PSU MacAdmins May 23, 2013 at 12:44 pm

Notes from “Security: Locking Down OS X Without Locking Up Users”

These are some resources from my Security session at PSU MacAdmins 2013:

Slides – PSU MacAdmins 2013 Security

Web resources:

Managing OS X – Payload Free Package template

Matt’s Mac Blog – Making use of the /etc/authorization file in Lion / 10.7.x

Scripts:

About Samuel Keeley

Samuel Keeley is a Site Reliability Engineer at Dropbox. He can frequently be found in ##osx-server on Freenode, or on Twitter @keeleysam.

4 Comments

  • Just wanted to give a heads up. The location of the Authorization DB has changed in Mavericks.

    Looks like it’s at `/System/Library/Security/authorization.plist` now.

  • Also note: I believe I’ve seen OS X updates (specifically, combo updates) overwrite this file. Be careful!

  • as of Mavericks you should be using the “security” command line instead like

    security authorizationdb write system.login.screensaver “authenticate-session-owner-or-admin”

    (which we use to activate the old fashioned screen-saver lock where you can put in an admin user name)

  • I tried your Single User Mode disabler on a 10.8.5 box and it resulted in that it couldn’t find the root/.profile. Am I missing something?

Leave a reply

You must be logged in to post a comment.