Nearly all hard drives contain a built-in sleep timer which is designed to power down the spindle motor, saving energy when the drive has not been in use for some specified time. OS X supports a simple yes/no setting to manage this sleep feature of hard drives. It can be controlled by the option Energy Saver > Put hard disks to sleep when possible in the System Preferences application. Enabling this option corresponds to setting the sleep timer of disk drives to a value of 10 minutes of inactivity.
With TinkerTool System, you can control the sleep timers of hard disks more precisely, by specifying the exact value for the timer. Time intervals between 1 minute and 2 hours 59 minutes can be selected. To change the sleep timer of all disk drives, perform the following steps:
OS X uses the policy to handle external hard drives like removable disk media. Similar to the management of a CD, which is inserted into a drive by the current interactive user, the user logged in at the front graphical user session is also considered the “owner” of all external disk drives. This has the consequence that the external drives will be ejected and become inaccessible after the user has logged out. Moreover, most drives will automatically power down in this situation.
This policy might not be useful in certain cases, for example when you operate the computer as a file server, and you are sharing files on external disks which should remain accessible, no matter if a user is logged in at the graphical console or not. To change this policy, perform the following steps:
This option affects all partitions on all hard drives which OS X considers to be “external” and owned by a user.
OS X follows the strategy to automatically detect all disk drives and all their partitions currently connected to the computer, making them active and visible on the user interface. This might not be useful in certain situations, for example when you have a Windows partition on your computer which you don’t need when working with OS X, or when you keep a backup copy of your system partition in reserve on a secondary disk drive. With the help of TinkerTool System, you can tell OS X not to activate specific partitions automatically. A second, independent option allows you to choose whether the system should allow the execution of programs which are stored on specific partitions. This feature can be useful if you connect “foreign” drives to your system that contain applications written for other operating systems, incompatible with OS X. You can no longer mistakenly try to open programs on such drives.
In both cases, OS X must have a way of reliably referring to each drive and partition. This is done by so-called Universal Unique Identifiers (UUIDs), a sequence of characters like 7F176A72–72B2–3D69–19FC–27ABBEFA662D which are guaranteed to be unique for every partition of every disk drive in the world. You don’t need to enter these UUIDs by hand. TinkerTool System automatically finds out the UUIDs and helps you to identify the drives by specifying their current volume names and file systems.
Perform the following steps when you like to exclude certain disk volumes from automatic mounting or execution of programs:
It is also possible to drag volumes from the Desktop or the Finder’s computer folder directly into the tables. You can remove one or more volumes by pressing the [—] button below the respective table, and saving your modifications. To discard your changes and return the tables to the state currently established in OS X, press the Revert button.
Spotlight is the built-in search technology of OS X which is designed to find files very rapidly after the user has specified key words or other search criteria. The technical implementation is based on several system services which operate silently in the background. However, Spotlight can sometimes be affected by technical problems, so administrators may need to fine-tune Spotlight operations in certain situations.
Spotlight is designed to operate as one of the basic core components of OS X. For this reason, other system services and many applications developed for OS X depend on the correct operation of Spotlight and will fail when Spotlight has been shut down. This includes the Time Machine backup service and the App Store application. For this reason, TinkerTool System does not support any operation to disable Spotlight completely. However, you can shut down Spotlight indexing on selected disk volumes.
When Spotlight is active, it automatically creates a hidden index database and some preference files on each volume currently connected with your computer. The database and the preference settings are needed to quickly find the contents you are searching for. These hidden components are called Metadata Stores.
For each of the volumes, TinkerTool System allows you to display whether Spotlight is activated on that volume, and how much storage space is currently needed by the Metadata Stores. This information is displayed in the table Spotlight Metadata Storage. Only volumes which are technically capable of supporting Spotlight are listed in the table. A refresh button right below the table will update the contents of the table. This step is necessary to let OS X allow TinkerTool System (after authentication) to compute the size of the index databases. Access to the databases is protected because they contain potentially confidential information, namely all words of all documents all users have stored on the current computer.
After selecting one or multiple lines in the table, you can activate several operations that should be performed:
To activate one of these functions, press the button Perform selected operation.
