Protect your Mac!
Apple computers recently have exploded in popularity, Apple stock is soaring and Apple computers are now and have been for some time prime real estate for sticky fingers. So what is an Apple user to do, keep your beloved computer locked up? With the threat of loss, or theft of Apple devices being a reality many companies and many solutions have emerged in the marketplace.
While looking at the options out there for laptop security and recovery, and reviewing all the options, it seemed wise to take a step back and ask the question, what is the end goal? What do you expect to happen when your precious laptop or desktop is lost or stolen? Do you expect to retrieve it? Will you claim it as a loss and report it with your insurance company? The answers to these questions will impact how you should consider the choice for what kind of solution to use to protect your computer.
Almost all recovery software requires the lost or stolen computer to be used and connected to the internet to actually work. So security settings like setting a firmware password or having your computer encrypted with Filevault with no guest account would render the computer unusable, and at the same token untraceable. If laptop recovery is the goal, you need to make it easy for the thief to use the computer even if its only for a little while, else the computer may never register at all.
If the goal is to be able to keep your data safe and secure then set the firmware password and encrypt the drive and forget the recovery software, since in order to use the computer in that state it would have to be wiped or otherwise modified physically the software would be removed.
Don’t over protect your devices, but also take some very practical steps to ensure the security of your files and your systems. Backup your files often, store your files in the cloud (Google Drive, Dropbox, etc..), and seriously consider physical security from where you keep your computer in your house, to how you store it in your car.
Now that you’re ready to pick a laptop security solution consider the options.
iCloud – Find my Mac
This is a good solution that will automatically track, locate your mac. Allows you to remotely wipe, and display a message on the screen of the lost / stolen laptop. Does not have an option to take pictures or screenshots of the computer and can be easily turned off. If your already an iCloud user not a bad thing to have but consider another solution that has more robust features.
LoJack for Laptops
This solution offers a guarantee of laptop recovery, which could be important if you have a large number of computers. If you do Computrace their enterprise version may be a better solution for you. LoJack allows you to track, take photos and screenshots of the stolen mac. It allows you to enter the police details to help you recover the computer.
Undercover Mac
This has been a personal favorite of mine, one of the most comprehensive solutions with a well designed user portal. This software offers the ability to track, take photos, and screenshots of the stolen computer. It also sends key logs of the computer to the portal as well. The team at undercover mac will work with authorities if police info is entered to track and find the laptop. They also have the ability to deploy the product to a large number of systems silently.
Prey
Prey Project is cool and offers a lot of the same features of Undercover Mac. Remote tracking, screenshots, and photos are all part of the package but Prey offers an On Demand mode that allows you control when the reports are generated. You can also change the timing of the reports as well. The only thing with Prey you pay for the amount of reports you can store so the basic package will delete old reports once newer ones arrive. Prey also provides a way to deploy the installer silently.
So this is great, lets talk business and enterprise environments. In many environments privacy concerns are a reality and installing tracking software that can be activated at any time is a concern that can impact employee productivity and cause real concern. Companies with a large number of Mac’s to manage should be using some kind of management tool like Munki or Casper. I strongly recommend having an account with Undercover Mac or Prey and having the ability to remotely enroll a computer that has gone missing.
Before we talk about the how, lets talk briefly about policy. Having a policy in place to ensure that loss or theft is caught early is important. Consider doing regular inventory checks, using asset management software and have systems in place to ensure overall compliance.
Ok, so how do we install tracking software on a managed computer remotely? Its all about targeting the stolen computer. In MUNKI and in Casper you can create a conditional rule and assign that to an installer. The rule would be for the “Hostname” of the system and the install should be a quiet background install.
In Casper you could do this by deploying a script
cd /Library/Application\ Support/ && sudo curl -O https://preyproject.com/releases/0.6.0/prey-0.6.0-mac-batch.mpkg.zip && sudo unzip -XKo /Library/Application\ Support/prey-0.6.0-mac-batch.mpkg.zip && sudo chmod 777 prey-0.6.0-mac-batch.mpkg && API_KEY="PUT_IN_YOUR_OWN_API_KEY" sudo -E installer -pkg /Library/Application\ Support/prey-0.6.0-mac-batch.mpkg -target /You can also check out the instructions on how to remotely deploy Prey here.
https://support.preyproject.com/kb/installation/how-to-deploy-prey-in-batch-mode-mac-os
If you decide to go with Undercover Mac, you would use their deployment method which requires you to add a post install step in the installer to trigger the actual registration.
