New Mac Setup
April 17, 2009 9:56 AM   Subscribe

OK, so my new Mac will arrive next week. Can power users fill me in on best practices for setting it up?

I've used Macs for a looooong time now, but I think I've really lost touch with how they should be set up. I am currently running off of a first-generation MacBook where everything is set up on a single admin user (without a password--ugh).

So, starting from scratch, I'd like to set this up with an admin user, a user for me, and a guest user with limited privileges (but full access to iTunes and innocuous stuff). I've read the great tutorial on from this post already, but I still have (possibly stupid) questions that I'd love your thoughts on.

1) I presume I'll use migration assistant to get everything I want from the MacBook over to the Mac Pro. Do I set up an administrator first and then add the MacBook account as a new user? Or set up administrator and a new user, and import to the new user account directly? I've never used different accounts before--do you install programs while logged in as the administrator and then set which users have access? Or install as the user (with the admin password)? If you install as a user, can the administrator then share with the other accounts?

2) What about security? This thread has a lot of advice I hope to follow. But a couple other questions: I expect my home directory for the user account will be about 300-500 GB. Is Filevault able to decrypt/encrypt large directories on the fly, or does it get choked up? Does it make more sense just to use encryption on certain subfolders, rather than the whole user directory? If so, what program? Should I be setting up an Open Firmware password? Or is this just overkill?

3) Would it make sense to keep all of my documents on a second drive in one of the extra bays, so that I can yank the personal stuff if I ever have to send in the machine?

4) What about installing Windows? I think I'm assuming I might install it with Bootcamp, but I have an old version of Parallels I might upgrade to the latest and greatest. Is it safer to install Windows on a dedicated drive? How does Windows (either in Boot Camp or in virtualization) play with multiple accounts/security settings?

I'd definitely like to set up the new machine right the first time. Thanks in advance for your input!
posted by Admiral Haddock to Computers & Internet (14 answers total) 20 users marked this as a favorite
1) "Admin user" and "user for me" can -- and should -- be the same person, unless you really want to be switching back and forth just to install software. Just give yourself privileges; the OS is smart enough to figure out when to ask you to escalate your privs from regular user to su. Just go ahead and use migration assistant as normal, and migrate everything to your account.

2) Overkill, overkill, overkill. You have a gigantic tower. Worry about physical security more than worrying about FileVault (which, as a great concept, is overkill for 99.9% of users out there).

3) Yes? No? I would rather use the second drive as a Time Machine backup, which I have found to be invaluable even on a day-to-day basis. Have a text file that you want to back out all of your changes to the day before? Time Machine it. Want to know what your inbox looked like on your birthday? Time Machine it. If you ever take your machine into the Genius Bar and they want to make a repair to your machine, just ask them to pull the drive and give it to you, they'll be totally cool about that.

4) VMWare Fusion, imho, is a better product than Parallels. Unless you desperately need to, don't bother dual booting.
posted by mark242 at 10:22 AM on April 17, 2009

If you're going to encrypt discrete amounts of stuff -- confidential stuff -- TrueCrypt works on Macs. And Windows and Linux, which is good. FileVault is overkill, and a performance hit. But yeah, worry about physical security and having backups mostly.
posted by holgate at 10:28 AM on April 17, 2009

Skip Filevault. The implementation was never quite fully baked and for a non-mobile machine I'd look at TrueCrypt (as above) or another more explicit solution for the data that can never be lost.

VMWare Fusion > Parallels, I've been using both since their introductions.

Install Quicksilver.

You might want an external drive dedicated to Time Machine if you can find one big enough. If you do keep your personal data on a separate, special drive (not a bad idea if you can keep it going) just back that one up to TM.
posted by kcm at 10:54 AM on April 17, 2009

Out of the box set up a generic admin account, then migrate your stuff.

The second admin account is a back up account with full permissions in case your account gets borked. Only an admin can set up the Root user which may become necessary to fix certain problems.

