How to Use a Windows PC Keyboard on Mac by Remapping Command & Option Keys

How to Use a Windows PC Keyboard on Mac by Remapping Command & Option Keys

Use Windows PC Keyboard on Mac with remapped modifier keys

Macs can use nearly all keyboards built for Windows PC, whether they are USB or Bluetooth, but you may notice that the layout of some of the modifier keys are different on a Mac keyboard from the layout of a Windows keyboard. Specifically, the WINDOWS and ALT key of a Windows keyboard are switched compared to the Mac keyboard layout of OPTION/ALT and COMMAND keys. This can lead to erroneous keyboard shortcuts or other unexpected key press behavior when using a PC keyboard with a Mac.

A simple solution to this problem is to remap the Windows and ALT key and the command and option/alt keys on the Windows PC keyboard connected to the Mac, so that the keyboard layouts will mimic expectations based on the standard Apple modifier key layout, rather than what it says on the PC keyboard. For most Mac users who connect a PC keyboard to their Mac, this will dramatically improve their typing experience when using a PC keyboard.

Using a Windows PC Keyboard on Mac with Remapped Windows & ALT Keys

This trick works the same with all Windows and PC keyboard with the standard CTRL / Windows / ALT key layout, and all versions of Mac OS:

  1. Connect the Windows PC keyboard to the Mac as usual, either by USB or Bluetooth
  2. Pull down the  Apple menu and choose “System Preferences”
  3. Click on “Keyboard”
  4. Choose the “Keyboard” tab and then click on the “Modifier Keys” button in the lower right corner of the preference panel
  5. Choose the PC keyboard from the “Select Keyboard” dropdown menu at the top of the Modifier keys screen to insure you are modifying the proper keyboard connected to the Mac
  6. Click the dropdown next to “OPTION Key” and select “Command”
  7. Click the dropdown next to “COMMAND Key” and select “Option”
  8. Click “OK” and test out the newly remapped keyboard keys *

Once finished you will have a new digital layout of the Windows PC keyboard keys when used on the Mac:

  • WINDOWS key becomes the ALT / OPTION key on Mac OS
  • ALT key becomes the COMMAND key on Mac OS

* NOTE: Some PC keyboards also have the “CNTRL” and “ALT” keys switched too, compared to a standard Mac key layout. If applicable, go ahead and switch those with the same Modifier Key trick outlined above.

A simple way to confirm the keyboard modifier keys are switched as expected is to issue a keyboard shortcut, like a screen capture (Command Shift 3) or a Close Window command (Command + W). It should work as you’d expect based on the Mac keyboard layout.

Obviously this isn’t going to change the actual physical keyboard appearance, so you’ll have to get used to the appearance of the keys saying one thing, but doing something else. But if you are mostly a touch-typer and never look at your hands when typing this shouldn’t be an issue.

Essentially you are reversing the Windows PC keyboard Windows and ALT keys (which become the Command and Option/ALT keys when connected to the Mac), which puts them in line with the default Mac and Apple keyboard layout of those buttons. Thus, the Windows PC keyboard Windows key becomes the new ALT / OPTION key on the Mac, and the Windows PC keyboard ALT key becomes the new COMMAND key on the Mac, just like it would be on an Apple keyboard.

For example, here’s a Windows PC keyboard with a different modifier key layout than the Apple keyboard layout:

A PC keyboard and modifier key×136.jpg 300w,×348.jpg 768w,×408.jpg 900w, 1500w” sizes=”(max-width: 610px) 100vw, 610px” style=”max-width: 100%; margin: 0.5em auto; display: block; height: auto;” class=””>

And here’s a Apple keyboard with different modifier key layout than the Windows PC keyboard:

Apple keyboard and modifier key×141.jpg 300w,×361.jpg 768w,×423.jpg 900w, 945w” sizes=”(max-width: 610px) 100vw, 610px” style=”max-width: 100%; margin: 0.5em auto; display: block; height: auto;” class=””>

Thus you can see why switching the modifier key behavior when the PC keyboard is connected to the Mac can be helpful.

This trick should be particularly useful to Mac users who have a favorite PC keyboard laying around they want to use, or perhaps prefer a particular Windows PC keyboard for one reason or another. And yes this tip works the same regardless of the Windows PC keyboard connected to the Mac, and regardless of the Mac operating system or the Mac itself. You can switch the modifier keys in any release and with any keyboard this way.

