What can other administrators access on my machine?Protect files from other administrator accountsHow secure are iCloud backups?Unwanted saving of proxy credentialsnsurlsessiond is using all my bandwidthOnly root login remains (all other users gone) and even root hangs, so can't access!How can you switch users at the login screen, without administrator access, with only one local account (the administrator) and many network accounts?Protect files from other administrator accountsCan a thief know my Apple ID without my PIN code?I have a company MacBook Pro and I no longer can see my username on the login screenFileVault and other user accounts; repairEffects of logging in to same Apple ID on multiple macOS accounts (single computer)
What was the first sci-fi story to feature the plot "the humans were the monsters all along"?
Why wasn't the Night King naked in S08E03?
Should homeowners insurance cover the cost of the home?
What does this colon mean? It is not labeling, it is not ternary operator
Why is "breaking the mould" positively connoted?
What is the closest airport to the center of the city it serves?
How do I inject UserInterface into Access Control?
UK Bank Holidays
Are there any of the Children of the Forest left, or are they extinct?
Can my company stop me from working overtime?
Which module had more 'comfort' in terms of living space, the Lunar Module or the Command module?
exec command in bash loop
How can I support myself financially as a 17 year old with a loan?
Target/total memory is higher than max_server_memory
PN junction band gap - equal across all devices?
Would glacier 'trees' be plausible?
Why did the Apollo 13 crew extend the LM landing gear?
Nominativ or Akkusativ
Fender hot rod deluxe connected to speaker simulator diagram
How can I close a gap between my fence and my neighbor's that's on his side of the property line?
I have a unique character that I'm having a problem writing. He's a virus!
Multiple SQL versions with Docker
Does a card have a keyword if it has the same effect as said keyword?
Wrong answer from DSolve when solving a differential equation
What can other administrators access on my machine?
Protect files from other administrator accountsHow secure are iCloud backups?Unwanted saving of proxy credentialsnsurlsessiond is using all my bandwidthOnly root login remains (all other users gone) and even root hangs, so can't access!How can you switch users at the login screen, without administrator access, with only one local account (the administrator) and many network accounts?Protect files from other administrator accountsCan a thief know my Apple ID without my PIN code?I have a company MacBook Pro and I no longer can see my username on the login screenFileVault and other user accounts; repairEffects of logging in to same Apple ID on multiple macOS accounts (single computer)
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I've been given a new MacBook Pro at work, and it has an administrator account which I assume the IT department has the credentials to. I have been created a local account which is also an administrator.
I'm just wondering, as another administrator, what of my data can they access and read? I have iCloud Drive and other services turned on, and I don't particularly like the idea that someone can go in and grab that stuff.
macos security user-account
edited Apr 10 at 3:38
bmike♦
163k46293634
asked Apr 9 at 23:28
RickyRicky
23018
add a comment |
I've been given a new MacBook Pro at work, and it has an administrator account which I assume the IT department has the credentials to. I have been created a local account which is also an administrator.
I'm just wondering, as another administrator, what of my data can they access and read? I have iCloud Drive and other services turned on, and I don't particularly like the idea that someone can go in and grab that stuff.
macos security user-account
edited Apr 10 at 3:38
bmike♦
163k46293634
asked Apr 9 at 23:28
RickyRicky
23018
add a comment |
I've been given a new MacBook Pro at work, and it has an administrator account which I assume the IT department has the credentials to. I have been created a local account which is also an administrator.
I'm just wondering, as another administrator, what of my data can they access and read? I have iCloud Drive and other services turned on, and I don't particularly like the idea that someone can go in and grab that stuff.
macos security user-account
edited Apr 10 at 3:38
bmike♦
163k46293634
asked Apr 9 at 23:28
RickyRicky
23018
I've been given a new MacBook Pro at work, and it has an administrator account which I assume the IT department has the credentials to. I have been created a local account which is also an administrator.