Windows on Parallels does not play well with multiple accounts. If user A leaves Windows suspended user B cannot open Windows. One must shut down Windows completely before switching users.
posted by Gungho at 10:58 AM on April 17, 2009

I would reinstall the OS before setting up your system. My friend, an IT manager at an educational institution, recommends not trusting the "factory" install of the OS and installing a fresh copy on any new machines he gets. This way, you can also remove unnecessary components (do you really need every single printer driver and language installed?)

1- If you have installation discs for your software, I would also do a fresh install of those. One admin user (you) is more than enough, unless more than you will be using the machine.

2- I would at least set up a login pasword. Are you a health care provider or financial institution? You probably don't need to encrypt your whole hard drive. A login password is fine.

3- Partition your HD and install the OS on that with all your apps. Then make a clone of this install as a backup on another partition. That way if your main system gets borked you can boot up from the second backup and you're ready to go. Put your documents on another HD and back those up as well........REGULARLY.

4- Parallels and keep you virtual machine image on it's own partition just to keep it separated. Back that up too.

You can stuff 4 hard drives in a Mac Pro. That's a great no-nonsense backup option.
posted by eatcake at 11:45 AM on April 17, 2009

Nthing using an external hard drive for Time Machine.... this has saved all my stuff once in the past.
posted by at 11:59 AM on April 17, 2009

These are great tips--thanks!

I've been using Super Duper! to manage backups, as I like the idea of having a bootable drive, rather than just an archive. Right now, though I have four external 500 gb drives (two of which back up the MacBook, one of which holds digital photos, and the last which backs up the digital photos), and I expect I may turn one of those into a Time Machine drive so I never have to think about actually making backups again. Is there any reason people are suggesting using an external drive for TM, rather than one of the bays?

Also, assuming I do try to keep all of my documents on a separate internal drive, what's the best way to do that? Is it better just to make my own organizational system on the second drive and target all my programs to that drive? Or should I set up an alias in the users/Admiral Haddock folder on the system drive that would link to the second drive? Does it make any difference?
posted by Admiral Haddock at 12:42 PM on April 17, 2009

I would reinstall the OS before setting up your system. My friend, an IT manager at an educational institution, recommends not trusting the "factory" install of the OS and installing a fresh copy on any new machines he gets. This way, you can also remove unnecessary components (do you really need every single printer driver and language installed?)

I'll second that this is probably useless. The only things I can conceivably think of that I'd want to change is not installing all those printer drivers and languages as you mention, but only on a machine with a limited amount of hard drive space. You're getting a Mac Pro that probably has at least 640 GB of storage, likely more. You can spare the 2-3 GB and save yourself the time of basically installing the same exact thing that came with the system.

Also, if you do this, you could lose your iLife installation. It doesn't come on those factory restore discs.
posted by joshrholloway at 12:59 PM on April 17, 2009

1) Update Flash Player
2) Install Windows Media Player components for QuickTime
3) Install Silverlight
4) Install RealPlayer, but don't let it take over your system. Good luck.
posted by mmdei at 1:31 PM on April 17, 2009

No! Don't trust all your backups to Time Machine!

Apple's fine print even says Time Machine isn't for backups but merely "undo"ing mistakes. Yes, you can restore a full system from Time Machine, but always have other backups too. You can make incremental bootable backups using Carbon Copy Cloner.

An internal drive is fine for just time machine, but a networked drive is better. Your cloned drives should be kept elsewhere, ideally a safe.
posted by jeffburdges at 1:39 PM on April 17, 2009

download free legal software from
posted by pinto at 1:48 PM on April 17, 2009

GlimmerBlocker to get rid of all the ads in Safari.
posted by flif at 1:55 PM on April 17, 2009

This is the setup I use - and its used often. 2 admin accounts. 1 standard user account for day to day use if you are paranoid about security.

When you get the mac you have a bunch of options for migrating - the following is likely the simplest: 1. boot - and then use the guided tour & migration assistant to migrate all of your old stuff onto your new machine. USE A PASSWORD. Easiest is using a firewire cable to connect the two machines. NOTE: you can use the migration assistant at any time, and can use time machine instead of using the firewire - expect this to take a little while.

