Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Create completely hidden accounts in 10.5 and 10.4.11' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Create completely hidden accounts in 10.5 and 10.4.11
Authored by: zpjet on Feb 04, '08 03:16:00AM

is it then better to be "big brother" without users knowing it? ;)



[ Reply to This | # ]
Create completely hidden accounts in 10.5 and 10.4.11
Authored by: da2357 on Feb 04, '08 07:50:03AM
I'm not sure if the issue is whether we want to play "Big Brother" without others knowing it. I think that some users act "paranoid" if they know --by visibly seeing an "admin" account in /Users-- that there is an admin account, regardless of whether their actions are honorable or not.

I would hope that it's a given that we're all choosing relatively strong passwords for our admin accounts. An added benefit to having a hidden admin account is that in addition to not knowing what the admin password is, the user (for those who wish to try hacking past their allowed privileges) doesn't know what the admin user-name is -- assuming that you choose an admin user-ID that's NOT "admin" or "administrator". For me, it's not about "Big Brother" ethics but rather having a way to make it easier for me to maintain a large number of Macs---for staff-members worried about "Big Brother", I don't have time or the interest in watching what people are or aren't doing on their computers; my interest is in providing a computer with a solid, tested image that contains the apps my staff needs to perform their job duties--and if that takes a few minutes to set up a hidden admin account to minimize problems, so be it.

I think it's an unfortunate necessity that we need to create hidden user accounts... this is either a reflection of my staff or society in general. I work in a school department where I am one person in a two-person IT team, managing almost 600 Macs. We prefer to deploy a standard image that's been tested w/all the apps they need to perform their duties--and we don't have time to troubleshoot problems when someone has added an app without permission. My predecessor used to give out the admin login and password to anyone who asked for it, much to the dismay of my supervisor and me (it's taken me a year to pick up the mess created). I would much rather have to connect via ARD and spend five minutes installing a special app a staff-member needs than to give them an admin account AND THEN have to fix the mess.

[ Reply to This | # ]