We enable root, give it a password, then disable it. I think this stops
the average admin user from changing it with passwd.
For machines we want more control over, we set an open firmware
password. That stop a person from booting off of anything other than
the drive set in System Prefs.
For really secure machines we do all of the above and we use a tamper
indicating device (TID). Basically a piece of tape that goes across the
door to the computer. If the computer was opened, we know it when
inspecting the TID. A good old fashioned lock works too :-)
Thanks,
Allan Marcus
505-667-9531
On Apr 25, 2005, at 7:50 PM, Kok-Yong Tan wrote:
Outside of NetInfo Manager, how many other ways can root access be
enabled and disabled on a client system without booting into
single-user mode and then monkeying with the NetInfo database via CLI?
--
Reality Artisans, Inc. | Network Wrangling and System Delousing
P.O. Box 565, Gracie Station | Apple Certified Help Desk Specialist -
Panther
New York, NY 10028-0019 | Apple Consultants Network member
<http://www.realityartisans.com> | Apple Developer Connection member
(212) 369-4876 (Voice) | (212) 860-4325 (Fax)
PGP Fingerprint: 77B3 D1E9 D24B 4FA9 9606 6C8D 62E4 2E4A 6FDD 9FD5
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Client-management mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/client-management/
email@hidden
