By Graham K. Rogers

Some changes to System Preferences with the latest version of OS X 10.8, Mountain Lion are obvious, with others less so. Users & Groups preferences remains almost the same as in the previous version of OS X, with some minor text changes the only initial sign of any differences.

The panel for Users & Groups preferences is now the last in this alphabetical examination of System Preferences. When I wrote my first examination of System Preferences, for OS X 10.5, Leopard, it was the first in the list. Universal Access (last then) is now first having been renamed Accessibility.

Introduction

As with many of the other preferences panels a padlock icon in the bottom left restricts access and we must have an Admin username and password to open this. At the bottom of the left panel below the Login Options selector are plus (+) and minus (-) signs to add or delete accounts; and a gearwheel icon to access a single item: Set Master Password.

This is an overarching password for FileVault which is turned on in Security & Privacy Preferences. It allows access to FileVault if a user has lost or forgotten the password. If the Master Password is forgotten, however, all data encrypted by FileVault will be inaccessible.

Users (1)

Text boxes are available for Full Name, Account name, Password (Verify), and Password hint. The full name may be anything the user wants. The Account name was formerly called the Short name. It is critical that, once entered and the account created, that this is not changed: this affects the behavior of the Home directory and any related functions, including access to data. This is the name the system will use. It will appear as the name beside the Home icon.

A password is entered at this time and needs to be verified. To the right of this sub-panel is a small key icon, which brings up a utility that can help a user select a password from the simple to highly complex. A color bar indicates a security rating from red (poor) to green.

Unfortunately some users try to use the Enter/Return key instead of a password. This is a dangerous way to try and avoid password use: a warning is given if this is used. I am aware that some users here, for whatever reason, ask the iStudio retail outlets to set up their computers. When this is done, the store will use the account name, Apple, and the Enter/Return key instead of a password.

This was done when my iMac recently had a hard disk replaced, but I installed Mountain Lion immediately and set up two proper accounts, deleting the one named Apple when this was done. Many users do not change either of these, leaving their machines vulnerable.

Once a password is entered and verified -- the two entries must match -- we may either press Cancel or Create User: OS X will make a new user account which takes a few minutes.

At the bottom of the panel used to create the account is a Password hint panel. We can enter information to help us remember the password should it be forgotten. This information (which should be a hint and not the password itself) will appear in the main login screen after three failed attempts.

At the bottom of the New Account type panel is the option, Group. If this is selected, the panel for creating a new account is reduced to Full Name only. Once created, a new panel is available with the accounts on the computer listed and checkboxes beside each to allow membership of the group (see Notes - below). The design of this Group panel has been changed slightly.

Users (2)

The panel for selection of an image or icon is now in four sections (listed to the left): Defaults, Recents, Faces and Camera. When any of the first three are selected, a panel appears with thumbnails of any suitable images shown. When one of these is selected as well as the Cancel and Done buttons, an edit icon (a pencil) is available. The Edit panel has a slider for adjustment of the size, and an icon will allow a user to apply an effect (from 46).

Selecting the Camera activates iSight and a picture can be taken after a 3 second countdown. Users also have the slider and effects options available here.

To the right of the user icon is a button marked Change Password which brings down a panel for this. Below the user icon is a panel that can be edited with the Full Name of the user. When the panel is first used, below the Full Name is a button that allows a user to set the Apple ID. Once an account is in use, the Apple ID used is shown (in my case Multiple) with a button alongside for any Changes. This displays any current ID(s), + or - icons to add or remove a highlighted Apple ID, and a button marked, Create Apple ID.

In Lion, version 10.7 of OS X, a button below was marked Address Book. This has now been changed to "Contacts Card". When pressed this opens at the user's card in the renamed Contacts application. This can be used for entering data in forms.

Finally in the Password panel there are three checkboxes:

• Allow user to reset password using Apple ID

• Allow user to administer this computer (see Notes - below)

• Enable parental controls. A button alongside allows access to the Parental Controls preference panel.

Login Options

At login, we are able to select a display of names of users (and user icons) who have accounts on the computer or simple text boxes in which the name and password must be entered. The latter is more secure.

Below are five check boxes:

• Display of buttons for Sleep, Restart and Shut Down in that login panel (with user names or the simple text boxes);
• Show input menu in login window (allows selection of different language keyboards);
• Show password hints (for the forgotten password);
• Show fast user switching menu as . . . (a button gives options of Full Name, Short Name, or Icon);
• Use VoiceOver in the login window (a system voice will announce data to assist those with seeing difficulties).

With fast user switching it is possible to switch between accounts without logging out or closing applications each time. A menu to effect the switch to another account is on the menu bar.

At the bottom of the panel, next to the words, Network Account Server, is a button marked, "Join". Pressing this opens a panel in which the user may specify either the address of an Open Directory Server or Active Directory Domain. When Server details are entered we press OK (or Cancel).

A button to the left of this panel opens Directory Utility, revealing panels with Services, Search Policy and a Directory Editor. Users should be careful of adding, altering or deleting any information in Directory Services unless they are fully aware of what they are doing. It is suggested that this is only used under the guidance of a System Administrator. Also see Notes, below.

Login Items

Below are the + and - icons. Pressing + brings up a Finder window and we may select an application or file (e.g. mp3) to open at startup. The - icon will delete a highlighted item.

Notes

• Apple Help tells us that a group account gives the same privileges to two or more members and when specific file access privileges are assigned all group members share those privileges. This is intended to help when sharing files or using shared folders.

• We may add a group (once it has been created) by highlighting a file and choosing Get Info (Command + i). File permissions are at the bottom of the panel revealed and when the padlock icon is unlocked, users may press the + icon to add a user or group and set permissions for the added user/ group.

• When adding accounts, users should not usually have more than one Admin account to avoid confusion. However a second Admin account can easily be setup temporarily for trouble-shooting. It may be removed after the problem is solved.

• When installing some applications a user is given the option to make it open at login. This may also be selected by highlighting an icon in the Dock and selecting Options. Users should be aware that too many items, or items with a large CPU/memory requirement, such as some suites, may be a drag on resources.

• Login items may also be the cause of conflicts that are not easy to track down. Starting a computer in Safe mode (with the Shift key pressed) does not load these items and this may be a way to track down any problems that are being caused this way.

• Users are strongly urged to use a password and preferably one that is strong, with random characters. Using the password utility (above) can create a strong password but this may be hard to remember. In this situation I write the password on a piece of paper which is locked away in a drawer. An easy to remember password may also be easy to break or guess.

• The Open Directory Server "stores and organizes information about a computer network's users and network resources and which allows network administrators to manage users' access to the resources" (Wikipedia) and is an Apple solution.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.