I'm just wondering, as another administrator, what of my data can they access and read? I have iCloud Drive and other services turned on, and I don't particularly like the idea that someone can go in and grab that stuff.
macos security user-account
macos security user-account
edited Apr 10 at 3:38
bmike♦
163k46293634
asked Apr 9 at 23:28
RickyRicky
23018
edited Apr 10 at 3:38
bmike♦
163k46293634
asked Apr 9 at 23:28
RickyRicky
23018
edited Apr 10 at 3:38
bmike♦
163k46293634
edited Apr 10 at 3:38
bmike♦
163k46293634
edited Apr 10 at 3:38
bmike♦
163k46293634
163k46293634
asked Apr 9 at 23:28
RickyRicky
23018
asked Apr 9 at 23:28
RickyRicky
23018
asked Apr 9 at 23:28
RickyRicky
23018
23018
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
Short answer: Generally an administrator account can access and read any file on the computer. To protect files, either remove all untrusted admin accounts except for yours or encrypt the specific files you need protected with your admin password. Another admin can reset your password, but not see it to unlock things like your keychain. Of course a new password for encryption is ideal if you don’t trust another admin.
There are certain files within your account that are encrypted and can not be read without your password.
The main file I'm thinking of is the "Keychain" which may contain your iCloud password and any other passwords you've allowed Safari (or other apps) to remember.
As an IT system administrator myself I would recommend not to store personal data on your work computer that you don't want anyone else to see.
The computer may have backup software that's backing up all files on the computer - including your iCloud Drive.
Also remember that if you're fired, the computer may be taken away before you have a chance to remove your personal files.
edited Apr 10 at 3:26
bmike♦
163k46293634
answered Apr 10 at 2:39
BenBen
1963
4
Even in jurisdictions that are typically very worker- and privacy-friendly, it is generally accepted that all files you store on a company device "belong to" the company, at least in the sense that they can arbitrarily delete them. While in the more privacy-conscious jurisdictions, it may be illegal for an IT admin to continue reading when he accidentally discovers private files on your device, there is a) no guarantee that he will actually do that, and b) he is allowed anyway to read anything on your device until he discovers obviously private data.
– Jörg W Mittag
Apr 10 at 7:08
1
Plus, not all jurisdictions are that privacy-conscious.
– Jörg W Mittag
Apr 10 at 7:09
1
This answer doesn't address FileVault (nor encrypted backups). Can encrypted files inside FileVault be read by other admins? I thought the answer was no.
– Konrad Rudolph
Apr 10 at 8:21
1
@KonradRudolph The original version of FileVault (which encrypted individual home directories) could not be read be others unless a specific user was logged in. The current version with full disk encryption does not provide that level of privacy, any user allowed to unlock will unlock the whole disk.
– nohillside♦
Apr 10 at 21:55
add a comment |
This document provided by Apple titled: Set up users, guests and groups on Mac covers the types of privileges each user type is allowed.
Administrator: An administrator can add and manage other users, install apps and change settings. The new user you create when you first set up your Mac is an administrator. Your Mac can have multiple administrators. You can create new ones, and convert standard users to administrators. Don’t set up automatic login for an administrator. If you do, someone could simply restart your Mac and gain access with administrator privileges. To keep your Mac secure, don’t share administrator names and passwords.
Expanding on this, basically an Administrator can access any of your files and pretty much do anything on the system.
References
- Protect files from other administrator accounts
answered Apr 9 at 23:36
slmslm
2,183921
add a comment |
An Administrator account should be able to install software to log keystrokes, a keylogger. With your keyboard input captured, any passwords input would be captured and could be used to open otherwise secure applications and files. I cannot say whether Apple prevents their use on macOS, but anyone sufficiently determined would be able to circumvent such restrictions.
Also, screen capture software can often be used to determine what keystrokes have been made, especially on mobile devices where the on-screen keyboard keys pop-up as typed.
It is not your computer. Treat it as such.
answered Apr 11 at 18:32
newyork10023newyork10023
211
There are dialogs that use "secure input," which I believe prevent other apps from reading/writing what's being input. I use a text replacement app and, for example, when entering a password on Safari I can't use the text replacement app.
– Harv
Apr 17 at 5:13
add a comment |
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Short answer: Generally an administrator account can access and read any file on the computer. To protect files, either remove all untrusted admin accounts except for yours or encrypt the specific files you need protected with your admin password. Another admin can reset your password, but not see it to unlock things like your keychain. Of course a new password for encryption is ideal if you don’t trust another admin.
