User profile for user: iaw4
iaw4 Author
User level: Level 1
9 points

Read-Only or Snapshotted System For Elderly

I have some elderly relatives in another country, some of whom are suffering from mild dementia, who have a knack for messing up whatever system I set up for them. I would really like to create a macOS system for them that always returns to its original state after a reboot. (The system does need their passwords for applications programmed in, such as for Skype, Safari websites (cookies), etc.)


This could be achieved by booting from a disk image that is read-only and first loads into RAM; or a snapshot of the macOS system volume, and all subsequent writes are ephemeral to a RAM only overlay file system. The base ingredients in the OS seem to be there. Alas, this may be a bridge too far. (Eventually, every few months, I as the sysadmin would need to upgrade the applications and save the new state to disk again.)


My best alternative may be to create 50 user accounts, all numbered, and when one has become screwed up, they are supposed to use the next. (Alas, I don't know if macOS makes it easy to clone user accounts, with passwords and everything else. This ain't old-school linux any longer, where a simple `cp -a /Users/user01 /Users/user02` would have done the job, but file systems with weird protected files and spaces throughout.)


Is there a simple software solution to my problem?


Posted on Feb 3, 2025 10:31 PM

Reply
Question marked as Top-ranking reply
User profile for user: Strontium90
Strontium90
User level: Level 5
5,505 points

Posted on Feb 5, 2025 12:42 PM

These are likely advanced options. However, I can offer two possibilities.


As a previous poster mentioned, there is Guest Account. However, on logout, all data in the guest account is discarded, so this means there can be no persistent data maintained across a logout, reboot, or update. However, you can customize the User Template to an extent. Each time the guest account is logged in, the User Template is copied to /Users and anything that is in there becomes the foundation of the user's session. The User Template is located at /Library/User Template. Inside is a folder for many of the localized countries and another to all (Non_localized). You could create a user account, define all settings, copy them to the User Template, and now when using Guest, the initial settings are all in place. I don't think this will work with Keychain but it may work if you are using a 3rd party browser that maintains its own password database.


Ok, that will be a lot of work and a lot of troubleshooting to get it right. And in the end, it still may not be what you are looking for.


A second option is to look at a product like Deep Freeze. Once again, you will need to do a bunch of work to set the "perfect" starting point for the user. Once you have this in place, you "freeze" the device and now you can do anything you want to the machine and a simple reboot brings you back to the frozen state. We used this years ago for kiosks and public access devices that needed to be reset to a specific state. Now, you still run the risk of arbitrary data creation. If your relative is 100% using a web browser, that is one thing. But if they are creating local documents (screenshots, downloading images, writing a document, etc.) then you run the risk of that content being lost on reboot. You could use external media or the cloud for file storage, but that may be confusing for the user.


Hope this helps. I feel for your plight as dementia is a terrible scourge that slowly takes our loved ones from us, leaving behind a hollow shell of the person we know. May this help you find a solution.

View in context
9 replies
Question marked as Top-ranking reply
User profile for user: Strontium90
Strontium90
User level: Level 5
5,505 points

Feb 5, 2025 12:42 PM in response to iaw4

These are likely advanced options. However, I can offer two possibilities.


As a previous poster mentioned, there is Guest Account. However, on logout, all data in the guest account is discarded, so this means there can be no persistent data maintained across a logout, reboot, or update. However, you can customize the User Template to an extent. Each time the guest account is logged in, the User Template is copied to /Users and anything that is in there becomes the foundation of the user's session. The User Template is located at /Library/User Template. Inside is a folder for many of the localized countries and another to all (Non_localized). You could create a user account, define all settings, copy them to the User Template, and now when using Guest, the initial settings are all in place. I don't think this will work with Keychain but it may work if you are using a 3rd party browser that maintains its own password database.


Ok, that will be a lot of work and a lot of troubleshooting to get it right. And in the end, it still may not be what you are looking for.


A second option is to look at a product like Deep Freeze. Once again, you will need to do a bunch of work to set the "perfect" starting point for the user. Once you have this in place, you "freeze" the device and now you can do anything you want to the machine and a simple reboot brings you back to the frozen state. We used this years ago for kiosks and public access devices that needed to be reset to a specific state. Now, you still run the risk of arbitrary data creation. If your relative is 100% using a web browser, that is one thing. But if they are creating local documents (screenshots, downloading images, writing a document, etc.) then you run the risk of that content being lost on reboot. You could use external media or the cloud for file storage, but that may be confusing for the user.


Hope this helps. I feel for your plight as dementia is a terrible scourge that slowly takes our loved ones from us, leaving behind a hollow shell of the person we know. May this help you find a solution.

Reply
User profile for user: Luis Sequeira1
Luis Sequeira1
User level: Level 9
73,254 points

Feb 4, 2025 3:18 AM in response to iaw4

If they are set up as standard users, not admin, they may mess with their own accounts, but not the system. However, even that can be cause for trouble and confusion.


You can certainly create many replicas of the same account (and I will tell you one way to do it), but there are issues with this, namely: 1) any documents created in one account will not be accessible in another; 2) if you set the login window to list of users, they will all be presented to the elderly person, which I am afraid may be more confusing; unless you set it as "user and password", but that too may be another hurdle (e.g reminding them to type a certain name followed by 1,2, or 3)


Here is one way to replicate an account: create and set up the account just as you want it; backup using Time Machine; migrate from backup - you will be asked if you want to replace or rename - in this case, rename. Repeat

Reply
User profile for user: HWTech
HWTech
User level: Level 9
68,702 points

Feb 4, 2025 9:38 AM in response to iaw4

You may want to look into configuration profiles that business & schools utilize to further lock down a Standard user account. I'm not sure exactly what you can achieve with this, but perhaps you can prevent access to certain settings even within their own user account.


I'm not sure if there is any good "parenting" software which could impose some restrictions as well.


Maybe you can somehow use Carbon Copy Cloner or SuperDuper to replace some items within the home user folder, although you may need to script it to be more automatic. This may need to be performed from the admin user account depending on the severity of the corruption within their own Standard user account.


Is anyone in their neighborhood helping them out? Perhaps you can see if they would assist in "fixing" the account with minor intervention if you come up with a simple plan.



Reply
User profile for user: iaw4
iaw4 Author
User level: Level 1
9 points

Feb 5, 2025 10:18 AM in response to iaw4


all good but flawed alternatives. the iPad is a great idea, unless we need to have primarily (only) an external monitor with mouse and keyboard.


the guest account would be great, too, if I could fix it up. I need the basic passwords stored in the browser and in the Skype app. trying to get my relative to go through (sometimes multi factor) authentication is hopeless. I haven't figured out how to customize the guest account --- if I could, this would be pretty much an ideal solution.


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Read-Only or Snapshotted System For Elderly

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up