Note that the deactivation of index operations is only in effect until you restart OS X. Unless Spotlight isn’t blocked on affected volumes by using the setting Spotlight > Privacy in System Preferences, OS X will recommence its indexing services upon next startup.
Under specific circumstances, it might be helpful to disable Spotlight operations on a disk volume “forever”, e.g. on a slow memory stick which you only use to transport data to other computers. This can be done by a special marker which works independently of the Spotlight privacy settings. Setting such a marker is particularly helpful on external drives which are used with different OS X computers, because all systems will automatically respect this setting after it has been established. To set or remove this marker, perform the following steps:
When you attempt to connect to an AFP server (AppleShare file server) manually, a password entry panel will appear. TinkerTool System can modify the system setting that controls which name OS X should suggest in this panel. You can select between the short name of the current user, another preconfigured name, or the option not to suggest any name (No name). Perform the following steps:
As of Mac OS X Lion 10.7, Apple has deprecated the use of certain outdated authentication methods, which are considered unsafe according to today’s standards when connecting to AFP servers. The operating system won’t offer the affected authentication methods when contacting a server. This can however mean that you can no longer connect to old servers successfully. TinkerTool System allows you to unlock certain methods so that they can be used again. Perform the following steps:
The following methods can be reactivated:
Because all these methods are insecure and outdated, you should only enable as few as possible in order not to compromise the security of your network.
With the latest versions of OS X, the pane Network of the application System Preferences no longer shows a menu item to disable the support of IPv6 on specific network interfaces. The feature to switch IPv6 to Off is still present in the operating system, however. You can use TinkerTool System to control this option.
When you have disabled IPv6 support for an active network service, System Preferences will correctly reflect this, adding an Off menu item to the Configure IPv6 option. You can either use System Preferences or TinkerTool System to re-enable this feature later. If you use TinkerTool System to do this, your configuration setting automatically switches back to the mode previously defined in System Preferences.
If you change your network location or the IPv6 mode in System Preferences while TinkerTool System is running, it is recommended to restart TinkerTool System to ensure that the application shows the updated status.
The Energy Saver settings of OS X allow you to activate a feature that makes it possible to wake a computer which is switched on, but sleeping, by sending a special network signal from another computer. This function is usually labelled Wake for network access. The exact wording used for this preference depends on which network interfaces are available for this feature (Ethernet or WLAN), and on the respective Macintosh model.
When this setting is enabled and an Internet router is part of your network which is supporting the feature Bonjour Sleep Proxy, the affected computer will call the router every two hours, even in sleep mode, to signal its operational readiness. If the sleeping computer is providing network services for the local network or for the Internet (e.g. Back to my Mac), the periodic signal lets the router “know” that it could wake the sleeping computer on demand, forwarding incoming network requests to it. All configuration steps necessary to do this are performed automatically by Bonjour. To let the sleeping computer register itself with the router in regular intervals, it will wake itself every two hours to a “half asleep” state, where only the necessary components are powered up, but the display screen will remain in sleep mode (“dark wake”).
Many users are irritated by the regular wake-ups. The continuous power-up and power-down of disk drives can also lead to increased wear. If you like to use the feature Wake for network access in general, but don’t need the sleep proxy features, you can disable them with TinkerTool System. Perform the following steps:
The affected computer will no longer wake by plain access attempts to a network service when the sleep proxy is disabled. To wake it, a manual Wake On LAN (WOL) signal must be sent first, which is possible via third-party applications.
You cannot disable this function if you are using OS X El Capitan or later and the feature System Integrity Protection has not been switched off for your computer.
By default, OS X assumes that the display screen is rendering graphics with a physical resolution of 72 pixels per inch. This policy was taken over from the classic Mac OS. While this basic assumption was true when the Macintosh was introduced 30 years ago, today’s display devices often have a much higher resolution. The pixels have become smaller, so your screen may actually use more than 140 pixels per inch. This is particularly the case when you are using a MacBook with a Retina display or an iMac with a 5k screen. As of Mac OS X Lion 10.7, the operating system offers a feature named HiDPI (High Number of Dots per Inch) which allows it to double the physical resolution on demand. This means the components creating the graphical output can select between the two resolutions 72 ppi (“low”) and 144 ppi (“high”). When your computer is connected to a Retina screen, HiDPI mode will be enabled automatically.
