How To: backup your File Vault home directory unencrypted (also works with Snow Leopard!)

December 12th, 2009

So you got your brand new flashing MacBook and want to have your home directory encrypted with the oh-so-easy FileVault? The bad news is that TimeMachine backups of your home directory will become uncomfortable, to say the least. They will only be done upon logoff (not hourly!), and they’ll hog a lot of space because major parts of the encrypted sparse bundle will have to be backed up every time (even small changes lead to a large number of ‘bands’ in the sparse bundle being changed).

But there’s a solution. I couldn’t find it anywhere on the web, but some quick questions on the Apple Support Forums helped me find the answer.

First, you’ll want Time Machine to exclude the encrypted version of your home directory. You can either log in as a different user and then add /Users/username/username.sparsebundle to your exclusion list. But if you don’t want to create a second user on your Mac, you can also edit /Library/Preferences/com.apple.TimeMachine.plist directly. You’ll have to do so in part two of this guide anyway. You’ll notice that this file is stored as a ‘binary plist’, e.g. you can’t read it. But Bare Bones’ TextWrangler can. When editing the plist with the appropriate tool, you’ll find an entry called <key>SkipPaths</key>. Make sure that it contains an entry like this:

<key>SkipPaths</key>
	<array>
		<string>/Users/username/username.sparsebundle</string>
	</array>
 <key>SkipPaths</key>


 <

You may also want to remove your existing backups of the encrypted home directory. To get rid of them, start Time Machine, navigate to any version of /Users/username/username.sparsebundle, alternate-click it, and select ‘remove from Backups’.

Step two. Snow Leopard excluded mounted volumes by default, but we want it to include your mounted home directory volume. To do so, we’ll need to dig a bit further into the matter. You can explicitly tell it to include volumes by adding entries to the Time Machine plist like this:

	<key>IncludedVolumeUUIDs</key>
	<array>
		<string>B59D3B0B-...</string>
	</array>
	<key>IncludedVolumes</key>
	<array>
		<data>
		AAAAAAKIAAIAAQZkYW5pZWwAAAAAAAAAAAAAAAAAAAAAAAAAAADHOwPSSCsA
		...
		</data>
	</array>

So we’ll have to find out your home directory volume’s UUID and its garbled base64 ID. The UUID part is easy. In a terminal, type

$ diskutil info /Users/username

and search for an entry called ‘Volume UUID’.  To get the second, base64-encoded ID, do the following:

  1. Open a Finder window.
  2. Drag your home directory into the Finder’s toolbar.
  3. Close the Finder window.
  4. Open ~/Library/Preferences/com.apple.Finder.plist, and search for a section called TB Item Plists. Look for an entry that contains the path to your home directory and copy the <data> part of the CFURLAliasData section as the Volume ID.

Now insert those two IDs into your com.apple.TimeMachine.plist and reboot. Your home directory should be backed up unencrypted in the future. You’ll find it on the top level of your backups, next to ‘Macintosh HD’. Make sure it’s there, of course.

You can find the original thread on the Apple support forums here. I did write about a different approach before, but it’s not Time Machine and I couldn’t get Carbon Copy Cloner to automatically mount my network share.

Posted in How To, Mac OS X | 2 Comments »

How To: Create Time-Machine-like hourly backups for your FileVault home directory on Mac OS X

December 6th, 2009

If you own a MacBook, you might want to protect your private data from others. For this purpose, Apple has built in the FileVault technology into your MacBook. It basically consists of 128-bit AES encryption for your home directory. FileVault works very well, but it has one major downside: It doesn’t like to play with Time Machine. Time Machine will not backup your home directory every hour, but rather just do backups at logoff. In addition to that, it will just backup the encrypted data, which is stored in a .sparsebundle kind of directory. So Time Machine will backup too much, but at the same time won’t give you the comfort of a non-FileVaulted Time Machine backup.

Enter Carbon Copy Cloner. This is a donationware utility that has various means to backup your data. Originally intended to clone your entire hard drive, Carbon Copy Cloner can do a lot more than that. It can also do regular backups of your home directory, and it will even archive the old files. When scheduling it to do hourly backups, Carbon Copy Cloner will almost work like Time Machine for your FileVaulted home directory. I have set up Carbon Copy Cloner to do hourly backups of my home directory to a .sparseimage (no support for .sparsebundles yet, as it seems) and archive changed and deleted files. For all the other stuff on my Hard Disk, I continue to use Time Machine, because it still is slightly more comfortable and because I’m used to it.

But wait. With the default settings, Carbon Copy Cloner will archive about 30 MB of changed files on every backup. When doing hourly backups, that might become half a gigabyte a day, while Time Machine seems to backup far less. I’ve found a site that explains this difference: Time Machine doesn’t backup some volatile data, e.g. caches and temporary files. You can find the files Time Machine excludes in a file called StdExclusions.plist in the bundle /System/Library/CoreServices/backupd.bundle.

