mcg16
Level 1 (4 points)

Q: Notify by email if FileVault Safari-Only Guest User Logs in

Hi everyone,

 

I know this is an advanced topic that may not be possible, but I wanted to see if the community had any suggestions. I am familiar with the terminal, and just started learning about launchd and daemons, and sending email using the command line, so programming topics are manageable for me, but I'm not familiar with the deeper innards of the Mac OS X.

 

Note that this is my first post, so I wasn't sure which community to post to, but thought the developer community would be the people with the right technical know-how to provide suggestions. If this was the wrong place to post, please let me know which forum would be more appropriate.

 

Here is my situation: I have a FileVault-encrypted early-2015 MacBook Pro running Yosemite (10.10.5) with one user that requires administrative privileges to do work. I want to have the guest user active for the possibility of being able to track it if stolen, and I realize in that event I can use iCloud to check-in and monitor if the thief has logged into the guest account. However, I need to have a way to notify someone else if the guest user has been logged in other than iCloud, with the first thought being email.

 

I found this old discussion about installing Prey on a FileVault guest user account here, and saw this as a good lead on what to do, but it also seemed like I would need a bunch of other dependencies to send out an email or that doing this would require to set-up an AppleScript to do something from safari, and I'm not that familiar with using AppleScript.

 

Hopefully this is enough information for people to provide suggestions. Anything is welcome, and you can certainly ask questions if you need more information.

 

Thanks!

MacBook Pro (Retina, 13-inch,Early 2015), OS X Yosemite (10.10.5), FileVault2-encrypted

Posted on Sep 21, 2016 5:51 AM

Close
mcg16

Q: Notify by email if FileVault Safari-Only Guest User Logs in

  • All replies
  • Helpful answers

  • by tygb ,

    tygb Sep 21, 2016 7:09 AM in response to mcg16
    Level 2 (398 points)
    Mac OS X
    Sep 21, 2016 7:09 AM in response to mcg16

    Hello !

                If you created only admin account , and file vault ( and the key is in your records / written in

    the diary ) and the thief tries to enter in recovery mode by pressing command + R + power key .....and he boot to the OS X recovery partition & try to reset the password utility .

     

    In this scenario , he has to open disk utility unlock the volume & even then the reset password utility will change OS X password & not the file vault password .

     

    And if thief visits authorized apple service centre and request them to wipe out file vault , they will ask for original invoice .

     

    So , to be on safer side go to system preferences - iCloud - check the box find my mac .

     

    And also if you have formed guest user account , the thief can only browse he can not wipe out the drive .

     

    Suggested article : OS X El Capitan: About FileVault encryption

     

    Thanks !

  • by mcg16,

    mcg16 mcg16 Sep 21, 2016 7:15 AM in response to tygb
    Level 1 (4 points)
    Sep 21, 2016 7:15 AM in response to tygb

    Thanks for your answer tygb. "Find My Mac" is enabled on my computer, so I don't think your concerns are applicable in this scenario. However, this doesn't address my question, as I'm referring to when my Mac has not been stolen, but someone has logged into the guest user account. I can't be checking iCloud all the time, so I need a way to be notified if someone has used the guest account. If you or others have a suggestion in this regard, let me know.

     

    If it's helpful, I found a Apple Discussions topic that discuss sending an email using a launchd daemon here, but I'm not sure how this can be combined with the Prey forum question to have it run in the Safari-Only Guest User.

  • by tygb ,

    tygb Sep 23, 2016 3:36 AM in response to mcg16
    Level 2 (398 points)
    Mac OS X
    Sep 23, 2016 3:36 AM in response to mcg16

    If the guests are too smart , before leaving they will delete history , trash , book marks or if still they used private browsing .

    You can go to time machine and find out to the time they logged in .( some traces will be there ) .