+ Post New Thread
Results 1 to 13 of 13
Mac Thread, Hiding Wireless Key in Technical; Hey, we've got a load of Macbooks (os x 10.5) running standalone from the network with non administrative users for ...
  1. #1
    OllieC's Avatar
    Join Date
    Jun 2009
    Location
    Derby/Birmingham
    Posts
    187
    Thank Post
    17
    Thanked 16 Times in 10 Posts
    Rep Power
    14

    Hiding Wireless Key

    Hey, we've got a load of Macbooks (os x 10.5) running standalone from the network with non administrative users for students. Our problem is that they are connected to the wireless and students are able to view the key by going through the wireless icon in the menubar.

    Any idea how to stop them doing this, doesn't matter if it involves removing the icon either. These are not linked to our x-serve/domain in any way.

    Thanks,
    Ollie.

  2. #2
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Hi

    Enable Parental Controls for that account and define the Simple Finder Control

    Antonio Rocco (ACSA)

  3. #3
    OllieC's Avatar
    Join Date
    Jun 2009
    Location
    Derby/Birmingham
    Posts
    187
    Thank Post
    17
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    Quote Originally Posted by AntonioRocco View Post
    Hi

    Enable Parental Controls for that account and define the Simple Finder Control

    Antonio Rocco (ACSA)
    Thanks, will give that a shot tomorrow... there's already been a failed attempt at it so I was thinking they may have already tried that but will have to see when I get at them tomorrow.

  4. #4

    rush_tech's Avatar
    Join Date
    Jul 2006
    Location
    Nottingham
    Posts
    1,427
    Thank Post
    112
    Thanked 269 Times in 202 Posts
    Rep Power
    195
    Not hijacking this thread at all

    I've come across the very same situation, I've enabled simple finder control for the user(standard user) is there any other configuration to do after that?


    Can I just ask where is the wireless key visible on a MAC?

    Thanks

  5. #5
    petectid's Avatar
    Join Date
    Jun 2005
    Posts
    298
    Thank Post
    2
    Thanked 15 Times in 13 Posts
    Rep Power
    21
    Can you not just uncheck the box in network preferences "Show AirPort status in menu"

  6. Thanks to petectid from:

    rush_tech (15th October 2009)

  7. #6

    rush_tech's Avatar
    Join Date
    Jul 2006
    Location
    Nottingham
    Posts
    1,427
    Thank Post
    112
    Thanked 269 Times in 202 Posts
    Rep Power
    195
    I'll give it a go

    Thanks

  8. #7
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Hi

    @ rush_tech

    "Can I just ask where is the wireless key visible on a MAC?"

    Keychain Passwords are visible in the Keychain Access application: /Applications/Utilities. Launch the application, select login in the left hand panel, select the password you're interested in (it should be listed) click the 'i' icon at the bottom or use command+i. Select the 'show password' option. You should be prompted to enter the local admin password as well as the option to either 'Always Allow'; 'Allow Once' or 'Cancel'.

    Antonio Rocco (ACSA)

  9. Thanks to AntonioRocco from:

    rush_tech (15th October 2009)

  10. #8

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    Hold down the apple key and drag the icon off the menu bar. This is the same as removing the tick in 'display in menu bar.'

  11. #9

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    10,053
    Thank Post
    3,583
    Thanked 1,123 Times in 1,025 Posts
    Rep Power
    377
    Quote Originally Posted by OllieC
    the wireless and students are able to view the key by going through the wireless icon in the menubar.
    Presuming this is by somehow gaining access to key chain utility or what exactly opens or happens after they get into the wireless icon ?


    Quote Originally Posted by AntonioRocco View Post
    Hi

    @ rush_tech

    "Can I just ask where is the wireless key visible on a MAC?"

    Keychain Passwords are visible in the Keychain Access application: /Applications/Utilities. Launch the application, select login in the left hand panel, select the password you're interested in (it should be listed) click the 'i' icon at the bottom or use command+i. Select the 'show password' option. You should be prompted to enter the local admin password as well as the option to either 'Always Allow'; 'Allow Once' or 'Cancel'.