There are certain files within your account that are encrypted and can not be read without your password.
The main file I'm thinking of is the "Keychain" which may contain your iCloud password and any other passwords you've allowed Safari (or other apps) to remember.
As an IT system administrator myself I would recommend not to store personal data on your work computer that you don't want anyone else to see.
The computer may have backup software that's backing up all files on the computer - including your iCloud Drive.
Also remember that if you're fired, the computer may be taken away before you have a chance to remove your personal files.
edited Apr 10 at 3:26
bmike♦
163k46293634
answered Apr 10 at 2:39
BenBen
1963
4
Even in jurisdictions that are typically very worker- and privacy-friendly, it is generally accepted that all files you store on a company device "belong to" the company, at least in the sense that they can arbitrarily delete them. While in the more privacy-conscious jurisdictions, it may be illegal for an IT admin to continue reading when he accidentally discovers private files on your device, there is a) no guarantee that he will actually do that, and b) he is allowed anyway to read anything on your device until he discovers obviously private data.
– Jörg W Mittag
Apr 10 at 7:08
1
Plus, not all jurisdictions are that privacy-conscious.
– Jörg W Mittag
Apr 10 at 7:09
1
This answer doesn't address FileVault (nor encrypted backups). Can encrypted files inside FileVault be read by other admins? I thought the answer was no.
– Konrad Rudolph
Apr 10 at 8:21
1
@KonradRudolph The original version of FileVault (which encrypted individual home directories) could not be read be others unless a specific user was logged in. The current version with full disk encryption does not provide that level of privacy, any user allowed to unlock will unlock the whole disk.
– nohillside♦
Apr 10 at 21:55
add a comment |
Short answer: Generally an administrator account can access and read any file on the computer. To protect files, either remove all untrusted admin accounts except for yours or encrypt the specific files you need protected with your admin password. Another admin can reset your password, but not see it to unlock things like your keychain. Of course a new password for encryption is ideal if you don’t trust another admin.
There are certain files within your account that are encrypted and can not be read without your password.
The main file I'm thinking of is the "Keychain" which may contain your iCloud password and any other passwords you've allowed Safari (or other apps) to remember.
As an IT system administrator myself I would recommend not to store personal data on your work computer that you don't want anyone else to see.
The computer may have backup software that's backing up all files on the computer - including your iCloud Drive.
Also remember that if you're fired, the computer may be taken away before you have a chance to remove your personal files.
edited Apr 10 at 3:26
bmike♦
163k46293634
answered Apr 10 at 2:39
BenBen
1963
4
Even in jurisdictions that are typically very worker- and privacy-friendly, it is generally accepted that all files you store on a company device "belong to" the company, at least in the sense that they can arbitrarily delete them. While in the more privacy-conscious jurisdictions, it may be illegal for an IT admin to continue reading when he accidentally discovers private files on your device, there is a) no guarantee that he will actually do that, and b) he is allowed anyway to read anything on your device until he discovers obviously private data.
– Jörg W Mittag
Apr 10 at 7:08
1
Plus, not all jurisdictions are that privacy-conscious.
– Jörg W Mittag
Apr 10 at 7:09
1
This answer doesn't address FileVault (nor encrypted backups). Can encrypted files inside FileVault be read by other admins? I thought the answer was no.
– Konrad Rudolph
Apr 10 at 8:21
1
@KonradRudolph The original version of FileVault (which encrypted individual home directories) could not be read be others unless a specific user was logged in. The current version with full disk encryption does not provide that level of privacy, any user allowed to unlock will unlock the whole disk.
– nohillside♦
Apr 10 at 21:55
add a comment |
Short answer: Generally an administrator account can access and read any file on the computer. To protect files, either remove all untrusted admin accounts except for yours or encrypt the specific files you need protected with your admin password. Another admin can reset your password, but not see it to unlock things like your keychain. Of course a new password for encryption is ideal if you don’t trust another admin.
There are certain files within your account that are encrypted and can not be read without your password.
The main file I'm thinking of is the "Keychain" which may contain your iCloud password and any other passwords you've allowed Safari (or other apps) to remember.
