These are some resources from my Security session at PSU MacAdmins 2013:
Slides – PSU MacAdmins 2013 Security
Web resources:
Managing OS X – Payload Free Package template
Matt’s Mac Blog – Making use of the /etc/authorization file in Lion / 10.7.x
Scripts:
https://gist.github.com/keeleysam/1060089beca35ae77bc7
https://gist.github.com/keeleysam/fab1280165ba9c51d017
https://gist.github.com/keeleysam/9de97f29698725675afd
Just wanted to give a heads up. The location of the Authorization DB has changed in Mavericks.
Looks like it’s at `/System/Library/Security/authorization.plist` now.
Also note: I believe I’ve seen OS X updates (specifically, combo updates) overwrite this file. Be careful!
as of Mavericks you should be using the “security” command line instead like
security authorizationdb write system.login.screensaver “authenticate-session-owner-or-admin”
(which we use to activate the old fashioned screen-saver lock where you can put in an admin user name)
I tried your Single User Mode disabler on a 10.8.5 box and it resulted in that it couldn’t find the root/.profile. Am I missing something?