Locking your Snow Leopard Mac’s Screen when connecting using VNC
Mar 5th
So as you probably know I have been supporting more and more Mac’s in my previously Windows Shop. Now I had to allow Windows home users to connect to their Macs in the office and lock their screens or monitors as they worked in case they were doing confidential or stupid stuff…
This should have been easy. Macs are supposed to be easier to use than Windows machines right? Well no dice. You could not do it with out modifying they system. I tried over and over using VNC, Logmein, PcAnywhere and more… Everyone of them would open my screen right on up, so anyone walking by could not only watch me work but also move the mouse or type on the keyboard! It was the end of the road when someone type hello into a spread sheet of a Production manager… Sonofabitch!
I found a hack courtesy of ArtOfGeek and added my Vine VNC server and a new port for the win! My favorite quote from the article has to be:
I know, enough with the chatter, get on with the tutorial! Just follow these steps and you’ll be locking your Mac running Mac OS X 10.6 Snow Leopard like it’s running Windows XP! Wait, did I just write that? Shudder. Sorry, I think I just threw up a little bit in my mouth.
Here is the nitty gritty for ya:
- Open Automator (in your Applications folder) and choose Service from the list of templates provided and click the Choose button.
- In the left hand column under Library, select Utilities.
- In the second column, drag “Run Shell Script” to the right hand pane.
- At the top of the right hand pane where you dragged the Run Shell Script action, click on the menu next to “Service receives” and choose “no input”.
- Copy and paste the following Terminal command into the empty text area of the Run Shell Script action:
/System/Library/CoreServices/Menu\ Extras/User.menu/Contents/Resources/CGSession -suspendThe entire command should be entered on a single line and note there is a space after “/Menu\”.
Completed Automator action, ready to save (click to enlarge)
- Choose File–>Save, and give the new service a meaningful name like “Lock Computer” that will appear in the Services menu. Once you’ve done that, you can go to the Services menu (located in the current application menu, next to the Apple menu) and your newly created service should appear there.
- Next open System Preferences –> Keyboard –> Keyboard Shortcuts and select Services in the left column.
Setting the keyboard shortcut (click to enlarge)
- Scroll down to the bottom and under the General category, you should see your newly created service listed there. Select it, then Double-click close to the right side of the selected line to reveal a field where you can enter a custom keyboard shortcut. Enter an easy to remember but unique keyboard shortcut (I decided to go with ctrl+option+command+L), and then quit System Preferences.
That’s it! Go ahead and test your keyboard shortcut! That locked your screen right? Now you can install Vine VNC Server on your machine change the port that it is listening on to 1111 or something other than 5900. Connect to your Vine server using UltraVNC using the IP address and the port like this 192.168.1.1:1111. That will keep your Mac locked and allow you to log into your machine keeping the screen locked. If you try to lock the screen and log in on port 5900 (built in screen sharing) you will arrive at the login screen and defeat the purpose of this hack!
You can read the full post at ArtOfGeek here
_TheMacinAdmiN_
Recovering deleted Active Directory Objects and a rant on Password Security.
Feb 25th
Hey there network administrators I don’t know if you know this but it is a VERY VERY bad thing to log into your workstations with your domain admin username and password. It is also VERY VERY bad to leave your servers logged into.
Are you logging in as a normal user? Are you logging out of your servers when you are finished with your work?
You should be…
Sure it makes stuff easier as you don’t have to authenticate over and over but it is also really really dangerous. If your session gets hijacked or your machine becomes infected guess what…
You just handed over the keys to the kingdom without a fight. Your whole network could be destroyed and compromised. What happens if your active directory objects are deleted?
If that happens lets look at a tool our friends at bauer-power.net used to recover deleted accounts. And while we are on that note does anyone know why schema changes would remove user objects in a 2008 native ad setup?
Today I walked into the office with a little bit of a shocker. One of the Help Desk users said that his, and another user’s active directory accounts on our parent company’s domain had miraculously vanished. WTF? The only changes to active directory the previous day was my co-worker was setting up OCS, and that require some schema changes. I am not sure why those schema changes would delete accounts, but whatever, this is the problem I was facing when I walked in (Still no coffee yet either).
Well it turned out to not be that huge of a deal because I found a really awesome free tool that easily finds deleted active directory objects, and with a click of the button restores them. The way active directory deletes objects is pretty cool, and it also makes it relatively easy to recover. According to Petri, “When an object is deleted from Active Directory, it is not immediately erased, but is marked for future deletion…The marker used to designate that an AD object scheduled to be destroyed is called "tombstone". A tombstone is an object whose IsDeleted property has be set to True, and it indicates that the object has been deleted but not removed from the directory, much like a deleted file is removed from the file allocation table but the data is not actually removed from the drive.”
The tool I used to recover the objects is called ADRestore.net. To use it you simply install it on one of your domain controllers, then click Enumerate Tombstones. Find the missing object (User, OU, Computer, Etc) click on it and hit restore. Easy as pie!
Yes! This works on 2008 Active Directory’s as well as 2003. How do I know? Because we are a 2008 native shop! Here is a list of the main features available:
* Browsing the tombstones
* Domain Controller targeting
* Can be used with alternative credentials (convenient if you do not logon to your desktop as Domain Admin, which you should never do anyway)
* User/Computer/OU/Container reanimation
* Preview of tombstone attributesKnow of some other good, free tools for recovering deleted AD objects? Hit us up in the comments!
What do you guys think? What if the objects were modified instead of removed? How do you deal with that? Do you have to do a restore from backup? Can you roll your AD back? Let’s here from you admins out there!
Skype for Windows Mobile pulled but we still have the link!
Feb 25th
So apparently after some partnering up with Verizon, Skype has decided to temporarily pull its Windows Mobile client. Support says if you have it and run it – it will work.
But you will not be able to download it. We found the link on their site is just disabled and you can get to the download page by going to http://www.skype.com/intl/en/download/skype/windowsmobile/ or we have uploaded the file to our server here as well for when it is gone all together!
IE6 pronounced dead at the scene, “mourners” flood in to join the festivities…
Feb 24th
Hors D'ouvres will be served near the IE6 dartboard?
IE6 will be barely missed by us here at AskTheAdmin. We’ve had bad times, and we’ve had worse times with our old frienemy Internet Explorer 6. Rest in pieces you old coot.
Commodore 64 (the one you used to play Bruce Lee on) ,8,1
Don’t forget to sign up for email updates by hitting this link or our RSS Feed here.
Recent Comments