[captcurrent]

I have discovered that in setting up my new Mac Min Intel with Lion that since I gave my mac id as requested it did teh following

a) established my home folder under my Mac ID not my short user name

b) The mac id is NOT listed under Users and Groups and System Preferences

c) When I click on the computer under SHARED it automatically accesses the compute with out asking for a password,,, Mu mac account password is radically different from my user account password. When I change the computer password access is still there.. Granted if I use Screen Sharing (which is actually turned off ) it bring up a logon screen (which I also thought I turned off)

d) I treed changing the password in the Remote Management but once again Sceen share goes right in and I have full access to ALL files from finder
Oh cool hack my online mobileme account and gain access to my home computer.. Yeah I know the mac computers are perfectly sage and secure so I am just being paranoid

The issue is i want to control who and what has access to my computer. I don't store sensitive information on any web server I dont access using mobile me credentials I use a completely different set
I called tech support and they said lion was designed this way so you can give people access with out creating accounts and they will have to get back to me in a wee

My knee jerk reaction is to use the recover partition and NOT give it a hint of my mac id.. (not sure if it will allow me to install that way

any thoughts??

[Spheric Harlot]

Turn off "Back to my Mac" on your home computer.

Complaining that a service is working as advertised (logging in through your MobileMe account is exactly the point of it) is…illogical.

Use a dynamic DNS service instead, install their client on the home machine, enable screen sharing, and connect that way through the Finder's "Connect to Server…" command (enter "vnc://yourserver.dyndns.org" or whatever your address is then).

[captcurrent]

Back to My Mac is off

OK Mr Spock,,, it is illogical for me to want to control who accesses my Computer?? I do not "choose" Lion I choose a new mac mini.. I will admit that I ddi not know this was a feature of Lion but then again I have no choice

I already have a dynamic ip and service and have remote access setp up.. The point is that i can control that part of that access under Sharing... I merely want to be able to BLOCK the access from cloud account since it uses a web stored password. Crack Icloud and you have access to me machine (yes I am paranoid). At least if do a screen share the lpgin screen (which I have turned off) appears requiring a locally controlled password

finder however gives IMMEDIATE access as an admin with no further security..

[ghporter]

Clarify, please: WAS Back to My Mac off before? Because if it wasn't, then Spheric Harlot's advice and explanation are accurate and productive. If it was already off, then that is a different matter. In either case, a rude response to what was intended to be a helpful post is counterproductive.

Back to My Mac is supposed to tie everything up in one bow, but in exchange you give up a certain amount of security and control over access protections. I haven't set up a new Mac in a while, but I think Back to My Mac is enabled by default in the setup/migration process, so even if you didn't explicitly select it, it probably did its thing and managed all of your logins. Having never had a MobileMe/etc. Account, I can't say whether this is something that can be reversed with one step or many, but that sounds like the process that got you into this situation.

Oh, and "Welcome to our forums!". You'll find we are quite different from just about every online discussion board. Hopefully that will be a good thing.

[captcurrent]

yes it was off before.. I had not examined it until Spheric Harlot' suggestion

and I do not view my response to be any ruder then the comment I responded to.. if my response appears and is read as rude I apologize as that was not my intent

In talking with Mac support they indicated that the relationship of the user account to the apple id is much stronger in Lion then in SL. but when I changed the apple id they were a little shocked when the old ID still had access I tend to agree with you about the setup doing me . I should have never given it my .MAC address. That is why I am thinking about a restore, during which process I don't give it the info it needs for such an intrusion. I have never used .mac/mobile me for much more then calender and contacts and am actually in the process of trying to move that to my Freebsd server

I appreciate the concept of opting to tie everything in one bow will sacrifice some security but I would think this would be an option for the OS user not a requirement in normal operations

I appreciate the welcome and look forward to the 'difference"

[ghporter]

Thanks for the follow-up. I'm just sort of waiting, for no particular reason, to upgrade to Lion, but it looks like Apple has crafted as much "integration" as they could into this new version. Maybe too much for professional paranoids like me (years of being the computer security officer will do that to you). I find it interesting that Apple's support people didn't know about the ability of the .MAC system to access the new computer the way it did. This should be an interesting issue to watch; we might see a minor Lion update that includes some tweaks to security.

[captcurrent]

maybe i mis-stated they knew about the stroger integration, pretty much as
Spheric Harlot indicated.. they were kind of suprised that I wanted to turn it off.. i walked the tech through why for about a half hour and I think the light came on....Like you I handled computer security for quite a number of years.. I never wanted Lion but I need a new desktop to replace the last f my G5s that died (three in total) and couldn't justify the price of a second mac pro....so far my attempt has been a resouding failure as i can no longer get my keyboard or mouse to talk to the reset mini.. I am totally underwhelmed by Lion and maybe also by the 2011 Mini

i am losing a lot more of this day to this stupid machine then i was planning to.. plus I was told the 2011 won't run SL... thank you Apple

[captcurrent]

OK in interest of paranoia i reformat my mini and rebuilt NOT providing my .mac (ok .mobileme) id.. directory naming and access as it was on SL

I did notice once m when i turned on mobile me in system preference nd was using screen share from anothet computer I did get mac id access... i have been unable to replicate.. knee jerk reaction is that if the computer is logged into mobileme/icloud and the both computers are known to the apple server it allows access using the apple account password.. just a guess so far,, I need to play with options more

the bottom line, working on the idea provide by
ghporter
is to NOT provide your apple id during initial installation that appears to keep the info from being hard coded

the next question is if any use of the sync servers results in hard coding the information. I don't mind access using my apple id when I not the machine authorizes it.. I remember an old movie Collosus The Forbin Project

[Spheric Harlot]

Colossus was an awesome Movie.

Sorry if I came across as brash.

[Waragainstsleep]

I never even tried putting my Apple ID in during setup assistant. Somehow I never trusted that option. Also I have more than one.

[captcurrent]

Spheric Harlot : No problem.. again I apologize if I appeared rude.. i in fact AM rude butthat s a different stored


Waragainstsleep: Good choice

OK I wiped and reinstall and this time did not provide my Apple ID in the User Profile.. installation was now as I have found in the past with appropriate nameto home directory.. and no evidence of uncontrolled access .. I have "turned on" my mobileme account in system preferebces and been able to sync and screen share appears to be once again under my control... so far I have seen mobile me account once but have not been able to recreate.

the trick to maintain security is to NOT give it your Apple ID.. a good option not to trust

[Curiosity]

Just one question: why do you expect to have to enter a password to access the Shared account? That account is accessible from any other account on the computer. That is why it is called "Shared".

[captcurrent]

I don't know about your setup but on shared my default access is as Guest not as an admin user and certainly not as a user not in my users accounts on my machine. Also unless I am mistaking even then I have to use a password unless I have already stored the password in my keychain

[Spheric Harlot]

Which folder was showing up on the other network machine?

If it was the "Public" folder, that's by design, and what the Public folder is there for.

[captcurrent]

I understand the intent use ofvpublic folders..what was happening was that my apple I'd was being given access to all folders with out further password even though that user was not authorized nor were the credentials stored in keychain".. I was looking for a way to control/limit tha t access as I could with any other user...in the end I did the reinstall I mentioned above