By the way if you’re coming to the Mac from the Windows world, which is perhaps why you have a Windows PC keyboard in use on a Mac in the first place, you’ll probably appreciate learning the Home and END button equivalents on a Mac keyboard, what the Print Screen button equivalent is on a Mac, potentially using the Delete key as a Forward DEL on a Mac, or discovering how to use Page Up and Page Down on a Mac keyboard, and understanding what and where the OPTION or ALT key is on a Mac too.

So, try this out if you have a Windows keyboard you want to use with a Mac, or if you want to try an external PC keyboard on a Mac then go ahead and don’t be shy, because simply swapping those two modifier keys can remedy one of the biggest annoyances when using a Windows PC keyboard on a Mac.

If you have any other helpful tips for using a Windows or PC keyboard on a Mac, then share them with us in the comments below!

New Public Preview: Azure AD Domain Services admin UX in the new Azure Portal – Enterprise Mobility and Security Blog

New Public Preview: Azure AD Domain Services admin UX in the new Azure Portal

Howdy folks,

I’m excited to announce the public preview of Azure AD Domain Services in the new Azure portal. You can now create new managed AD domains and perform administrative tasks like configuring secure LDAP using the Azure portal. If you follow the blog, you already know that Azure AD Domain Services is pretty cool. It provides managed domain services like domain join, group policy, LDAP, and Kerberos/NTLM authentication, all fully compatible with Windows Server Active Directory.

What might surprise you is that over 8000 (!!) customers are already using Azure AD Domain Services today!

And qith this new public preview, we’ve made it even easier to create a managed AD domain using our brand-new wizard experience. The wizard knits tasks like creating virtual networks, configuring group membership of the delegated administrator group, and enabling domain services into a simple, intuitive, step-by-step experience.

Getting started

Here’s how to get started with the new Azure portal experience:

  1. If Azure AD Domain Services is not enabled for your Azure directoryCreate a new managed domain using the new Azure portal.
  2. If you’ve already enabled Azure AD Domain Services for your Azure directoryContact us via email to migrate your existing managed AD domain to the new Azure portal. From there, you can administer your existing managed AD domain using the new Azure portal.

Note: This public preview release supports only classic Azure virtual networks. We don’t support Resource Manager-based virtual networks yet, but the team is hard at work making that happen and we hope to preview it soon!

We want to hear from you!

As always, your feedback is very important to us! Please share your comments, questions, or concerns on our discussion forum, send us an email at, or simply comment below.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

SPN-hacking: derfor er det så vigtigt, at dine servicekonti har ekstra stærke adgangskoder! | Version2

SPN-hacking: derfor er det så vigtigt, at dine servicekonti har ekstra stærke adgangskoder!

Servicekonti i Active Directory er ekstraordinært udsatte og sårbare overfor en bestemt type angreb, som ofte viser sig yderst effektivt til at opnå fulde administratorrettigheder i domænet. Man lykkes med det igen og igen under penetrationstest og intet afholder ondsindede angribere fra at gøre det samme.

Med en almindelig phishing mail og tilhørende simpel malware, eventuelt bare i form af et script, kan man i løbet af meget kort tid opnå Domain Admin rettigheder eller tilsvarende, med begrænset risiko for at blive opdaget. Den lidt nysgerrige interne bruger kan med lidt teknisk snilde gøre det samme.

Denne angrebsvektor har efter min mening slet ikke fået nok opmærksomhed, og helt nye værktøjer gør angrebet endnu lettere at gennemføre, hvorfor dette blogindlæg har fået prioritet over andre i bunken.

Yderligere er det noget, som man rent faktisk kan gøre noget ved, forholdsvis enkelt, og opnå væsentlige forbedringer af virksomhedens forsvarsmekanismer. Der er lavthængende frugter at plukke!

En lang historie kort

Med fare for at oversimplificere vil jeg i det følgende forsøge at abstrahere lidt fra teknikken og holde mig til de overordnede linjer.

Kort opsummeret, så kan enhver bruger i Active Directory (AD), efter indledende authentificering (1), spørge en Domain Controller (DC/KDC) hvilke tjenester (services) der findes hvor i miljøet (2). Herunder hvilke der er tilknyttet en brugerkonto og hvilke der er tilknyttet en computerkonto.

Brugerkonti relateret til Kerberos-tjenester har et såkaldt Service Principal Name (SPN) registreret i AD, der fungerer som et slags katalog over tilgængelige tjenester i domænet.

Efter at have lokaliseret en eller flere interessante servicekonti i AD, kan en angriber anmode en DC om adgang til en af disse tjenester, f.eks. Exchange eller SQL (3).

