Mac 911: When Fil­e­vault won’t turn on, how to block in­com­ing texts

So­lu­tions to your most vex­ing Mac prob­lems.

Macworld (USA) - - Contents - BY GLENN FLEISHMAN

HOW TO USE MUL­TI­PLE DRIVES WITH TIME MA­CHINE FOR RE­DUN­DANT BACK­UPS

When you cre­ate a backup sys­tem for your data, du­pli­ca­tion is the best course of ac­tion. I don’t mean du­pli­cat­ing the files— that’s a re­quire­ment—but du­pli­cat­ing the des­ti­na­tions to which files are bound.

Ev­ery form of backup me­dia is des­tined to fail, and de­spite high re­li­a­bil­ity from cloud-backup ser­vices, you can’t put all your faith that any of them will al­ways be per­fect. Even a sys­tem with “five nines” of re­li­a­bil­ity (99.999 per­cent) may suf­fer a loss, and the uni­verse might pick you to ex­pe­ri­ence that loss.

The rule of thumb is sum­ma­rized as 3-2-1: three copies of your data, two of them lo­cal, and one off­site. One copy is your live ver­sion on your ac­tive drives; one can be a Time Ma­chine backup; and the off­site one can be ei­ther a cloud backup,

or your files stored some­where se­curely and reg­u­larly ro­tate with the lo­cal backup.

Time Ma­chine has this con­cept baked in, but I don’t think most peo­ple are aware of it, as it’s not pro­moted as such and based on the ques­tions I get from Mac­world read­ers. Ap­ple makes hay (and rightly so) about the ease of plug­ging in a drive, re­spond­ing to a prompt that asks if you want to use it for Time Ma­chine back­ups, and then never hav­ing to in­ter­act with it again un­less you need to re­store files.

But ma­cos also in­cor­po­rates sup­port for hav­ing mul­ti­ple ac­tive backup vol­umes used for your same source data at the same time.

1. Plug an­other drive into your Mac. (See note at the bot­tom about for­mat­ting.)

2. In the Time Ma­chine sys­tem pref­er­ence pane, click Se­lect Disk.

3. In the di­a­log that ap­pears, se­lect the new drive un­der Avail­able Disks and click Use Disk.

4. When asked if you want to re­place your ex­ist­ing Time Ma­chine vol­ume or use both drives, click Use Both.

(Check­ing the En­crypt Back­ups box in step 3 is an ex­cel­lent idea, too, be­cause it means when­ever the vol­ume isn’t mounted, it’s of no use to any­one else with­out your passphrase to un­lock the disk.)

Time Ma­chine be­gins an ini­tial backup to this vol­ume, which will take as long as the first time you per­formed a backup with the pre­vi­ous vol­ume. Af­ter it’s com­plete, ma­cos al­ter­nates be­tween the two drives in mak­ing back­ups when both are con­nected.

But here’s the best part. As soon as the ini­tial backup is fin­ished, you can eject ei­ther of the drives, take it some­where safe away from your home or busi­ness, and the Time Ma­chine backup con­tin­ues on your re­main­ing vol­ume. As fre­quently as ev­ery week or two, swap your off­site vol­ume with the one on­site, and even if you have a fire, theft, or de­struc­tive event, you’ll have that off­site copy.

If you pair this kind of backup with stor­ing im­por­tant doc­u­ments us­ing a sync ser­vice, like Drop­box or icloud Drive, you’ll wind up be­ing able to re­store a Mac that ex­pe­ri­ences a se­vere crash, or one that’s stolen or you lose on a trip, to nearly the state it was when it be­came unavail­able.

Note on for­mats: Re­mem­ber that Time Ma­chine vol­umes— even in High Sierra and Mojave— can­not be for­mat­ted with the new APFS method that Ap­ple re­quires for SSDS used as the ma­cos startup vol­ume. In­stead, they must use HFS+. You can for­mat a drive as HFS+ in Disk Util­ity (Ap­pli­ca­tions → Util­i­ties) by eras­ing it in the Mac OS Ex­tended (Jour­naled) for­mat. Eras­ing loses all the data on the disk.

WHAT TO DO WHEN FIL­E­VAULT WON’T TURN ON

Af­ter a re­cent in­ex­pli­ca­ble prob­lem on my Macbook, in which ma­cos would com­plete load­ing but never get past the blank screen be­fore the Desk­top ap­peared, I had to re­vert to a clone. (Even re­in­stalling ma­cos didn’t work.) I then up­graded to Mojave. Some­where in there, an im­por­tant piece of ma­cos “fell out,” metaphor­i­cally.

Ap­ple added the con­cept in 10.13 High Sierra of a “se­cure to­ken” to the first ac­count cre­ated in ma­cos on in­stal­la­tion or af­ter up­grade as part of the process that al­lows you to use Fil­e­vault. There’s al­most no in­for­ma­tion about this fea­ture, and there’s no way to de­ter­mine from ma­cos’s graph­i­cal fea­tures whether an ac­count has it set.