2. Create 2 more users from the system preferences menu-" System: Accounts" it will be the little plus sign below the "Login Options" NOTE: the key icon will provide you with a password evaluator: USE IT. Anything weak should not be used. Make certain 1 of the accounts are admin. Use the password hint feature. Keep automatic login for your primary account only if you are not worried about the physical access to the machine (you likely should be worried). Turn off the Guest Account" -more on that in a moment. Always have 2 Admin accounts on a mac - infrequently one of these will break and that is a giant hassle to fix. Every machine I touch has two admin accounts.

You don't need to be logged in as an admin to instal or modify the system, the OS will prompt the user for admin id & password for most any changes even if you are logged in as admin, so you won't have to switch users to install software or anything.

User Security
Now, if you want a higher level of security you might consider making your daily account a standard, not admin. To do this LOG OUT from that account. login as one of the newly created admins. Go to system prefs: -" System: Accounts" & select your daily account (where you migrated all you old stuff to) and check to make it a standard account. Log out of the admin account and back into the primary (and now standard) user account. Don't you feel more secure?

Guest Users
Mac has a pretty intuitive interface for controlling user accounts - under parental controls. There is a lot to it, but you can limit which programs, websites and impose time limits on users. Create a new Standard user for guests, and use a memorable id/pass combo. I would not use the built in guest account because it automatically deletes everything on logout - which is nice and clean but you might want to actually keep that stuff.

File Security
(note how these are separate)
File vault is ok, but not ideal. TrueCrypt is the current apex of what's available, but I recommend and use the built in option for encrypted folders, but only recommend it if you are going to stick to macs. In the utilities folder in applications you can use "Disk Utility" to create easy to use disk images. Any modern mac will be able to easily unlock these with a simple double click & the right password. More details here or here with pics

MORE Security:
If the machine is on the network (stranger things have happened) - USE THE FIREWALL. System prefs- Security Firewall tab. More details over here with pics
. Under System prefs: Sharing - everything should be unchecked until you know what you are doing there.

If you can afford it: big second internal disk & decent external, otherwise just the external. My main rig had everything inside & was liberated by my movers (EZ Movers are thieves). Separateness is better than togetherness. Seconding jeffburdges: use both time machine and the occasional carbon copy cloner - which is free & easy but a little slow.

Use caution - open firmware locks down how the machine boots - you forget this password & run into a spot of trouble (like your machine decides to boot from a firewire ipod cause ...well that's a long story...) then the machine gets a free trip back to the mac shop for some of their tender loving (true story). I recommend it for laptops - it makes it more difficult for a thief to gain control of the system, if used in conjunction with a strong admin password. Just don't forget the damn thing- you'll (hopefully) rarely use it.

Separate docs location
By default the OS maintains some separation between applications, OS and user files. For example, I've updated the OS on machines and it usually doesn't touch the apps or user files (always backup just in case). No real benefit in separating them with partitions or second drives that isn't better served by a backup system.

As previously mentioned by Gungho : long as you stick to one user logged in at a time its ok. If you plan on being in windows for a significant amount of the time you are on the machine i'd consider going with boot camp, otherwise parallels or vm, I am talking like more than 50% of the time PC. Parallels has one big benefit: it looks like one giant file to the mac os: so get a nice working copy of windows going and then back that thing up. Works like a charm. Expect it to get a little crudgy after extended use - nuke and use the fresh image: happy travels. Haven't used a recent version of VM's stuff.
Either way the windows is rather separate from the Mac OS, but not entirely and in my experience stability and maintaining security are the primary issues. You'll want to keep the windows side well protected with the full set of normal precautions- antivirus etc if it going on the network or interacting in any way with other windows machines.
posted by zenon at 9:29 PM on April 17, 2009 [1 favorite]

These were all great answers--I actually decided not to wait and picked up my new baby last night from the Apple Store and I've been playing with it constantly since then. I ended up with the 8-core model in the standard configuration. It is like night and day when compared to the experience I had been having editing images with the first-gen MacBook.

If people continue to have good advice going forward (like the freeware link and glimmer, each of which I will give a go), I'd appreciate it.
posted by Admiral Haddock at 8:30 AM on April 18, 2009

« Older Harry Dresden, Repairman Jack, Felix Castor, then?   |   Half Cat, Half Gopher. Newer »
This thread is closed to new comments.