Due to some restrictions I can't let my users mount external HDD's/USB Flash etc. in RW mode. Onle read is allowed, so how can I do that without OS X Server installed?
idimch wrote:
Due to some restrictions I can't let my users mount external HDD's/USB Flash etc. in RW mode. Onle read is allowed, so how can I do that without OS X Server installed?
What is wrong with OS X Server?
Nothing wrong, except I did not have it and I'm not going to buy it.
idimch wrote:
Nothing wrong, except I did not have it and I'm not going to buy it.
Probably not money well spent. Anyone even thinking of going down this road would do well to read the ArsTechnica review here:
Apple doesn't market Lion Server to home users and the original poster seems to be a business user.
Lion Server certainly seems like it would be able to accomplish the task.
There is little distinction in practice between a home user and an SME. The points made in the ArsTechnical article seem pretty valid to me. I wound't touch with a bargeople (and I'm a small business user, too).
Thanks for all, I did my task with workgroup manager, installed locally:
Good to know.
Thanks for the feedback.
Hi there,
I spent too much time finding how to recover my user profile on this forum, because from some time it is separated from my apple ID, but it uses same email 🙂
Well, this solution (I mean Workgroup Manager being locally installed) still work well, except one thing: if your "limited" user will reboot your Mac - he will have a full access to the hard disks connected to this, because at booting stage OS will mout everything using root privileges... Any idea how to prevent OS from doing this?
Physical access trumps all security. If you were using true managed accounts such as with OS X Server or Active Directory, then you can control the machine's access to your network and the users on it. A user could still reformat the hard drive, but then they couldn't reconnect to the server and you would know something was up.
Well, actual knowing about an accident is not enough for company where I'm working. If somebody will steal pre-release version of feature we producing, the penalties could be very impressive. In Windows environment I did that block what I'm talking about - using some antivirus software 🙂 But with Mac I still did not find perfect solution, which will fit all requirements...
Windows is no different. If someone had physical possession of that Windows machine and the intellectual property residing on it, they could have copied that off if they were determined enough. This is not a question of differences in operating sytems, but the pragmatic realities of mobile devices and human beings. All you can really do it make the task more difficult for the hacker. But if you are unwillng to try easy solutions like OS X Server, then I doubt you would be interested in 3rd party full-disk encryption requiring CAC card access. You can have as much security as you are willing to pay for up to a limit of just under 100%. You have to combine the technological solutions with social solutions like references and background checks. Even people who specialize in such things get burned from time to time.
Need to know how to force read only mode for any external drive attached to my mac.