Derefter vil DCen udlevere en række autentificeringsoplysninger i en “service ticket” (TGS). Denne ticket (3) indeholder data, som kan udnyttes til at bryde servicekontoens adgangskode OFFLINE (4), dvs. uden man behøver “gætte” sig frem ved at spørge DCen igen og igen (brute force), hvilket jo oftest vil føre til låsning af kontoen.

Kerberos SPN Cracking

Normalt vil en klient efter modtagelse af en TGS gå til den server, der har tjenesten installeret (Y) og anmode om adgang til f.eks. SQL, men det er ikke strengt nødvendigt.

Man kan med andre ord “cracke” adgangskoden på kraftige maskiner, fuldstændig risikofrit, uden chance for at blive opdaget. I de fleste tilfælde har man oven i købet meget lang tid til det, da klassiske servicekonti kun sjældent skifter adgangskode.

Det skal siges, at årsagen basalt set ligger i måden Kerberos fungerer på og har som sådan intet med hverken Microsoft eller Active Directory at gøre.

Protokollen er simpelthen designet sådan – og det bedste man kan gøre for at beskytte sig, er at anvende stærke adgangskoder, dvs. meget lange, komplekse og tilfældige adgangskoder (se mere nedenfor).

Rent teknisk, så er en del (server-delen) af den “service ticket”, som DCen sender retur til klienten krypteret med NT-hash værdien af servicekontoens respektive adgangskode. I ovenstående tilfælde SQL serverens servicekonto. Både DC og server ventes at kende denne værdi og kan således anvende den som symmetrisk nøgle til krypteret kommunikation over netværket via klienten.

Alt hvad en angriber skal gøre, er at “gætte” eller bryde nøglen, f.eks. med brute force, maske- eller wordlist-angreb. Det kan man kun hvis adgangskoden ikke er stærk.

Jamen, vi bruger da stærke adgangskoder!?

De fleste IT-administratorer er højst sandsynligt klar over, at adgangskoder på servicekonti bør være ekstra stærke. Vi har i hvert fald sagt det til hinanden meget længe…

Vi er bevidste om, at servicekonti ofte har højere privilegier end almindelige brugere i domænet, i visse tilfælde “Domain Admin” rettigheder eller tilsvarende.

Men under de adgangskodeanalyser som vi jævnligt foretager for kunder, kan vi typisk bryde adgangskoder for 35-50% af servicekontiene i miljøet!

Det er lavt i forhold til almindelige brugere og administratorer, men tallet kunne rent faktisk være et garanteret 0% – uden voldsomt megen bøvl.

Så okay… Måske bruger du og dine kollegaer ekstra stærke adgangskoder til servicekonti, men ham der havde din stilling før dig, gjorde måske ikke.

Lidt historik om SPN-hacking

Personligt fik jeg denne angrebsvektor på lystavlen, da Tim Medin introducerede KerberoastDerbycon i september 2014.

Dengang var angrebet noget mere omstændigt at gennemføre end nu.

For at eksportere de nødvendige oplysninger til cracking, havde en angriber (eller pentester som mig selv) behov for Mimikatz (bare i almindelig user-mode) på maskinen, eventuelt eksekveret i PowerShell (Invoke-Mimikatz).

Alternativt kunne Wireshark, Microsoft Message Analyzer eller den indbyggede kommando NETSH anvendes, men den slags kræver lokale administratorrettigheder.

God gammeldag netværks-sniffing (“wire tapping”) var en anden mulighed – og sammen med lidt Python scripts kunne man med lidt møje og besvær trække de nødvendige data (KRB5TGS) ud af PCAP trace-filerme.

Herefter kunne man forsøge at cracke med en wordlist og Kerberoast, hvilket ikke var helt optimalt.

Selve crackingdelen har kunnet håndteres effektivt offline og med GPU-kraft siden en ændring til John the Ripper (KRB5TGS) i september 2015 og hashcat siden februar 2016.

Med en ændring i PowerSploit fra september 2016 kunne KRB5TGS eksporten klares i PowerShell, uden administrative rettigheder.

For kort tid siden har Will Schroeder (Harmj0y) – i øvrigt en fantastisk White Hat, som bl.a. også står bag fremragende værktøjer som Veil-Framework, BloodHound, Empire og PowerSploit – frigivet Invoke-Kerberoast.ps1, som gør eksporten af KRB5TGS nemt og mobilt.

Det hele er næsten for nemt nu!

Hvad gør vi så for at forsvare os?