But if you’re miss­ing a se­cure to­ken on all your ac­counts, there’s no way to ob­tain one, and you won’t be able to turn on Fil­e­vault. That’s the sit­u­a­tion I find my­self in—and I found plenty of oth­ers in the same boat.

I went down this rab­bit hole by try­ing to re-en­able Fil­e­vault af­ter I got my Macbook re­stored and up to date:

1. Open the Se­cu­rity & Pri­vacy sys­tem pref­er­ence pane.

2. Click the Fil­e­vault tab.

3. Click the lock icon in the lower-left cor­ner and en­ter an ad­min­is­tra­tive ac­count and pass­word.

4. Click Turn On Fil­e­vault.

What should hap­pen af­ter step 4 is that ei­ther ma­cos presents a di­a­log that guides you to pro­ceed, or an er­ror mes­sage ap­pears ex­plain­ing (some­times ob­scurely) why you can’t.

In my case, and that of other peo­ple who have shared the same ex­pe­ri­ence on in­ter­net fo­rums, there’s no in­ter­ac­tion at all. Click­ing the but­ton doesn’t re­sult in any ac­tion.

At this point, you can “in­ter­ro­gate” ma­cos via Ter­mi­nal (in Ap­pli­ca­tions → Util­i­ties). First, you need to know the Unix ac­count name of your ma­cos ac­count. If you don’t know what that is, fol­low these steps first:

1. Open the Users & Groups pane.

2. Click the lock icon in the lower-left cor­ner and en­ter an ad­min­is­tra­tive ac­count and pass­word.

3. Con­trol-click your ac­count name in the ac­count list and choose

Ad­vanced Op­tions.

4. The Ac­count Name is your Unix ac­count’s short name.

Now, with that name in hand, fol­low these steps:

1. Open Ap­pli­ca­tions → Util­i­ties → Ter­mi­nal.

2. At a ter­mi­nal prompt copy and paste the fol­low­ing, re­plac­ing ac­count­name with the Unix ac­count name you found above, and press Re­turn: sudo sysad­minctl -se­cure­to­ken­sta­tus ac­count­name

3. When prompted, en­ter your ac­count pass­word.

If you’re hav­ing the same prob­lem as me, the re­sponse will be: sysad­minctl[...] Se­cure to­ken is DIS­ABLED for user Full Name

(Your ac­count name will ap­pear in­stead of Full Name.)

From all my read­ing and test­ing, there’s no way to en­able a se­cure to­ken. I tried one method sug­gested that al­lows you to re-run the ini­tial ma­cos setup with­out eras­ing your sys­tem, and cre­ated a new ad­min­is­tra­tive ac­count that should os­ten­si­bly re­ceive a se­cure to­ken grant. It didn’t work.

There are also ar­ti­cles ex­plain­ing how to grant your­self tem­po­rary se­cure ac­cess and use that to as­sign it to an­other ac­count—it also didn’t work in Mojave.

I also tried a method of hav­ing an ad­min­is­tra­tive ac­count set ac­cess, which failed in Mojave and High Sierra. The full er­ror mes­sage is rather long: set­se­cure­to­ke­nau­tho­riza­tion En­abled er­ror Er­ror Do­main=com. ap­ple.opendi­rec­tory Code=5101 “Au­then­ti­ca­tion server re­fused op­er­a­tion be­cause the cur­rent

cre­den­tials are not au­tho­rized for the re­quested op­er­a­tion.” User­info={nslo­cal­ized De­scrip­tion=au­then­ti­ca­tion server re­fused op­er­a­tion be­cause the cur­rent cre­den­tials are not au­tho­rized for the re­quested op­er­a­tion., Ns­lo­cal­ized­fail­ure Rea­son=au­then­ti­ca­tion server re­fused op­er­a­tion be­cause the cur­rent cre­den­tials are not au­tho­rized for the re­quested op­er­a­tion.

I haven’t yet tried the next op­tion, which is to re­in­stall ma­cos. My re­cent re­in­stal­la­tion is too fresh in mem­ory and cur­rently sta­ble. And some peo­ple have re­ported even that didn’t work for them, so I’m not sure it’s the best path for­ward.

There’s a nu­clear op­tion, which is to make a full backup, wipe your Mac, and in­stall ma­cos from scratch. Then use Mi­gra­tion As­sis­tant to re­store your files. (If you use a clone to re­store, it over­writes the ac­count in­for­ma­tion, and thus erases the newly cre­ated se­cure to­ken, too.)

IS THERE A WAY TO BLOCK CER­TAIN IN­COM­ING TEXTS IN IOS?