As an IT system administrator myself I would recommend not to store personal data on your work computer that you don't want anyone else to see.
The computer may have backup software that's backing up all files on the computer - including your iCloud Drive.
Also remember that if you're fired, the computer may be taken away before you have a chance to remove your personal files.
edited Apr 10 at 3:26
bmike♦
163k46293634
answered Apr 10 at 2:39
BenBen
1963
Short answer: Generally an administrator account can access and read any file on the computer. To protect files, either remove all untrusted admin accounts except for yours or encrypt the specific files you need protected with your admin password. Another admin can reset your password, but not see it to unlock things like your keychain. Of course a new password for encryption is ideal if you don’t trust another admin.
There are certain files within your account that are encrypted and can not be read without your password.
The main file I'm thinking of is the "Keychain" which may contain your iCloud password and any other passwords you've allowed Safari (or other apps) to remember.
As an IT system administrator myself I would recommend not to store personal data on your work computer that you don't want anyone else to see.
The computer may have backup software that's backing up all files on the computer - including your iCloud Drive.
Also remember that if you're fired, the computer may be taken away before you have a chance to remove your personal files.
edited Apr 10 at 3:26
bmike♦
163k46293634
answered Apr 10 at 2:39
BenBen
1963
edited Apr 10 at 3:26
bmike♦
163k46293634
edited Apr 10 at 3:26
bmike♦
163k46293634
edited Apr 10 at 3:26
bmike♦
163k46293634
163k46293634
answered Apr 10 at 2:39
BenBen
1963
answered Apr 10 at 2:39
BenBen
1963
answered Apr 10 at 2:39
BenBen
1963
1963
4
Even in jurisdictions that are typically very worker- and privacy-friendly, it is generally accepted that all files you store on a company device "belong to" the company, at least in the sense that they can arbitrarily delete them. While in the more privacy-conscious jurisdictions, it may be illegal for an IT admin to continue reading when he accidentally discovers private files on your device, there is a) no guarantee that he will actually do that, and b) he is allowed anyway to read anything on your device until he discovers obviously private data.
– Jörg W Mittag
Apr 10 at 7:08
1
Plus, not all jurisdictions are that privacy-conscious.
– Jörg W Mittag
Apr 10 at 7:09
1
This answer doesn't address FileVault (nor encrypted backups). Can encrypted files inside FileVault be read by other admins? I thought the answer was no.
– Konrad Rudolph
Apr 10 at 8:21
1
@KonradRudolph The original version of FileVault (which encrypted individual home directories) could not be read be others unless a specific user was logged in. The current version with full disk encryption does not provide that level of privacy, any user allowed to unlock will unlock the whole disk.
– nohillside♦
Apr 10 at 21:55
add a comment |
4
Even in jurisdictions that are typically very worker- and privacy-friendly, it is generally accepted that all files you store on a company device "belong to" the company, at least in the sense that they can arbitrarily delete them. While in the more privacy-conscious jurisdictions, it may be illegal for an IT admin to continue reading when he accidentally discovers private files on your device, there is a) no guarantee that he will actually do that, and b) he is allowed anyway to read anything on your device until he discovers obviously private data.
– Jörg W Mittag
Apr 10 at 7:08
1
Plus, not all jurisdictions are that privacy-conscious.
– Jörg W Mittag
Apr 10 at 7:09
1
This answer doesn't address FileVault (nor encrypted backups). Can encrypted files inside FileVault be read by other admins? I thought the answer was no.
– Konrad Rudolph
Apr 10 at 8:21
1
@KonradRudolph The original version of FileVault (which encrypted individual home directories) could not be read be others unless a specific user was logged in. The current version with full disk encryption does not provide that level of privacy, any user allowed to unlock will unlock the whole disk.
– nohillside♦
Apr 10 at 21:55
4
4
Even in jurisdictions that are typically very worker- and privacy-friendly, it is generally accepted that all files you store on a company device "belong to" the company, at least in the sense that they can arbitrarily delete them. While in the more privacy-conscious jurisdictions, it may be illegal for an IT admin to continue reading when he accidentally discovers private files on your device, there is a) no guarantee that he will actually do that, and b) he is allowed anyway to read anything on your device until he discovers obviously private data.
