Chapter 8: Controlling Security

 < Day Day Up > 



Controlling computer security is a complex subject because of the many different aspects that need protection. In this chapter you’ll see how to control who can use a particular Mac, control what a user can do, protect data stored on the Mac, and protect your Mac from Internet attack.

Control Who Is a User

Controlling who is a user of a Mac means to identify the users to the Mac, giving users a secure way of logging in to the Mac while preventing others from using it. This is the process of adding and managing users and passwords.

Set Up a User

If you have multiple people using a single Mac, the best protection is to set up separate user accounts that require each user to sign on. To set up a user account:

  1. While logged on as an administrator, open and click System Preferences. The System Preferences window will be displayed.

    Note

    Most sets of steps in this chapter require that you be logged on as an administrator—a user who has the authority to make major configuration changes to your Mac. If you’re not sure whether you’re an administrator, open the Accounts sheet of System Preferences using the steps under “Set Up a User” and see whether your account is labeled “Admin” (administrator), “Standard,” “Managed,” or “Simplified.”

  2. Click Accounts. The Accounts sheet will be displayed

  3. Click the + button in the lower-left corner. Mac OS X will add a new Standard user and will display the Password tab (see Figure 8-1).

    click to expand
    Figure 8-1: The first step in setting up a user is to assign his or her account name, short name, and password.

  4. Type the user’s full name in the Name text box and press tab. Mac OS X will enter a lowercased version of the name, without spaces or punctuation, in the Short Name text box.

  5. Change the short name as needed, but leave it lowercase and without spaces or punctuation, and then press tab.

  6. Type the password in the Password and Verify text boxes.

    Tip

    Never enter a password hint for an account. The only point in using passwords is to ensure that your user accounts are secure from intrusion. Even an oblique password hint compromises a password. If you don’t need to secure the accounts on your Mac (for example, because it is never connected to the Internet and nobody uses it but you), don’t use passwords.

  7. If the user will need a password hint, type one in the Password Hint text box (but see the Tip on page 160 first).

  8. If you want to change the account from a Standard user to an Administrator user, click the Security tab and select the Allow User To Administer The Computer check box. (See the “Understanding User Accounts” QuickSteps for a discussion of the different types of users.) Mac OS X then makes the Limitations tab unavailable, because Administrator users have no limitations (in this sense).

  9. If you want to change the Standard account to a Managed account or a Simplified account, follow the procedure described in “Control What a User Can Do,” later in this chapter.

  10. Click System Preferences | Quit System Preferences to close System Preferences.

start sidebar
Quicksteps: Understanding User Accounts

To help you control security on your Mac, Mac OS X offers four kinds of user accounts: Administrator, Standard, Managed, and Simplified.

Administrator Accounts

Administrator accounts are for users who manage a Mac. Administrators can:

  • Install new applications in the Applications folder (so that they’re available to all users)

  • Create, delete, and modify user accounts

  • Access, change, or even delete other users’ files

  • Unlock other users’ files encrypted with File Vault (discussed in Chapter 3)

  • Change all settings in System Preferences (Standard users can change only some settings)

Every Mac must have at least one Administrator account. Mac OS X automatically makes the account used to install the OS an Administrator account—so if you installed Mac OS X, you will have an Administrator account.

Standard Accounts

Standard accounts are the next grade down after Administrator accounts. A Standard user can:

  • Create and manipulate files and folders in his or her Home folder and its subfolders, but not in other folders

  • Change some settings in System Preferences, but not major settings such as Startup Disk (which controls the disk your Mac starts from), Network, or Energy Saver

Managed and Simplified Accounts

If a Standard account gives a user too much freedom, you can give the user a Managed account or a Simplified account instead. In a Managed account, you can specify the applications a user can run or the actions he or she can take. In a Simplified account, Mac OS X displays a stripped-down version of the Finder and allows the user to use only the applications that you’ve specified. See “Control What a User Can Do,” later in this chapter, for details on Managed accounts and Simplified accounts.

Match Account Type to User

Before creating a user account, consider what the user will need to be able to do:

  • If the user will manage the computer, create an Administrator account.

  • If the user must be restricted from taking particular actions, create a Managed account.

  • If the user (for example, a child) will benefit from having fewer choices available, create a Simplified account.

  • Otherwise, create a Standard account.

    If in doubt, err on the side of caution when creating accounts. You can change an account from one type to another if you need to.

end sidebar

Customize a User Account

Each user account can be unique, with the user’s own Dock, desktop, color scheme, and screen saver.

Change the Picture

Most users like to choose a custom picture to represent their account instead of the default picture that Mac OS X assigns when you create the account. The user’s picture appears on the login screen (providing your Mac is using the login screen that lists user names), as the default picture in iChat, and on the My Card entry in Address Book.

To change the picture:

  1. Open and click System Preferences. The System Preferences window will be displayed.

  2. Click Accounts. The Accounts sheet will be displayed.

  3. In the list box on the left, click your account.

  4. Click the Picture tab (see Figure 8-2).

    click to expand
    Figure 8-2: Choose a picture for the user on the Picture tab.

  5. Specify the picture to use:

    • Click the desired picture in the list box.

    • Drag a picture from a Finder window or your desktop to the picture well.

    • Click Edit to display the Images window (shown in Figure 8-2), which shows the current picture. Change the picture by dragging another picture to the window or clicking Choose and using the resulting dialog box to select the picture, or click the Take Video Snapshot button to take a picture using your FireWire-connected iSight or camcorder. Drag the slider to change the size of the picture as needed, and drag in the central square to make it display the part of the picture you want. Then click Set.

