgi-bin/rtuser.pl

------------
This email communication is intended as a private communication for the sol=
e use of the primary addressee and those individuals listed for copies in t=
he original message. The information contained in this email is private and=
 confidential and If you are not an intended recipient you are hereby notif=
ied that copying, forwarding or other dissemination or distribution of this=
 communication by any means is prohibited.  If you are not specifically aut=
horized to receive this email and if you believe that you received it in er=
ror please notify the original sender immediately.

From: Keith Peck <kdpeck at uwaterloo.ca<mailto:kdpeck at uwaterloo.ca>>
Date: Monday, 28 January, 2013 4:06 PM
To: MacTUG <mactug at mailman.uwaterloo.ca<mailto:mactug at mailman.uwaterloo.ca>=
>
Subject: [MacTUG] Preventing unauthorized OSX "Recovery"

Hi,
Is there a way to prevent a user from sitting down and accessing the Recove=
ry Options if they were to boot a machine running OSX 10.8 or 10.7?

Say someone holds down the 'ALT' key at system boot and decides to select t=
he Recovery Option, then uses the Disk Utility to wipe the hard drive, or a=
 re-install to give themselves admin access to the machine.

I=92m hoping for something like a requirement to enter a password before an=
ything under the =91Recovery=92 selection can be used when the =91ALT=92 ke=
y is held at boot.

Keith Peck
Client Services, Information Systems and Technology
University of Waterloo, Waterloo, Ontario, Canada, N2L 3G1.
MC 2020, (519) 888-4567 x.37770
kdpeck at uwaterloo.ca<mailto:kdpeck at uwaterloo.ca>


