# You can also set it up to send you a notification # If it successfully pings, you know someone booted into Single User Mode # Use Geektool on server that constantly pings the IP address you set # Uncomment the echos for easier troubleshooting and to see the script in action # This runs in Single-User Mode automatically Paired with Geektool running on my server, as soon as someone boots to this mode, I know about it. Since I could not prevent them from booting to this mode, I decided to try the next best thing: get alerted when they do it. I take a slightly different approach since we do not currently use EFI passwords. Unfortunately as you have found above we really only have firmware passwords and FV2 to deal with that. In the regular BSDs and Linux there are ways to secure single user mode. append /Groups/admin GroupMembership luser This line will add the user to the administrator's group: # cp -r "/System/Library/User Template/English.lproj/" /Users/luser You can then use passwd to change the user's password, or use:Ĭreate /Users/luser for the user's home directory and change ownership so the user can access it, and be sure that the UniqueID is in fact unique. create /Users/luser NFSHomeDirectory /Users/luser To * create a new user* from the command line. # launchctl load /System/Library/LaunchDaemons/ Here is a note I keep in nvALT: To * change a user's password* while in single user mode in OS X… A Google search can turn up much better ways. Just as an FYI they have simply found the easiest fastest way to mess around with users. We need the system to reboot so it can check for the file and then notice it’s missing. This command deletes the file “.applesetupdone” in the /var/db/ directory, which the computer checks for on startup to ensure that the computer has already been set up. We’re going to delete a file that tells your computer that you have completed the initial setup. Now that the drive is mounted, we can edit the file system. Remove the “Setup Has Been Completed” File.Once single-user mode boots (it should look like a black screen with white text), we need to mount the hard drive. If that’s the case, head on over to one of our other guides on getting into single-user mode while locked. It is important to note, however, that this can be blocked by a firmware password. This boots the computer into single-user mode, which in turn gives you access via the root user. Upon hearing the startup chime, hold the key combination CMD+S. I am upgrading to 10.9.x, but wondering if there is a way to stop them for creating admin users via package. I believe the are using the info below to create the accounts. I have a unique issue - students our local JDC have been creating users in 10.6.8 with Single User Mode - i have brought machine in to reimage.
0 Comments
Leave a Reply. |