  6. Click System Preferences | Quit System Preferences to close System Preferences.

    Note

    For Simplified users to be able to choose startup items, they must be allowed to run System Preferences.

start sidebar
Quicksteps: Resetting a Lost Password

If you forget the password for an Administrator account, you can reset it by using the Reset Password utility on the first Mac OS X CD:

  1. Insert the first Mac OS X CD in your Mac’s optical drive.

  2. Restart your Mac. Press c at the startup sound to boot from the CD. Mac OS X will start the installation process automatically.

  3. Open Installer and click Reset Password.

  4. In the Select The Mac OS X Disk Which Contains A Password To Reset list, click the drive Mac OS X is installed on—for example, Macintosh HD.

  5. Click the Select A User Of This Volume To Reset Their Password drop-down list, and then click the user’s name.

  6. Type the new password for the user in the two text boxes.

  7. Click Save. Mac OS X will display the Password Saved dialog box.

  8. Click OK.

  9. Open the Reset Password menu and click Quit Reset Password.

  10. Open the Installer menu and click Quit Installer. Mac OS X will display the Are You Sure You Want To Quit The Installer? dialog box.

  11. Click Quit. Mac OS X will restart from the hard disk.

  12. Log in using your new password.

  13. Drag the Mac OS X installation CD to the Trash to eject it.

    If your Mac restarts from the CD and displays the Installer again, open the Installer menu and click Quit Installer. In the Are You Sure You Want To Quit The Installer? dialog box, click Startup Disk. In the Choose Startup Disk dialog box, click the entry for your hard disk (for example, Mac OS X, 10.3.3 On Macintosh HD), and then click Restart.

end sidebar

Choose Startup Items

All users can choose applications, files, and folders to open automatically on login by using the Startup Items tab of the Accounts sheet in System Preferences. See “Start Applications Automatically When You Log In” in Chapter 5 for details.

Change User Type

Sometimes you may need to change a user’s account type to give that user further privileges or to reduce the scope of actions permitted. To change user type:

  1. Open and click System Preferences. The System Preferences window will be displayed.

  2. Click Accounts. The Accounts sheet will be displayed.

  3. In the list box on the left, click the user’s name.

  4. To change a Standard user to an Administrator user, click the Security tab and select the Allow User To Administer The Computer check box. To change an Administrator user to a Standard user, clear this check box.

  5. To change a Standard user to a Managed or Simplified user, click the Limitations tab, and then work on the Some Limits sub-tab or the Simple Finder sub-tab. See “Control What a User Can Do,” later in this chapter, for details.

  6. To change a Managed user or Simplified user to a Standard user, click the Limitations tab, and then click the No Limits sub-tab.

  7. Click System Preferences | Quit System Preferences to close System Preferences.

Change Mac OS X’s Login Procedure

To change Mac OS X’s login procedure:

  1. Open and click System Preferences. The System Preferences window will be displayed.

    Note

    You can disable automatic login on the Security sheet in System Preferences. See “Choose Tight Security Settings,” later in this chapter.

  2. Click Accounts. The Accounts sheet will be displayed.

  3. Click Login Options at the bottom of the left list box. The login options are displayed (see Figure 8-3).

    click to expand
    Figure 8-3: Use the login options to control how Mac OS X handles login.

  4. Choose options (discussed next) and then click System Preferences | Quit System Preferences to close System Preferences.

The login options are:

  • Choose how to display the login screen by selecting the List of Users option button or the Name And Password option button in the Display Login Window As area. Prompting for the user name is better for security, but is usually less convenient.

  • Choose whether to log in a specified user account automatically (select the Automatically Log In As check box and select the desired user in the drop-down list). Automatic login is useful when you’re the only person who uses your Mac, but it makes security experts turn pale with horror.

  • Select the Hide The Sleep, Restart, And Shut Down Buttons check box if you want to remove these controls from the login screen. Security is the usual reason for removing these controls: with default settings, a malefactor can restart your Mac from the login screen, reboot from a FireWire hard disk he or she plugs in, and circumvent your security.

  • Turn Fast User Switching on or off by selecting or clearing the Enable Fast User Switching check box. (See the next section.)

Turn On Fast User Switching

Fast User Switching enables two or more users to be logged into the same Mac at the same time. Only one user’s session (windows and applications utilized by that user) is displayed at a time; any other user’s session is hidden until he or she switches to it.

Fast User Switching enables you to let someone else to use your Mac for a while without shutting down all your applications and logging out. In a family or small-office situation, Fast User Switching can save a lot of logging on and off and reduce aggravation. Fast User Switching also has several disadvantages:

  • Fast User Switching increases demands on your Mac, particularly its RAM. If your Mac is short of RAM, using Fast User Switching will probably make applications run more slowly.

    Note

    You can’t change a user account when that user is logged in with another session (on a Mac that uses Fast User Switching).

  • While most applications run happily in separate user sessions at the same time, others have problems. Audio players (such as iTunes) and video players tend to be the worst offenders.

  • If a user shuts down your Mac, you can lose unsaved changes in your applications. Mac OS X reduces the chance of loss by warning the user that other user sessions are active and providing the choice of either canceling the shutdown or supplying an administrator name and password before effecting the shutdown, as shown here:

    click to expand

To turn on Fast User Switching, select the Enable Fast User Switching check box on the Login Options screen (shown earlier in Figure 8-3). You can then use Fast User Switching to switch quickly from one user account to another by clicking the user name at the right end of the menu bar, clicking the name of the desired user, and entering the password if prompted for one.



 < Day Day Up > 



Mac OS X Panther QuickSteps
Mac OS X Panther QuickSteps
ISBN: 0072255056
EAN: 2147483647
Year: 2006
Pages: 68

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net