You can unlock HiDPI for your operating system independent of the monitor currently connected. For example, as a software developer you can use this feature to test applications in Retina mode although you don’t own a Retina screen.
Enabling the HiDPI feature requires two steps: The first step is to unlock HiDPI mode via TinkerTool System. The second step is to select one of the HiDPI display resolutions on the pane Displays of System Preferences. Perform the following steps to work with HiDPI display modes:
When you log in again, you can launch System Preferences, go to Displays, set the Resolution to Scaled and choose one of the HiDPI settings shown in the table. Note that the table lists the effective pixels, not the physical pixels. Because Retina mode combines 4 physical pixels to one virtual pixel, the values are halved in each dimension. A display screen with 2400 x 1600 pixels would be shown as HiDPI resolution with 1200 x 800 pixels, for example.
OS X will switch to the new setting, enabling the actual HiDPI mode. The whole screen contents will immediately be magnified. However, currently running applications might not switch to the new resolution with full output quality at the same time. You must log out and log in once again to ensure that you are actually getting the correct resolution and full picture quality in all applications.
Warning: The display resolution is a very critical setting. If you set the resolution too high, the windows can become so large that they no longer fit on screen. This means you can no longer see or control all parts of some applications which can make your system unusable!
To use the system with 144 ppi, a screen with at least 2048 x 1536 pixels is strongly recommended, because OS X applications are designed by the rule that they can expect windows to have a minimum size of 1024 x 768 pixels at 72 ppi.
The application System Preferences is designed to support a plug-in architecture: The different control areas, called Preference Panes, are automatically activated and deactivated depending on what type of computer you are using. For example, the pane Trackpad will only appear on computers having a trackpad, the item Ink will only be displayed if a graphic tablet or a similar device with pen support is attached to the computer.
System Preferences also supports an additional section that contains optional panes installed by the user. It will be displayed as fifth category, at the bottom of the window. TinkerTool System can help you to manage this section: It can activate additional preference panes which are part of OS X, but are reserved for advanced users and are normally hidden. It can also assist you in removing optional preferences panes you no longer need.
The following additional pane can be activated:
Apple is providing additional panes as part of OS X. Their features may vary depending on OS version, and they may be changed without notice. The optical quality of the panes may not comply with the usual design standards.
To activate one of the hidden panes, perform the following steps:
You can start System Preferences directly from here to use the new panes immediately. Press the button Launch System Preferences.
The panes listed in the previous section and panes of other vendors which appear in the bottom line of System Preferences can be removed when you no longer need them. It is not necessary to know where the different vendors have installed the modules. Perform the following steps:
With OS X 10.10.4 or later, Apple lets you decide whether you like to use Trim commands with all solid state drives (SSD) attached to your system via a SATA bus and a bus interface based on the AHCI standard (Intel Advanced Host Controller Interface).
In a default configuration, OS X won’t send Trim commands to all SSDs, but only to flash storage drives provided by Apple, because in this case the operating system is safe to assume that the Trim commands are implemented correctly by the drive, so the commands won’t lead to data loss or data corruption.
Trim commands are part of the ATA8-ACS2 industry standard which specifies how computers should communicate with modern disk drives. With the advent of storage devices based on flash memory technology, the introduction of the Trim command solved a technical problem solid state drives have been suffering from: On a conventional, magnetic disk drive, operating systems could handle the deletion of files in a simple, quick operation. When a file should be deleted, it is completely sufficient to erase its entry from its folder and to update the information in the file system that the data blocks, which were in use by that file, should be considered free, so they will be automatically reused for new files later. When the disk drive writes new data to such a reused block, it can just do so, overwriting the block’s former contents.
For technical reasons, this is not as easy for flash memory cells. Flash memory cannot be simply overwritten with new data. It is necessary to explicitly clear the flash memory first, which takes a significant time, and then to write the new contents to the storage cells. This means a write operation on a flash storage device will be significantly slower if the drive does not happen to have empty storage blocks in reserve that could be used for the incoming data. Empty means either that this is a brand new, never used storage block, or that this is a used block which has been prepared for a new write operation by an elaborate clearing procedure. If large amounts of data have been written to an SSD in the past, the likelihood that either unused or cleared blocks are available will become lower. The speed of write operations decreases as more data is written.
To resolve this problem, the drive must try to clear unused blocks as early as possible. This way, the chance to have empty blocks in reserve, available immediately for incoming write operations, is much higher. But how should the drive “learn” which blocks are no longer in use? On magnetic disks, the drive did not need to “know” that. To indicate to a storage device that a particular block is considered free by the operating system, so that this block can be prepared for later reuse, the Trim command was introduced. So in addition to just updating its own file system information that show which blocks are free, the operating system can now inform the disk drive, too, which blocks are no longer in use. When an SSD receives a Trim command for a specific storage block, it will place that block on its to-do list for cleaning. When the drive has time for cleanup operations, it will then clear the corresponding flash cells. The likelihood that incoming write commands will find immediately usable free blocks increases, so write operations should be executed as fast as possible.
Very old solid state disks (from a time before Trim was standardized) or SSDs that have internal design flaws may not handle Trim commands correctly. This is dangerous, because it could lead to situations were the drive clears a wrong block which is still in use by the operating system. Typically, this would result in 512 bytes of zeros within a file that should contain other data. To avoid this danger, OS X does not send Trim commands to SSD models it doesn’t know. Only SSD models provided by Apple (usually advertised as “flash storage”) receive Trim commands by default. This limitation can be removed with OS X 10.10.4 or later.
Due to the inherent risks outlined in the previous paragraph, Apple has published the following warning as part of OS X. Note that the term “tool” refers to an internal component of OS X which is used to enable or disable Trim commands for all SSDs. It does not refer to TinkerTool System:
“IMPORTANT NOTICE: This tool force-enables TRIM for all relevant attached devices, even though such devices may not have been validated for data integrity while using TRIM. Use of this tool to enable TRIM may result in unintended data loss or data corruption. It should not be used in a commercial operating environment or with important data. Before using this tool, you should back up all of your data and regularly back up data while TRIM is enabled. This tool is provided on an “as is” basis. APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, REGARDING THIS TOOL OR ITS USE ALONE OR IN COMBINATION WITH YOUR DEVICES, SYSTEMS, OR SERVICES. BY USING THIS TOOL TO ENABLE TRIM, YOU AGREE THAT, TO THE EXTENT PERMITTED BY APPLICABLE LAW, USE OF THE TOOL IS AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY AND EFFORT IS WITH YOU.”
To change the policy of OS X to use Trim commands either for Apple SSDs only, or for all solid state storage devices that are directly connected via AHCI and a SATA bus, perform the following steps:
The computer must be restarted immediately after changing the mode of operation.
The table on this tab item shows you all relevant SSDs currently attached to your Mac, and also lists whether Trim commands are sent by OS X or not. You should verify the status of all SSDs before and after the switch (after the computer was restarted).
In the permission system of OS X, which is explained in detail in the chapter The Pane ACL Permissions, each application decides for itself what rights it will grant for a new a file or folder when that file system object is being created. This also includes the Finder which is the typical application to create new folders.
Security problems could arise if you are using badly written or very old applications which don’t care about permission settings. Such applications could grant write permission to the category “other users” which means that nearly everyone — no matter if the user is even “known” by the current computer — could access, overwrite, and delete each and every document created by that program. In environments where users cannot be considered to behave cooperatively, like schools or large companies, such a lax policy of granting permissions can make a system unusable. For this reason, OS X and every other UNIX system is using a permission filter: Whenever an application creates a new file or folder and has to set the initial permission settings, the permissions will be sent through a filter first which decides if applications are allowed to grant a specific right or not. The filter corresponds directly with the three POSIX rights read, write, execute, and the access parties owner, group owner, and others. See the chapter The Pane ACL Permissions for details.
By default, OS X uses a permission filter which is preconfigured with the following policy:
Administrators can change this policy, modifying the permission filter so that the initial permissions are either relaxed or become even stricter. To modify the permission filter of OS X, perform the following steps:
The change will take effect the next time you start the computer. The button Set Default can be pressed to return to the recommended standard filter. Pressing the button Revert will cause TinkerTool System to discard your changes and to display the settings currently established in the system.
Warning: It is very dangerous to set check marks in the line Owner. Enabling a filter option in this section means that applications will no longer have the right to access the files they just have created.
The setting only affects programs started in user sessions. Background programs of the operating system won’t be affected (unless they are started as part of a user session).
There are specific circumstances where TinkerTool System detects that it won’t be possible to modify the permission filter. In this case, the table is disabled and an error message appears at its left side. The following situations can cause such a problem:
OS X contains an automatic software update service which is designed to contact Apple in regular time intervals, checking whether updates for the operating system are available. This service is configured with the pane App Store of System Preferences. The updates will later be loaded via the App Store application.
It is possible to setup your own software distribution server which mirrors the software distributions and update information from Apple. This can be done by a feature available in the App OS X Server, or by using other third-party utilities which mimic the behavior of Apple’s update servers. To redirect computers in your own network to contact your own update server instead of Apple’s, a special system setting must be modified on each affected computer. This can be done automatically when you are using the Profile Manager of OS X Server but you can also configure this manually on each client. To change the setting via TinkerTool System, perform the following steps:
The change will take effect immediately, and the next time an automatic software update is started, the new server will be contacted. You can remove the customized setting by pressing the button Remove Customization.
If a remote administrator uses the screen sharing feature of OS X to receive the current contents of the computer screen on her own computer across a network connection, OS X automatically tries to protect the privacy of the user currently working on the local screen: If the remote administrator connects with a user account which is different from the one of the local user, the screen session won’t begin immediately. Instead, the accessing user is asked whether he likes to work on his own, separate screen, or if the local user should be asked to grant permission that the remote user can see and take over the current screen. The local user could have private or confidential information on screen, so this behavior will protect the displayed data.
In some cases, this policy may not be useful. You can disable this privacy feature as follows:
You should check if this policy is compliant with local laws and the guidelines of your company, if applicable.
If you enabled the modern version of FileVault (officially called FileVault 2) on your computer, the entire system volume will be encrypted by a secure key and a password will be necessary to unlock and decrypt the disk. When the computer is switched on, the operating system cannot start immediately, because the Mac cannot read the encrypted disk. Instead, the computer’s firmware and some parts of the unencrypted recovery partition present a special login screen (which resembles the login screen of OS X). Users have to log in here first, and for entitled users, the secret decryption key will be unlocked, which is then used to decrypt the operating system partition and to launch OS X.
At this stage, it is known that the user who unlocked the disk must also be a valid user of OS X, so the firmware passes the name and password of this user to the operating system, performing an automatic login, hereby avoiding to ask for credentials a second time. For this reason, the activation of FileVault automatically enables the automatic login feature of OS X, too.
In some cases, this behavior might not be intended. OS X supports a special feature to uncouple the decryption of the FileVault disk from the initial login upon start of the operating system:
Up-to-date versions of Time Machine support a feature which is mainly designed for mobile computers: In addition to the main backup, stored on the disks you have selected for use by Time Machine, Time Machine is capable of creating a second, completely independent backup set on the operating system volume. This second backup can be used to restore data while the mobile computer “is traveling”, not having access to the main backup copy. The data sets within this continuously available secondary backup are called local snapshots. OS X stores the snapshots in an invisible area of the system volume. The storage space needed for this will be considered to be “always automatically releasable”, i.e. the system may remove some or all snapshots at its discretion when the storage space will be needed for “real” data. The “normal” Time Machine backup has no influence on the backup done with local snapshots.
By default, local snapshots are active on mobile computers, and inactive on desktop computers. By using TinkerTool System, you can choose manually whether local snapshots should be created or not. Perform the following steps:
After disabling local snapshots, OS X will begin to automatically release the affected storage space a short time later.
The printing features of OS X are implemented by CUPS, the Common Unix Printing System. By default, OS X keeps a log of all print jobs ever processed by the local computer, the print job history. TinkerTool System can disable the log if desired, and it can show you the records currently in the log. To change the system setting for keeping print job records, perform the following steps:
The log can be reviewed by pressing the button Open print job history in web browser. TinkerTool System will delegate this task to your preferred web browser. Web access to the printing subsystem is inactive by default in several versions of OS X. By using the option Enable web interface of printing system you can control whether web access should be possible or not.