Search Information Security site

 

Searching a Macintosh SMB Share with Identity Finder

Note: For users on internal UVa networks, both machines involved in the scanning must reside on the same network—e.g., both on the standard network or both on the More Secure Network.

In order to search a Macintosh remotely from a Windows computer running Identity Finder, the Mac's file sharing options must be configured properly. Please follow the instructions below to configure the Mac to be scanned:

  1. Enable SMB File Sharing
  2. Scan the Mac
  3. Disable SMB Sharing

Your Mac must be running a supported operating system; i.e., Mac OS X 10.5 or higher.

Note: For users on internal UVa networks, both machines involved in the scanning must reside on the same network—e.g., both on the standard network or both on the More Secure Network.

1. Enable SMB File Sharing

  1. Choose System Preferences... from the Apple menu.
  2. Click the Sharing icon in the Internet & Network section of the System Preferences window.
  3. If there is a closed padlock icon with the legend Click the lock to make changes, click the icon and enter a valid password to unlock the Sharing settings.
  4. Check On for the File Sharing service.
  5. Click Options... in the lower right-hand corner of the Sharing window.
  6. Check Share files and folders using SMB.
  7. Select the user to whom you wish to grant access, and authenticate for that user if requested.
  8. Click Done.
  9. Select  +  (Add) below the Shared Folders: box in the Sharing window.
  10. Select the folder you want to share, and click Add.
  11. We recommend that you select the machine's hard drive from the Devices list on the left-hand side of the window in order to search all files on the machine. (This requires Administrator access.) If this is a multi-user machine and you only have access to a single home directory, select that home directory (house icon) in the Places list on the left-hand side.

    If you chose the entire hard drive, by default three users should appear in the Users: box: System Administrator, Administrators and Everyone. If you chose a home directory, by default two users should appear in the Users: box: the owner of the home directory and Everyone.

    If a group named Unknown user appears, delete it by selecting it and clicking  -  (Delete) below the Users: box; the Unknown user group allows anyone to access the indicated Shared Folder with the rights listed. On the other hand, Everyone is a group comprised of all existing user accounts on the system; it does not mean that someone without a local account can read the drive. The Everyone group cannot be deleted.

  12. Click Show All in the Sharing window title bar to display all System Preference panes.
  13. Click the Security icon in the Personal section of the System Preferences window.
  14. Select the Firewall tab.
  15. If there is a closed padlock icon with the legend Click the lock to make changes, click the icon and enter a valid password to unlock the Sharing settings.
  16. Select Set access for specific services and applications.
  17. Click Advanced....
  18. Uncheck Enable Stealth Mode and click OK.
  19. Click Show All in the Sharing window title bar to display all System Preferences panes.
  20. Click the Network icon in the Internet & Network section of the System Preferences window.
  21. Write down the Mac's IP address.
  22. Go to Scan the Mac, below.

2. Scan the Mac

You can now mount the Mac as an SMB share from the Intel Mac running Identity Finder. From the Intel Mac machine:

  1. In the Finder choose the Go > Connect to Server menu item
  2. Type the IP address of the target machine in the format of smb://ipaddress/share, where ipaddress is the address of the Mac that you wrote down earlier, and share is the Mac account name (Tiger or Leopard home directory share) or hard drive name (Leopard hard drive share).
  3. Click Connect.
  4. Enter user name and password when prompted.
  5. Within Identity Finder, click the Preferences tab and click Folders
    In the Identity Finder Personal Information File dialog box, click on the ellipsis to browse to the mounted SMB share, select it, and click Add.
  6. Run a scan on the mounted drive as you would a local drive.

3. Disable SMB Sharing

For security reasons, drive sharing should never be on without a specific reason. Once the scanning is complete, return the sharing configuration on the Mac to its previous state:

  1. Disable file sharing if it was not previously enabled: in the Sharing preference pane, uncheck On for the File Sharing service.
  2. Remove any items from the Shared Folders: list: in the Sharing preferences pane, select each item and click  -  (Delete) below the Shared Folders: box and click OK.
  3. Remove any user accounts from the sharing list: click Options... in the lower right-hand corner of the Sharing preference pane, and uncheck all user accounts, authenticating as necessary.
  4. Re-enable stealth mode: In the Security preference pane, select the Firewall tab, and click Advanced.... Check Enable Stealth Mode and click OK

 

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form