How to prevent someone copying files from a Mac (better description inside).
So here’s the scenario.
I have an MBP with just Traktor and iTunes (iTunes is optional). I lend this Mac to someone to DJ with using Traktor and an S2 or S4.
Is it possible to allow the DJ to access the laptop (turn it on) and use Traktor but prevent them from sticking a Ext HDD or USB in a port and sucking my tracks from the Mac by either copying/drag’n’drop or exporting tracks from Traktor. There’s no superdrive so burning isn’t a problem.
Can I protect my files like that? The Mac doesn’t have to have a password login it just needs some way to stop anyone transferring files.
Not sure that FileVault will be the solution unless I misunderstand.
Turn on Filevault, everything in your home folder will be encrypted but will allow all other accounts normal use. Even other Administrators on the same machine cannot access the files.
Other alternative is to set up an encrypted container with trucrypt and store your files there, although thats kinda overkill and means mounting the container each time you boot the computer.
The problem is (if I misunderstand then let me know) is that I just have the one Traktor installation on the Mac and one Home Folder that will be accessed by me and others.
I was hoping that there was a way to disable anything going out of the Mac. I don’t want to prevent other accessing the files, I just don’t want them to be taken/copied from the laptop in anyway.
Basically I want a DJ to use my spare Mac to DJ with the playlists I make in Traktor but not be able to steal my music.
A bit like a computer in a Uni or cyber-cafe that you cannot make any changes to the files, just access the applications. I guess the issue would be allowing the user access to use a controller.
I might not have explained it very well.
Create a new user account for the other user and then won’t be able to access your home folder. keep your files in your home folder, if they are on an alternate drive you’ll need to change the permissions on that drive and ensure the second account is non-administrative so they can’t change them back. of course don’t share your password.
If you lend your MBP to someone I think it would be some friend / someone you trust.
Just tell him not to copy your files.
And if the person doesn’t need your tracks to DJ, simply “remove” your folder for that time. Or just create a new user account and install traktor again?
Possible solution is to disable the USB mass storage, networking, Wifi & bluetooth drivers on all non-admin accounts, (midi will still work) and the either manually enable the kext again your own account or create an applescript that runs on login to re-enable the ports / wifi when you need to add music.
Then you just move the traktor music / playlists to a shared folder accessible to all.
You would think so but it ain’t that simple. I’m just being careful.
This sounds more like what I want.
What I can do is have 2 HDD’s in the machine. One for me and one for ‘Guest Users’. I could have 2 accounts on the Guest User HDD, one for me to access and add music/playlists and one that the guest logins into that has all the restrictions.
Now how do I disable all that gubbins for the the guest user HDD? An AppleScript sounds good but…
1st - Install OSX on the guest drive, create non-admin account as default and remove USB storage devices / network kexts
2nd - Swap the existing primary and guest drives physically so the “guest” install boots first (idiot proofiing)
3rd - specify in the Guest install your itunes folder on the primary drive.
Press Alt during boot do get into your “real” install, any changes to traktor / itunes there should be ported straight across to the guest install (you might have to copy the library xml manually though to the guest home folder)
For this to work you also need to remove the recovery partitions.
Heres the problem though, they could still plug a hard disk containing osx into the usb pre-boot and run their own copy of osx from there to access the files.
Wow lots to take in. I might hit you up for more advice on this if that’s ok dude but yeah this looks a goer.
Shouldn’t be an issue with someone booting from external as the people using it are not that savvy.
Amazing the time we live in. In the past you just worried about people swiping the records out of the crate
Great advice. Let us know how it goes… This is something I’d be interested in. Not that I lend out my MBP, but more as a safety on my studio machine where my main library resides.
OSX is UNIX… So I’m sure some of the ultra geeky amongst us can come up with an even more intricate solution
You’re a genius. Endpoint Protector Basic appears to be exactly what I am looking for. It basically prevents any USB devices that are not on the approved list from being usable.
I just need to add the controllers/USB drives and HDD’s that I use to the approved list and setup a further password beyond the admin
password.
Well this could not have been more simple.
Downloaded the Demo, installed it and within a couple of mins this application has completely solved this problem for me.
I have the admin password that I give to the DJ’s so they can login to the machine (this adds a basic layer of security) and I have added an app specific password so that the app cannot be turned off by anyone but me. It runs in the background all the time.
The app lists all the kinds of storage devices/wifi/bluetooth etc that I want to restrict, I just select the permissions (all set to ‘Deny’).
The app does not see USB devices such as soundcards or controllers at all so they all work just fine.
As soon as a USB thumb drive is inserted a dialog comes up saying it is unauthorised and sends me an email stating when and what device was inserted.
30 day trial which I will test this week and if it goes as well as it has up to now I’ll buy it.