A Mac­world reader want to know if there’s a way in IOS to block texts from ev­ery­one who isn’t in the Con­tacts list. Her el­derly mother is re­ceiv­ing ha­rass­ing texts from some­one who ob­tains a new num­ber and con­tin­ues the at­tack ev­ery time they are stymied us­ing ios’s op­tion to block texts (along with Face­time re­quests and calls).

There isn’t such a fea­ture, al­though you’d think this would be a much-de­sired one. Ap­ple has con­tin­ued to add an­ti­spam and con­tact-block­ing fea­tures across the lat­est re­leases of IOS, and al­lows third-party app mak­ers to tap into calls and texts to help, too.

Ap­ple does of­fer a fea­ture to sort

imes­sages—texts sent from peo­ple with reg­is­tered icloud ac­counts—into a sep­a­rate area. Visit Set­tings → Mes­sages → Un­known & Spam, and en­able Fil­ter Un­known Sen­ders. (On a Mac, us­ing Mes­sages → Pref­er­ences, and uncheck the No­tify Me about Mes­sages from Un­known Con­tacts box.)

This doesn’t act on text mes­sages (SMS), which are al­ways de­liv­ered is more likely the prob­lem faced.

The only op­tion at present is to change one’s phone num­ber and keep it pri­vate.

CAN’T FIND A FILE IN MA­COS? HERE’S WHAT TO DO

Mac­world reader Lon has a prob­lem find­ing a file on his Mac. He needs to re­move it to avoid a com­pat­i­bil­ity prob­lem, and no amount of Spot­light searches nor brows­ing through fold­ers can find it.

Spot­light should let you find nearly any file you cre­ate or store in ma­cos with ease, but it doesn’t al­ways work that way. There’s a way to search com­pre­hen­sively through your ma­cos drive (or drives) us­ing the Ter­mi­nal, but I think of it as a last re­sort, be­cause it in­volves tricky syn­tax and can be slow. It also may match a lot of files you’re not in­ter­ested in.

In the Ter­mi­nal, a com­mand called

find can per­form a com­pre­hen­sive and deep search across ev­ery­thing, in­clud­ing sys­tem files and other stuff that we don’t need to in­ter­act with and ma­cos doesn’t read­ily ex­pose to users. (Find is some­thing I’ve used for decades, and it feels like a tool de­signed for a com­puter with a tele­type­writer at­tached.)

In this ex­am­ple, let’s as­sume I’m look­ing for a file I know is named

easyso­lu­tions.mdl, and I’m go­ing to search on just easyso­lu­tions as the unique por­tion. The search pat­tern I show below is case in­de­pen­dent, so up­per­case and low­er­case let­ters get matched re­gard­less of what you spec­ify. If you need

to use a space, en­close the text in quo­ta­tion marks, like “easy so­lu­tions”.

1. Launch Ter­mi­nal, which you’ll find in Ap­pli­ca­tions → Util­i­ties.

2. Switch to su­pe­ruser, which re­quires an ad­min­is­tra­tive ac­count. You en­ter sudo su -

and press Re­turn, and then en­ter the ad­min­is­tra­tive pass­word. If it’s the first time you’ve used sudo, ma­cos also warns you about the dan­gers of hav­ing sys­tem su­per pow­ers.

3. You can in­clude part or all of a file name in the search. Type ex­actly find / -name easyso­lu­tions -print

4. This may take some time to process. It could be sev­eral min­utes as ma­cos matches against ev­ery one of hun­dreds of thou­sands or mil­lions of in­di­vid­ual files. Each re­sult ap­pears as a sep­a­rate en­try.

5. When you see the file ap­pear, it will be pro­ceeded by its full path name. Copy the path from the first / to the last / be­fore the file name, like /Li­brary/ Ap­pli­ca­tion Sup­port/bin­gob­ongo/ set­tings/pref­er­ences/con­fig/

6. Now in the Fin­der, choose Go → Go To Folder, and paste in that path.

7. The folder will open. In some cases, you may have to au­tho­rize open­ing the folder, en­ter­ing an ad­min­is­tra­tive ac­count name and pass­word.

8. If you’re sure the file you see is the one you want to delete, move, or in­ter­act with, you’re all set.

Dur­ing this find op­er­a­tion, you will see en­tries you can ig­nore, like: find: /path/name/here/file­name. txt: Op­er­a­tion not per­mit­ted or find: /dev/fd/3: Not a di­rec­tory

Even though you’re a su­pe­ruser, the un­der­ly­ing Unix op­er­a­tion sys­tem and Ap­ple’s spe­cific mod­i­fi­ca­tions pro­hibit some kinds of op­er­a­tions.

Once you’re done, re­turn to Ter­mi­nal and press Con­trol- D or type

exit and press Re­turn to leave su­pe­ruser sta­tus. ( The # at the far left will change to a $.) ■

2.

1.

You can fil­ter imes­sages from those with an icloud ac­count.

The Unix find com­mand shows the full path of match­ing files, wher­ever they ex­ist on disk.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.