Der er flere konkrete ting, som man kan gøre her og nu:

1) Få overblikket over de udsatte servicekonti

Der er heldigvis flere måder at få overblik over præcis hvilke brugerkonti, der er knyttet til tjenester i Active Directory, f.eks.:

2) Sørg for at alle servicekonti med SPN har ekstra stærke adgangskoder.

Det bør i de fleste tilfælde ikke være noget problem at vælge en adgangskode på mellem 25 og 127 karakterer. Det er blot et spørgsmål om en copy-paste operation eller to.

Meld alle servicekonti ind i én sikkerhedsgruppe og associér den med en Fine Grained Password Policy (FGPP) hvor adgangskodekravene er sat højt, f.eks. minimum 25 karakterer.

Skift herefter adgangskoderne for servicekonti med svage – eller ukendte – adgangskoder.

Der findes masser af scripts til at sikre høj adgangskodestyrke (længde, kompleksitet og tilfældighed), f.eks. New-SWRandomPassword.ps1.

PS> New-SWRandomPassword -MinPasswordLength 25 -MaxPasswordLength 127

3) Ryd op i ubrugte SPN registreringer

Når man nu går servicekonti igennem, kan man lige så godt slette SPN registreringer, som ikke længere anvendes med f.eks. setspn.exe.

4) Managed Service Accounts

Undersøg muligheden for at anvende (Group) Managed Service Accounts (MSA).

Desværre er det fortsat kun få tjenester der understøtter Managed Services Accounts, f.eks. IIS, SQL og AD LDS.

5) Udnyt computerkontienes adgangskoder i stedet

Undersøg muligheden for at omstille tjenester til at køre under en af systemets indbyggede kontekster.

Computerkonti har som standard stærke adgangskoder, som automatisk skifter hver 30. dag. De er praktisk talt ubrydelige med nuværende computerkraft og kryptografiske standarder.

Undgå dog at skifte til SYSTEM hvis tjenesten kan køre under en almindelig brugers rettigheder. Det sidste er at foretrække for at mindske risikoen i tilfælde af en sårbarhed i tjenesten, jf. punkt 7.

6) Analyser Event ID 4768 (Kerberos TGS Request)

Når en klient anmoder om en “service ticket” (TGS) oprettes en event på DCen. Hvis der kommer flere fra samme klient på forskellige tjenester inden for kort tid, så er det nok værd at undersøge (læs: SIEM).

7) Lås servicekonti ned til et absolut minimum af rettigheder

Alt for ofte får servicekonti tildelt for mange rettigheder og låses ikke tilstrækkeligt ned, med f.eks. “Deny interactive logon”, “Deny logon from the network” m.v.

Det kan betale sig at gå aktive servicekonti efter i sømmene og fjerne overflødige rettigheder, både lokalt og i AD.


Jeg håber, at nærværende indlæg kan inspirere til, at der strammes op omkring adgangskoder på servicekonti for Kerberos-registrerede tjenester rundt omkring i de danske datacentre.

God fornøjelse!



Tip: Synkroniser automatisk alle dine dokumenter med iCloud Drive på Mac×139.jpg 247w,×415.jpg 737w,×553.jpg 982w,×198.jpg 352w” sizes=”(max-width: 1140px) 100vw, 1140px” style=”border: 0px; vertical-align: middle; float: left;” apple-inline=”yes” id=”3D8FECD1-8248-499B-BF50-81A66FC9FCF5″ src=””>

How to Download Photos from iCloud to Mac or Windows PC the Easy Way

How to Download Photos from iCloud to Mac or Windows PC the Easy Way

May 26, 2016 – 25 Comments

How to download photos from×198.jpg 300x” sizes=”(max-width: 412px) 100vw, 412px” style=”padding: 0px; border: 1px solid rgb(255, 255, 255); max-width: 100%; margin: 0px auto !important; display: block !important; float: none !important;” apple-inline=”yes” id=”5FD5C6E4-E039-4723-A355-842204CC7D5D” apple-width=”yes” apple-height=”yes” src=””>

One of the most common questions regarding using iCloud and iCloud Photo Library is how to download photos from iCloud once they have been stored there. This is a deceptively simple question, and we’re going to push aside any of the complexities of downloading pictures from iCloud Photo Library within Photos app on the Mac, iPhone, and iPad, and instead we’ll show you the single most direct method of downloading a picture from iCloud to a computer, since that is usually what people are looking to do. 

We’ll also show you how to download all photos from iCloud, as well as single pictures or just a group of selected photos.

You have a photo on iCloud, and you want to download that photo your Mac or PC – simple, right? Yes, but it’s done a bit different than you may expect, as we’ll show in the walkthrough here.

