September 25th, 2001 10:57 AM
im considering buying mac administrator by Hi Resolution Systems Ltd. i was wondering if you know this is a secure system or not?
September 25th, 2001 04:52 PM
My college has it installed on all the Macs in the labs. From as much as I have tried to break it, I have yet to succeed. I even ran Mac Army Knife on it, and killed its extensions, and then restarted the finder, and it was still locked down tight. One thing I would like to try is to get a prgram that allows you to edit the contents of the RAM, maybe that way I could somehow disable it. Another possibility is running ResEdit, but I don't think it would work, because it locks the HD for normal users, so you can only read, and not write.
If I ran it, I would make sure to disable the ability to run programs not on the local HD, because that is how I am managing to slowly try to break it.
Over all, I think that my boss is happy with MacAdmin2. It is vvery easy to setup and get running. The only time it goes down is during power surges, because we have more important things plugged into the UPS.
Oh, and before I get harrassed for trying to break one of my schools machines, I work for the Network Department, and should I actually manage to disable MacAdmin, I would tell my boss, and I would probably have to fix it, but if I had to fix it, that would mean that I have to have Admin privileges on MacAdmin .
Considering the average Mac User, and then considering the average h4><0r that refers to Macs as Macintrash, and only knows how to use DoS 'slpoits, I think that it is practically secure, which is what I think all OSs are, secure to the point where a large portion of the world can't break it, but that someone will inevitably find a hole eventually.
September 26th, 2001 02:12 AM
so if i didnt have privleges their is no way for me to accsses the server because thats a problem we have smart students getting their way to the server
September 26th, 2001 04:52 PM
Call me stupid, but what server are you worried about? The MacAdmin server, or some fileserver that you have.
If you are talking about the MacAdmin server, I am pretty sure that one is unable to edit anything without having local access to the machine, or with out having installed a backdoor on the machine, or without connecting via AFP to the machine's HD that has the MacAdmin application on it. Apparently on pre-MacAdmin2 sytems, one would be able to bypass the read-only access by using deliver file, but I think that has been fixed, I'm not sure, because to get into their user-groupyou actually have to have MacAdmin, and I don't. The deliver file hole is the only "exploit" that shows up easily if you search google.
I'll see if I can do it on our MacAdmin2 machines and get back to you.
You might try forums aimed at Mac security or just Macs in general, I don't want to plug anyone else's in JP's, besides I refuse to advertise without being paid first.
September 26th, 2001 07:38 PM
Ok, so here I am on one of our Macs with MacAdmin installed.
I tried to run Deliver File, but it is disabled, which effectively closes that hole.
Anything else you might ask will probably be beyond what I know.
But I will try.
October 18th, 2001 09:04 PM
Ok, so it has been a while, but I have recently spent the last few days working with only MacAdmin machines, both the server and the clients.
I am impressed with some things, and annoyed by others.
The manual that comes with MacAdmin blows. It is terrible. The only way it helps is when installing a fresh setup, once you have to change configurations you have to get creative.
There is an override password that works on all the machines that you install it on, one that the admin sets. We had to use that alot in the past coulpe of days because we completely restructured out network, so things had stopped working. The most frustrating thing about the Overide is that the computer has to be turned on without being able to contact the MacAdmin server, this is all fine and good, except that the machine has to wait before booting all the way to try and contact the server, my suggestion bring a good magazine, you will be waiting a while.
MacAdmin, when working properly, really locks down a system. Default protection is very restraining, you everything is read/execute.
I haven't played much with the server, but if its destributed file synchronizing is as powerful as RevRdist, then you would be able to keep that system clean, and system upgrades would be a snap.
I had a problem with the server Yesterday, I tried change a luser account into a superuser account, but the luser group restictions kept overiding the superuser group priveleges. I think it is probably something simple that I am missing, if it was a unix--type OS, I would have had it done in a second, but the gui is getting in between me and what I need to see.
Anyway, I have only just come to a Windows machine that is as locked down as a MacAdmin client machine, and the management of the MacAdmin machine was incredibly simple compared to what I had to do to hack to get admin on the heavily policy-edited NT box.
anyway, that is my recent experience with macadmin,