Disk image deployment
-
Run the Undercover (Automated) installer when creating your disk image. This will install the required Undercover binaries, but will not register the Mac with Undercover!
-
Each time the disk image is deployed on a Mac, Undercover has to register the Mac. Therefore, you should include the registration command in a post-deployment script, or execute it manually
for each Mac: /usr/local/uc/bin/tools/uc-registration -s YOUR_SERIAL_NUMBER
Hopefully this gives you something to think about. I would love to hear about your experiences and get your feedback on theft recovery software in the comments below!
AI Usage Transparency Report
Pre-AI Era · Written before widespread use of generative AI tools
AI Signal Composition
Score: 0.04 · Low AI Influence
Summary
The article discusses laptop security and recovery solutions, including iCloud, LoJack for Laptops, Undercover Mac, Prey, Munki, and Casper. It provides a comparison of the features and benefits of each solution and offers guidance on how to install tracking software remotely in managed computer environments.
Related Posts
Discovering Mole: A Command Line Utility for Mac Cleaning
Caches pile up, apps leave behind junk, and disk space slowly disappears. While there are plenty of GUI tools out there, most of them either lack transparency or feel overly bloated.
Deploy Firmware Passwords
There's no doubt that the security of our computers these days is a very sensitive topic. I have helped several of my clients protect their Mac systems by setting firmware passwords. However, this process can be time-consuming and labor-intensive when dealing with large numbers of machines. But what if you have hundreds or thousands of computers you want to have a firmware password set on?
Enable Accessibility Apps via ARD
I am always looking for ways to use Automator to make my life easier. Its a great tool that offers some impressive capabilities, my favorite of course is the ability to record UI events and convert that into a workflow or even a stand-alone app that you can then deploy and run via ARD. This feature in particular has been a game-changer for me, allowing me to automate repetitive tasks with ease and streamline my workflow.
Roll your own DNS monitoring with DIG, Bash & CRON
If your like me your always looking for ways to be notified of things changing in your IT Environment. There are many tools that you can use to help do this. StatusCake is a great free online tool for monitoring website and IP level uptime and downtime with baked in email notifications. Zeonoss and NAGIOS are great tools that can offer the same with SNMP Monitoring baked in as well.
Authenticate with AD credentials via ARD / SSH
Binding a Mac to an AD is fairly straight forward. Most Mac Admin's worth their salt, know how this is done, many know how to do this via the command line. Once your Mac is bound, authentication is easy, local authentication that is. But what if you want to use your secure AD credentials over an SSH or Apple Remote Desktop connection? Well thats when things need a bit more configuration. Having recently deployed a series of servers with this configuration I figured I would share some of the commands...
Fontrestore, Apple’s fix for your fonts
FontAgent Pro is a great font management solution for OS X. One of the best things about it is that its 100% cloud based. You can run the entire thing hosted in their cloud instance or you can run it on your own server. It's a great solution for font management, and does everything from managing your font licenses, users, libraries, and sets. The one problem however is the fact that when deploying a new font solution, you find yourself in a quandary over the right way to deploy it....
Install Zenoss on 10.9 Mavericks with VMWare Fusion
If you are a network (or systems) administrator, you know how crucial it is to have the right tools for the job. One of the toughest tools to really nail down is a network monitoring tool. Although there are plenty of such tools out there, they range from the over-priced to the under-featured. Where do you look for any sort of middle ground where features don’t lose out to price?
10.9 Deploying Mac App Store Packages
If your like me then your happy that Apple has made several of their wonderful software titles free recently, specifically iLife and iWork for Mavericks. Apple has a defined workflow for deployment of these systems. Their method is to have companies enroll into their Volume Licensing Program once enrolled you can download apps from the app store and the iOS store and deploy these seamlessly to your devices with Profile Manager for Mavericks.
10.9 Mavericks, AutoDMG a match made in heaven
If your like me then you have an entire organization of users who are itching to get their hands on the latest Mavericks operating system and have been told to wait, we are testing. Truth is that its already been tested. I tested it all through the various developer builds and the issues have for the most part been very minimal which is great for a .0 release. However the issue really has been how are we going to deploy it.
10.9 Auto Enrollment Profile Manger Package
Many years ago when I was managing a fleet of computer using 10.6, I thought that I was a master systems administrator because I had all my computers managed by MCX. It took me years to get MCX working properly across all my systems, but it saved me countless hours of time and energy managing preferences and remote settings for new and existing systems. This made my life so much easier, as I no longer had to manually configure each system individually.