– Jörg W Mittag
Apr 10 at 7:08
Even in jurisdictions that are typically very worker- and privacy-friendly, it is generally accepted that all files you store on a company device "belong to" the company, at least in the sense that they can arbitrarily delete them. While in the more privacy-conscious jurisdictions, it may be illegal for an IT admin to continue reading when he accidentally discovers private files on your device, there is a) no guarantee that he will actually do that, and b) he is allowed anyway to read anything on your device until he discovers obviously private data.
– Jörg W Mittag
Apr 10 at 7:08
1
1
Plus, not all jurisdictions are that privacy-conscious.
– Jörg W Mittag
Apr 10 at 7:09
Plus, not all jurisdictions are that privacy-conscious.
– Jörg W Mittag
Apr 10 at 7:09
1
1
This answer doesn't address FileVault (nor encrypted backups). Can encrypted files inside FileVault be read by other admins? I thought the answer was no.
– Konrad Rudolph
Apr 10 at 8:21
This answer doesn't address FileVault (nor encrypted backups). Can encrypted files inside FileVault be read by other admins? I thought the answer was no.
– Konrad Rudolph
Apr 10 at 8:21
1
1
@KonradRudolph The original version of FileVault (which encrypted individual home directories) could not be read be others unless a specific user was logged in. The current version with full disk encryption does not provide that level of privacy, any user allowed to unlock will unlock the whole disk.
– nohillside♦
Apr 10 at 21:55
@KonradRudolph The original version of FileVault (which encrypted individual home directories) could not be read be others unless a specific user was logged in. The current version with full disk encryption does not provide that level of privacy, any user allowed to unlock will unlock the whole disk.
– nohillside♦
Apr 10 at 21:55
add a comment |
This document provided by Apple titled: Set up users, guests and groups on Mac covers the types of privileges each user type is allowed.
Administrator: An administrator can add and manage other users, install apps and change settings. The new user you create when you first set up your Mac is an administrator. Your Mac can have multiple administrators. You can create new ones, and convert standard users to administrators. Don’t set up automatic login for an administrator. If you do, someone could simply restart your Mac and gain access with administrator privileges. To keep your Mac secure, don’t share administrator names and passwords.
Expanding on this, basically an Administrator can access any of your files and pretty much do anything on the system.
References
- Protect files from other administrator accounts
answered Apr 9 at 23:36
slmslm
2,183921
add a comment |
This document provided by Apple titled: Set up users, guests and groups on Mac covers the types of privileges each user type is allowed.
Administrator: An administrator can add and manage other users, install apps and change settings. The new user you create when you first set up your Mac is an administrator. Your Mac can have multiple administrators. You can create new ones, and convert standard users to administrators. Don’t set up automatic login for an administrator. If you do, someone could simply restart your Mac and gain access with administrator privileges. To keep your Mac secure, don’t share administrator names and passwords.
Expanding on this, basically an Administrator can access any of your files and pretty much do anything on the system.
References
- Protect files from other administrator accounts
answered Apr 9 at 23:36
slmslm
2,183921
add a comment |
This document provided by Apple titled: Set up users, guests and groups on Mac covers the types of privileges each user type is allowed.
Administrator: An administrator can add and manage other users, install apps and change settings. The new user you create when you first set up your Mac is an administrator. Your Mac can have multiple administrators. You can create new ones, and convert standard users to administrators. Don’t set up automatic login for an administrator. If you do, someone could simply restart your Mac and gain access with administrator privileges. To keep your Mac secure, don’t share administrator names and passwords.
Expanding on this, basically an Administrator can access any of your files and pretty much do anything on the system.
References
- Protect files from other administrator accounts
answered Apr 9 at 23:36
slmslm
2,183921
This document provided by Apple titled: Set up users, guests and groups on Mac covers the types of privileges each user type is allowed.
Administrator: An administrator can add and manage other users, install apps and change settings. The new user you create when you first set up your Mac is an administrator. Your Mac can have multiple administrators. You can create new ones, and convert standard users to administrators. Don’t set up automatic login for an administrator. If you do, someone could simply restart your Mac and gain access with administrator privileges. To keep your Mac secure, don’t share administrator names and passwords.