--_000_CD2C556E27851dsmccracconnectuwaterlooca_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <73E3292A9FD58543BAB77890C1AFBC1D at connect.uwaterloo.ca>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Calibri, sans-serif; ">
<div>
<div>To elaborate on Dani's comments.</div>
<div><br>
</div>
<div>This is not some great site that I have bookmarked or anything, but th=
is page explains it reasonably well</div>
<div><br>
</div>
<div><a href=3D"http://www.chriswrites.com/2012/02/how-to-set-the-firmware-=
password-in-mac-os-x">http://www.chriswrites.com/2012/02/how-to-set-the-fir=
mware-password-in-mac-os-x</a>/</div>
<div><br>
</div>
<div>There are some ways to do it without booting from the recover partitio=
n (or a system dvd) but I would likely do it the official way the first tim=
e at least.</div>
<div><br>
</div>
<div>In the older macs, the firmware password was not perfect in the securi=
ty in that any simple change in the mac's hardware (like pulling out some o=
f the RAM) was enough to turn off the firmware. I think the reasoning was t=
hat if you could 'break in' to the
 mac enough to change the hardware, then clearly you were an admin type and=
 you should be able to turn off the firmware password. This line of reasoni=
ng was quasi-acceptable if all you had were Mac Towers, which could be lock=
ed to prohibit access, but there
 were a lot of macs such as a lot of iMacs and Mac Minis where it was reall=
y easy to change the ram configuration.</div>
<div><br>
</div>
<div>From what I understand (e.g.&nbsp;<a href=3D"http://www.chriswrites.co=
m/2012/02/how-to-set-the-firmware-password-in-mac-os-x">http://www.chriswri=
tes.com/2012/02/how-to-set-the-firmware-password-in-mac-os-x</a>/ ) ever si=
nce 2011 overruling the firmware password
 is not so easy and that it generally requires an Apple technician to do. D=
ani, or anyone else, is this the case that disabling an unknown firmware pa=
ssword requires a trip over to see Dale Kentner? ;-)</div>
<div><br>
</div>
<div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">------------------=
------------------</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">Donald Duff-McCrac=
ken&nbsp;</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">Technical Services=
 Manager</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">Mapping, Analysis =
&amp; Design</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">Faculty of Environ=
ment</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">University of Wate=
rloo</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">(519) 888-4567 x32=
151</div>
<div style=3D"font-family: Helvetica; font-size: 12px; "><a href=3D"https:/=
/uwaterloo.ca/environment-computing/about/people/donald-duff-mccracken">htt=
ps://uwaterloo.ca/environment-computing/about/people/donald-duff-mccracken<=
/a></div>
<div style=3D"font-family: Helvetica; font-size: 12px; "><br>
</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">------------</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">To request help fr=
om MAD please use Request Tracker. For info see:&nbsp;</div>
<div style=3D"font-family: Helvetica; font-size: 12px; "><a href=3D"https:/=
/rt.uwaterloo.ca/~wwwrt/cgi-bin/rtuser.pl">https://rt.uwaterloo.ca/~wwwrt/c=
gi-bin/rtuser.pl</a></div>
<div style=3D"font-family: Helvetica; font-size: 12px; "><br>
</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">------------</div>
<div style=3D"font-family: Helvetica; font-size: 12px; ">This email communi=
cation is intended as a private communication for the sole use of the prima=
ry addressee and those individuals listed for copies in the original messag=
e. The information contained in this
 email is private and confidential and If you are not an intended recipient=
 you are hereby notified that copying, forwarding or other dissemination or=
 distribution of this communication by any means is prohibited.&nbsp; If yo=
u are not specifically authorized to
 receive this email and if you believe that you received it in error please=
 notify the original sender immediately.&nbsp;</div>
</div>
</div>
<div><br>
</div>
<span id=3D"OLK_SRC_BODY_SECTION">
<div style=3D"font-family:Calibri; font-size:11pt; text-align:left; color:b=
lack; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM:=
 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid;=
 BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style=3D"font-weight:bold">From: </span>Keith Peck &lt;<a href=3D"mai=
lto:kdpeck at uwaterloo.ca">kdpeck at uwaterloo.ca</a>&gt;<br>
<span style=3D"font-weight:bold">Date: </span>Monday, 28 January, 2013 4:06=
 PM<br>
<span style=3D"font-weight:bold">To: </span>MacTUG &lt;<a href=3D"mailto:ma=
ctug at mailman.uwaterloo.ca">mactug at mailman.uwaterloo.ca</a>&gt;<br>
<span style=3D"font-weight:bold">Subject: </span>[MacTUG] Preventing unauth=
orized OSX &quot;Recovery&quot;<br>
</div>
<div><br>
</div>
<div xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micro=
soft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" x=
mlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:/=
/www.w3.org/TR/REC-html40">
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri","sans-serif";
	mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri","sans-serif";
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri","sans-serif";
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
<div lang=3D"EN-CA" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Hi,<o:p></o:p></p>
<p class=3D"MsoNormal">Is there a way to prevent a user from sitting down a=
nd accessing the Recovery Options if they were to boot a machine running OS=
X 10.8 or 10.7?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Say someone holds down the 'ALT' key at system boot =
and decides to select the Recovery Option, then uses the Disk Utility to wi=
pe the hard drive, or a re-install to give themselves admin access to the m=
achine.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">I=92m hoping for something like a requirement to ent=
er a password before anything under the =91Recovery=92 selection can be use=
d when the =91ALT=92 key is held at boot.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D;mso-fareast-language:EN=
-CA">Keith Peck<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D;mso-fareast-language:EN=
-CA">Client Services, Information Systems and Technology<o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D;mso-fareast-language:EN=
-CA">University of Waterloo, Waterloo, Ontario, Canada, N2L 3G1.<o:p></o:p>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D;mso-fareast-language:EN=
-CA">MC 2020, (519) 888-4567 x.37770<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"color:#1F497D;mso-fareast-language:EN=
-CA"><a href=3D"mailto:kdpeck at uwaterloo.ca"><span style=3D"color:blue">kdpe=
ck at uwaterloo.ca</span></a><o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</div>
</div>
</span>
</body>
</html>

--_000_CD2C556E27851dsmccracconnectuwaterlooca_--

More information about the MacTUG mailing list