If you’re up on your security, you’ve enabled FileVault on any and all Macbooks you have. The problem for an IT admin working off-site or away from the physical machine is that you may need to reboot the computers. With FileVault, a user will need to enter their password first before OS X boots.
With the commands below, you can reboot a Macbook with FileVault WITHOUT NEEDING USER INPUT. This is good for late night work or times when the user is in a meeting.
Simply open you Terminal and to first check if the command is supported, type:
If everything looks good, you can then enter the following and reboot:
sudo fdesetup authrestart
In Office365, you can setup a rule that blocks attachments with executable content… namely attachments that are EXE files OR things like zip files with EXE, bat, etc. content within. This is something Google Apps automatically does, but Exchange / Office365 does not and requires manual intervention.
To do this, you have to go into the Exchange Admin Center, go to Mail Flow, create a new rule, hit “more options”, and then use the following settings:
Save it and you’re golden!
Working at an MSP, I’ve been trying to script a lot of the repetitious tasks I have to do with Powershell. One of the smaller ones is hiding a local admin account on non domain computers.
Usually, I would have to navigate into the registry to HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon and create a new key, called SpecialAccounts, and then another new key called UserList and then add a new dword value with the name of the account. That’s a lot of work!
Today, I fired up Google and Powershell ISE and came up with this simple, simple script:
New-Item -Path “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon” -Name SpecialAccounts –Force
New-Item -Path “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts” -Name UserList –Force
New-ItemProperty “HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” -Name “[LOCAL ACCOUNT NAME]” -Value 1 -PropertyType “DWord”
Saved it as a PS1 script file and ran it on my computer successfully.
I’ve been doing a lot of research recently on secure methods of password sharing. Being in IT, I have to share many passwords each day and also have passwords shared with me by clients.
My favorite so far is ZeroBin. It is no-frills, open source (so anyone can vet it), and fairly simple. It requires no database and doesn’t store any information in a database. It is as simple as downloading the components, throwing it on a web server and going to the index page. That’s it. I did it on my server here and have been using it personally with no issues.
You can set messages / data to delete after a certain amount of time, like 5 or 10 minutes, or longer… 10 – 30 days.
How is this secure?
- The text or data is encrypted & compressed inside the browser, then sent to the server already encrypted
- The server has the encrypted data and that is all
- The text is encrypted inside the browser. The encrypted data is sent to the server, while the encryption key does not get sent. Therefore even if a server was compromised, nothing could be done with the data
- The encryption key is part of the URL and that is what unlocks the data