Here are the contents of my version of that file:

  • Library/Application Support/SyncServices/data.version
  • Library/Caches
  • Library/Logs
  • Library/Mail/Envelope Index
  • Library/Mail/AvailableFeeds
  • Library/Mirrors
  • Library/PubSub/Database
  • Library/PubSub/Downloads
  • Library/PubSub/Feeds
  • Library/Safari/Icons.db
  • Library/Safari/WebpageIcons.db
  • Library/Safari/HistoryIndex.sk
So I suggest you exclude those files from your Carbon Copy Cloner backup settings. I also disabled backup of Library/Preferences/VLC/plugins-04041e.dat, which is a cache file for the VLC media player. Because I also have some large XCode projects, I decided not to backup their build results, too. Because all those projects reside below a folder called XCode in my home directory, I created a rule called - XCode/**/build in Carbon Copy Cloner’s advanced settings. This will exclude every directory or file called build in any directory anywhere below the XCode directory. Now my hourly backups are sometimes as small as 1 or 2 MB.

Posted in How To, Mac OS X | 3 Comments »

ActiveSync not willing to sync while Windows Media player is running

January 21st, 2009

When your ActiveSync keeps refusing to sync with your device, even though it has been working all the time before, you should make sure that Windows Media Player isn’t running. On my device, It tries to sync the device and both its SD Card Slot and its CF Card Slot with my Media Library. This causes ActiveSync to hickup and stop synchronisation. In my case, you could work around the problem by just closing Windows Media Player.

Posted in Uncategorized | Comments Off

How to get rid of that annoying (and mostly useless) ctfmon.exe

August 24th, 2008

Hi there,

This is for all of you who are annoyed by ctfmon.exe, for whatever reason (maybe it is crashing etc.), and want to get rif of it.

It is really simple: just download CTFMON-Remover from Gerhard Schlager’s Website, get the English or German File from the bottom of the Website, unzip it and execute. To restore, just re-run CTFMON-Remover. You might have to run CTFMON-Remover after an Office Update or something similar.

Afterwards, you won’t have problems with ctfmon anymore.

Posted in Uncategorized | Comments Off

Changing popup delay of Windows XP’s start menu

August 24th, 2008

I recently created a Windows XP SP3 slipstreamed install using nLite. There was an option to reduce the delay when the XP start men ushows up after clicking the start button. I set it to zero, but now I found out that I liked the old way with 400 ms more. The value is stored in HKEY_CURRENT_USER\Control Panel\Desktop\MenuShowDelay, given in milliseconds. Default is 400. Just change it to your likings.

Source: http://blogs.tech-recipes.com/tipmonkies/2005/07/23/changing-xp-start-menu-delay/

Posted in Uncategorized | 1 Comment »

Remote Desktop Control and XP SP3 IE 7 Workaround

August 11th, 2008

If you cannot get RDP connected through Internet Explorer 7 after installing Service Pack 3 (SP3) on Windows XP because the ActiveX control is disabled by default in the Service Pack read this.

The Terminal Services can be re-enabled by the following method:

In IE 7 Click on Tools, Manage Add-Ons, Enable or Disable Add-Ons to enable the Terminal Services ActiveX control. If you don’t see the Terminal Services ActiveX control in IE7 on XP SP 3 try this workaround by deleting one of the following registry keys (or all of them) in the path HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\:

  • {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}
  • {4EDCB26C-D24C-4e72-AF07-B576699AC0DE}
  • {7390f3d8-0439-4c05-91e3-cf5cb290c3d0}
  • {7584c670-2274-4efb-b00b-d6aaba6d3850}
  • {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}

Once you delete these keys, the activeX control should be enabled in IE7.

For me using the Remote Desktop Client ActiveX (ActiveX Client for Terminal Services) version 5.1.2600.2180 it was ok to delete only the last key.

Tags: , , , , ,
Posted in Uncategorized | 3 Comments »

Tips for working with user privileges while being able to quickly become an Administrator (Windows XP)

July 10th, 2008

To start the device manager as Administrator, issue the following command in the Run dialog (Win+R):

runas /user:Administrator /savecred “cmd /c devmgmt.msc”

This way you can edit device settings quickly. You may use any other control panel applet (.msc or .cpl files) instead if devmgmt.msc, too. You will be prompted for the credentials of user “Administrator” once, but then runas will save the credentials (thanks to the /savecred flag).

If you selected the option start each folder in a separate process in the Administrator’s folder settings, you can similarly start an explorer windows with admin rights:

runas /user:Administrator /savecred explorer

With that window, you can install MSI files requiring admin privileges, start up control panel, etc.

If you simply want to start a single program as administrator, just right click the .exe file and select “run as”.

Posted in Uncategorized | Comments Off

Solution: Authentication problems with Windows File Shares

July 5th, 2008

When you try to connect to a remote Windows file share, you might find that you are not asked for username and password (but you should have been), but can connect to the share server. But when opening any share, you won’t be granted accesss since your credentials are wrong. A similar issue might be that you won’t be given access to a remote windows server at all in first place, and the file share server doesn’t ask for credentials, too.

The solution for this issue is simple:

  1. In Control Panel, select User Accounts.
  2. On the left hand side, select “Manage own network passwords”.
  3. Add a new entry with the server you wish to connect to (without leading \\’s) as server name and SERVER\USERNAME as username, where SERVER is the remote server and USER is the username you wish to authenticate as on the file share.
  4. Now, try to connect to the share again. You should be either given access immediately, or you should at least be asked for your credentials which you can enter then.

Posted in Uncategorized | Comments Off

Introduction

July 5th, 2008

Hi there!

In this blog, we will post solutions about problems we experienced with our computers. Maybe you can find some of these solutions useful, too.

Posted in Uncategorized | Comments Off