    Antonio Rocco (ACSA)
    I was aware of that already but obviously the students would either have to

    A - Know the login credentials for the admin account

    B - Crack the admin accounts login credentials by using the single user mode or using a cd to reset the local admin accounts password but not even sure if that would allow them access to key chain utility to reveal the passwords because obviously the domain admin accounts over ride the local admin accounts afaik ( correct me if I am wrong )

  12. #10
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Hi

    @ mac_shinobi

    "Crack the admin accounts login credentials by using the single user mode"

    Enabling a firmware password would disable anyone's ability to access single user mode. Even this can be got around if you know what to do. However it would be pretty obvious catching students if they attempted it. It's not really something that can be done quickly if you've never done it before.

    " . . . using a cd to reset the local admin accounts password"

    Deny them access to the optical drive with the relevant managed preference. WGM > Group and/or Computer Group > Media Access.

    ". . . domain admin accounts over ride the local admin accounts afaik (correct me if I am wrong )"

    Good question! I'm not really sure myself? I don't think it's a question of local vs domain. Any admin account should work. For example I could create a mobile account (stored locally on a mac client) for an account that exists on Active Directory. User Profile gets downloaded to the local drive. I would then need to enable that account as a local admin using the default local admin account credentials to authenticate the action. Log out and log back in again to make it active. There would then be nothing stopping you from deleting the default local admin account.

    However you would need the local admin to allow this to happen. It's important therefore to 'secure' the local admin account as much as possible. You can apply a managed preference hiding the local admin account from view entirely.

    Antonio Rocco (ACSA)

  13. #11

    Join Date
    May 2006
    Location
    West Bromwich
    Posts
    2,192
    Thank Post
    300
    Thanked 215 Times in 185 Posts
    Rep Power
    57
    You could also lock the keychain and then change the admin password. This results in the 2 passwords (one to login and one to open the keychain) to be different. So even if they hack the local admin account, they shouldn't be able to access the keychain.

  14. #12
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Hi

    HodgeHi (hello Mark!) makes a good point. You would need to know both passwords (the old one as well as the new one) to defeat Keychain Manager. However this can be got around if you know what to do.

    You could enable Root and give it a completely different password as well.

    You can deny access to the Keychain Access application using Parental Controls (if a local 'managed' account) or a suitable MCX in WorkGroup Manager. If you can't be bothered to do this you could remove the whole of the Utilities folder and place it on the desktop of the local admin. From there create an encrypted disk image using DU. There would be no way anyone could access it then Not even if you used Target Disk Mode and selected the 'Ignore Permissions on this Volume' option.

    To reset a firmware password take out one of the RAM Modules. Restart the Mac and reset the Parameter RAM (PRAM) three times. Switch it off. Replace the RAM Module, switch it on as normal. If Mac suites have CCTV fitted it would be a fairly obvious thing to spot.

    Antonio Rocco (ACSA)
    Last edited by AntonioRocco; 16th October 2009 at 03:07 PM.

  15. #13
    OllieC's Avatar
    Join Date
    Jun 2009
    Location
    Derby/Birmingham
    Posts
    187
    Thank Post
    17
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    Hey again, sorry for the late reply, this is the first time I've actually been able to get at one of these Macbooks.

    They're getting to it by going through the wireless icon, join other network, show networks, selecting the school network and choosing "show password".

    Simple finder is too restrictive and we want them to be able to connect to wireless at home. Any suggestsions?

    Thanks.



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 26th April 2010, 03:13 PM
  2. Wireless key on group policy?
    By zag in forum Wireless Networks
    Replies: 6
    Last Post: 13th July 2009, 12:53 PM
  3. Hiding folders from Windows
    By turn_it_off in forum Mac
    Replies: 1
    Last Post: 17th March 2009, 03:43 PM
  4. Moodle - Hiding Courses
    By binky in forum Virtual Learning Platforms
    Replies: 2
    Last Post: 29th April 2008, 10:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •