Buying A Computer For An Employee

Discussion in 'Buying Tips and Advice' started by flintanalytics, Dec 31, 2013.

  1. flintanalytics macrumors newbie

    Joined:
    Dec 31, 2013
    #1
    I own a small business and I am buying a computer for my first employee. The tasks this person will do are similar to what I do and an MBA is great for the job. So I picked one up. What should I do to set up the computer so that my employee has complete access to install what they want to on the computer, but when the employee eventually leaves, I will be able to get access to the computer without having to ask them for their login info?

    Thanks.
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    You'll want to set up two administrator accounts, one for yourself and one for the employee.

    This is done in the system preferences>Users & Groups.

    When you first set up the computer and go through the first boot up, you'll be creating one account then, so you'll need only to go through the system Users & Groups reference for the second account
     
  3. gnasher729, Dec 31, 2013
    Last edited: Dec 31, 2013

    gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #3
    If you want your employee to use full-disk encryption (which is a good idea if there is customer information and similar that you need to keep confidential), FileVault will give you a 20 digit master key for unlocking the drive, which you should write down and keep in a safe place. So if your employee leaves and refuses to talk to you, you can use that master key to unlock the encrypted disk.

    And it's always best to have a backup. For $20 you can install Mavericks Server on your computer, buy an external hard disk attached to _your_ computer, and your Mac will make Time Machine backups for everyone in the office. So worst case, if your employee leaves and first smashes up their computer, you buy a replacement computer, and restore from the Time Machine backup.
     
  4. ssmed macrumors 6502

    ssmed

    Joined:
    Sep 28, 2009
    Location:
    UK
    #4
    In general I would not be as generous as you with admin rights, but you can end up being a computer tech if there are a lot of changes needed and this doesn't suit the small business. However I don't want pirated, malicious or distracting software on a work computer, not that this stops the disk getting completely filled with music to the point of not working! An alternative approach would be BYOD, and give them a little more money to cover it – this really suits some people. However it depends a lot what kind of business you are in.

    If you use iCloud - put Find My Mac on your admin account so that you can use this should the computer need finding/wiping etc.

    We have bought a few MBAs and my other advice would be to buy a nice thick neoprene case and consider a keyboard cover (the Moshi ones are easy to type with) as added protection. This gives a message that you want it looked after. I say this after a cracked screen and a cup of tea on the keyboard in two separate incidents in 3 weeks.

    Setting up two admin accounts doesn't not mean that the employee cannot remove your admin rights and change your password. So in the end it comes down to knowing the person and the relationship between you. The disk encryption password concept above is a good one.
     
  5. robgendreau macrumors 68030

    Joined:
    Jul 13, 2008
    #5
    The other issue is Apple and their digital rights management. Lots of stuff is regulated via an AppleID, from messaging to software licenses for stuff bought at the Mac App Store. If you intent was to allow the employee, as an administrator, to also install software and run things under their AppleID, you could have problems once they left. Stuff in iCloud, for example.

    Frankly, I dunno how administrators in companies deal with this, but take it into account.
     
  6. mpantone, Dec 31, 2013
    Last edited: Dec 31, 2013

    mpantone macrumors 6502

    Joined:
    Mar 20, 2009
    #6
    You'd create a work-specific Apple ID for the employee in question (e.g., FlintEmp002 (at) icloud.com or employee002 (at) flintanalyticscorp.com), then use it purchase & download work-specific tools.

    You wouldn't purchase/download work-related stuff using the employee's personal Apple ID account.

    If the employee leaves, the rights are retained by the company.
     
  7. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #7
    Plus, if flintanalytics takes possession of the machine at a later date they can associate it with their own AppleID and install all MAS apps they have on their own MBA.

    B
     
  8. flintanalytics thread starter macrumors newbie

    Joined:
    Dec 31, 2013
    #8
    Thanks for the help.

    This is really helpful, thank you. I might try using filevault for this and thanks for the appleid recommendation.
     
  9. mikes63737 macrumors 65816

    Joined:
    Jul 26, 2005
    #9
    I work for a small software development company, and I just wanted to weigh in that in some situations, granting each user complete administrative access to their system is an absolute necessity. In a previous job, we were on a Windows domain and I needed to contact university IT to install anything. Especially web browsers -- the most important tool in my job as a web developer. It was a huge hassle, resulted in lots of lost time, and that actually was a small part of why I moved on (didn't feel trusted).

    Obviously, this does not apply to all industries, but kudos to the OP for at least trying to make it easy on this new person. :)

    I completely agree with keeping a backup. It's more important than being able to access the drive on that laptop. In my current position, all work is saved in a remote Git repository (aka "in the cloud") or on our NAS. It's part of our workflow, we don't email files, we get them from the NAS, so there's no way for an employee to keep work files on their machine locally without a remote copy. There is literally nothing on any of the employee machines that is not copied anywhere else.

    For two people, you could look into using Bittorrent Sync, Dropbox, or buying a network hard drive. This way, if the person changed their FileVault encryption keys (it's fairly easy to do) or deleted your account, you would have a copy of their work somewhere else.
     

Share This Page