Expanding on this, basically an Administrator can access any of your files and pretty much do anything on the system.
References
- Protect files from other administrator accounts
answered Apr 9 at 23:36
slmslm
2,183921
answered Apr 9 at 23:36
slmslm
2,183921
answered Apr 9 at 23:36
slmslm
2,183921
answered Apr 9 at 23:36
slmslm
2,183921
2,183921
add a comment |
add a comment |
An Administrator account should be able to install software to log keystrokes, a keylogger. With your keyboard input captured, any passwords input would be captured and could be used to open otherwise secure applications and files. I cannot say whether Apple prevents their use on macOS, but anyone sufficiently determined would be able to circumvent such restrictions.
Also, screen capture software can often be used to determine what keystrokes have been made, especially on mobile devices where the on-screen keyboard keys pop-up as typed.
It is not your computer. Treat it as such.
answered Apr 11 at 18:32
newyork10023newyork10023
211
There are dialogs that use "secure input," which I believe prevent other apps from reading/writing what's being input. I use a text replacement app and, for example, when entering a password on Safari I can't use the text replacement app.
– Harv
Apr 17 at 5:13
add a comment |
An Administrator account should be able to install software to log keystrokes, a keylogger. With your keyboard input captured, any passwords input would be captured and could be used to open otherwise secure applications and files. I cannot say whether Apple prevents their use on macOS, but anyone sufficiently determined would be able to circumvent such restrictions.
Also, screen capture software can often be used to determine what keystrokes have been made, especially on mobile devices where the on-screen keyboard keys pop-up as typed.
It is not your computer. Treat it as such.
answered Apr 11 at 18:32
newyork10023newyork10023
211
There are dialogs that use "secure input," which I believe prevent other apps from reading/writing what's being input. I use a text replacement app and, for example, when entering a password on Safari I can't use the text replacement app.
– Harv
Apr 17 at 5:13
add a comment |
An Administrator account should be able to install software to log keystrokes, a keylogger. With your keyboard input captured, any passwords input would be captured and could be used to open otherwise secure applications and files. I cannot say whether Apple prevents their use on macOS, but anyone sufficiently determined would be able to circumvent such restrictions.
Also, screen capture software can often be used to determine what keystrokes have been made, especially on mobile devices where the on-screen keyboard keys pop-up as typed.
It is not your computer. Treat it as such.
answered Apr 11 at 18:32
newyork10023newyork10023
211
An Administrator account should be able to install software to log keystrokes, a keylogger. With your keyboard input captured, any passwords input would be captured and could be used to open otherwise secure applications and files. I cannot say whether Apple prevents their use on macOS, but anyone sufficiently determined would be able to circumvent such restrictions.
Also, screen capture software can often be used to determine what keystrokes have been made, especially on mobile devices where the on-screen keyboard keys pop-up as typed.
It is not your computer. Treat it as such.
answered Apr 11 at 18:32
newyork10023newyork10023
211
answered Apr 11 at 18:32
newyork10023newyork10023
211
answered Apr 11 at 18:32
newyork10023newyork10023
211
answered Apr 11 at 18:32
newyork10023newyork10023
211
211
There are dialogs that use "secure input," which I believe prevent other apps from reading/writing what's being input. I use a text replacement app and, for example, when entering a password on Safari I can't use the text replacement app.
– Harv
Apr 17 at 5:13
add a comment |
There are dialogs that use "secure input," which I believe prevent other apps from reading/writing what's being input. I use a text replacement app and, for example, when entering a password on Safari I can't use the text replacement app.
– Harv
Apr 17 at 5:13
There are dialogs that use "secure input," which I believe prevent other apps from reading/writing what's being input. I use a text replacement app and, for example, when entering a password on Safari I can't use the text replacement app.
– Harv
Apr 17 at 5:13
There are dialogs that use "secure input," which I believe prevent other apps from reading/writing what's being input. I use a text replacement app and, for example, when entering a password on Safari I can't use the text replacement app.
– Harv
Apr 17 at 5:13
add a comment |
