Administrator guide: how to obtain or prevent access to OS X (1)

Source: Internet
Author: User

Administrator guide: how to obtain or prevent access to OS X (1)

Working as a system administrator is sometimes not an easy task. Because many devices, networks, and users need to be managed, it is easy to get exhausted. Therefore, a certain configuration is not ignored, but is protected too strictly.

Obtain administrator access to OS X

However, either of these extremes inevitably leads to one of the two scenarios: Once a loophole is drilled down, unauthorized users will be granted higher permissions; or the environment is too secure, and even the IT department loses its unrestricted access.

IT is ironic that, in the early stages of my IT career, when I was studying Group policies or Apple's Server Admin Tools, I met this scene several times. The lesson I learned is that you must understand how to solve a technology most clearly.

The three methods described in this article can be used not only to regain access to the administrator account, but also to learn how to prevent others from attempting to do the same.

1. restore partitions

How does it happen?

This process is very simple. From the power-off status, enable Mac power, and press the [Option] key before Apple's clock. Hold down this key until the Startup Manager is mounted. Next, select recover Partition ). Start to restore the partition, select Utilities (utility) | Terminal (Terminal ). Enter the "resetpassword" command (note that there are no double quotation marks) and press enter to bring up the password reset utility. Then, select the drive that contains the account you want to reset and select a user from the drop-down menu. Specify a new password for the account, confirm the password, and click Save. Restart the computer. Once OS X is loaded, you only need to enter the account name and the password you just reset to obtain management access.

Who can perform this operation?

The reset method can be executed by anyone who actually contacts the node.

How can this operation be prevented?

Fortunately, there are two ways to prevent this operation. First, enable Firmware Password, which can also be enabled by restoring Utilities (Utility) in the partition | Firmware Password Utility (Utility for Firmware Password, it sets an EFI boot password to prevent user boot from entering any device except the default boot drive.

Second, enable FileVault 2, which is Apple's full-disk encryption function, which can protect the password from the same password reset routine as the non-encrypted account, because FV2 processes the password reset method independently of the operating system. This means that, although the user may change the password of the Administrator account, authentication may be handled differently in FV2, the user will first need to use the previous password (he/she does not know the password) to authenticate the identity, the authentication is passed before obtaining system access.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.