How to Download Photos from iCloud to Mac OS X or Windows PC

Have a picture or several photos stored in iCloud and you want the raw file downloaded locally on any Mac, Windows PC, or other device? Here’s how you can do that:

  1. Open a web browser and go to and login with your Apple ID as usual
  2. Login to the iCloud website

  3. Click on the “Photos” icon once you are logged in to the iCloud website
  4. Choose Photos on the iCloud website

  5. Click to select a photo you want to download
  6. Choose the photo you want to download from iCloud

  7. When the picture is loaded on screen, look in the upper right corner of the web browser window for a little download icon, it looks like a cloud with an arrow coming out of the bottom of it – click that to download the photo from iCloud to the computer
  8. Download the photo from iCloud

  9. Repeat as necessary for other photos you wish to download from iCloud

And there you have it, look where your web browser defaults to downloading pictures and you’ll find your photo (or photos) in their original resolution there, this is typically the user Downloads folder. In our example, it’s a picture of the Grand Canyon:

An example photo downloaded from iCloud

That’s how you download photos from onto a computer or device. This works the same with any web browser, so it doesn’t matter if you’re on a Mac or Windows PC, Android, or Linux, you’ll be able to download the pictures from iCloud this way. This is great for the obvious reasons of cross platform access, but it’s also nice for gaining access to a high res picture from another computer or device too.

How can I download ALL pictures from iCloud?

Now, I know what you’re thinking; how can you download all of your pictures from iCloud? And why isn’t there a “download all” button on iCloud Photos? And why can’t we access iCloud Photos through iCloud Drive and copy them like you would from Dropbox on a computer? Those are great questions and certainly worthy feature requests for future versions of iCloud and iCloud Photo management, but what we just outlined above is what is currently available (outside of Photos and iCloud Photo Library anyway), so for now you have to manually download the pictures if you want to get them from iCloud Photos on the web. Hopefully a future version of the iCloud website will offer easy bulk downloading, and maybe even we’ll get comparable features in the Photos apps in Mac OS X and iPhone too.

Here is how you can download ALL photos from iCloud to Mac or PC:

  1. Go to and login as usual, and then go to “Photos” as usual
  2. Choose the “All Photos” album
  3. Scroll to the very bottom of the All Photos album and click the “Select Photos” button in the top of the iCloud Photos bar
  4. Hold down the Shift key and click on the very last picture in the album, this should select every photo in the All Photos album as will be signified by the iCloud Photos bar saying “WXYZ items selected”
  5. Now with all of the photos selected in iCloud Photos, choose the blue “Download” button at the top of the iCloud Photos bar
  6. Confirm that you want to download all of the selected photos (this can be hundreds, or thousands) and click on “Download”

Download All Photos to×146.jpg 300x,×298.jpg 610x” sizes=”(max-width: 610px) 100vw, 610px” style=”padding: 0px; border: 1px solid rgb(255, 255, 255); max-width: 100%; margin: 0px auto !important; display: block !important; float: none !important;” apple-inline=”yes” id=”E43ED4D2-7DA2-44A3-A0A4-AC077C59EF95″ apple-width=”yes” apple-height=”yes” src=””>

This downloads the number of pictures through the browser, just like downloading any other file. This means the photos will likely end up in your Downloads folder, unless you specify downloads to go elsewhere.

Unfortunately there is no “Select All” button or “Download All” button in iCloud Photos on the web currently, but you can use the shift+click trick to select all of the photos yourself. That is the only way to download all photos from iCloud currently, so it requires a little bit of manual effort but it works. 

There are other ways of downloading full resolution pictures from iCloud of course as well, but they require the usage of the iCloud Photo Library feature as well as Photos apps in either Mac OS X or iOS, which puts them off limits to Windows users or from Windows based access. And yes, iCloud Photo Library is supposed to automatically manage and handle photos if you use the service, it will upload them to iCloud, and then download them on demand if requested – but for those who have a large library of pictures or less than stellar internet access, it can be cumbersome or even unreliable. Furthermore, the feature can lead to excess data usage both with a broadband connection and your local device storage, and there are some other curious aspects that can make the feature challenging to use for some specific user situations (for me personally, I like direct file access to my photos in their original format without having to rely on downloading the original, maybe I am old fashioned in that regard).

What about downloading pictures from iCloud backups or iTunes backups?

As you may know, iCloud backups are separate from iCloud Photo Library. If you backup an iPhone or iPad to iCloud, you may like to have direct access to those pictures, but that’s not how iCloud backups work. Instead, they arrive as a complete backup package of the entire device. Thus, you can also get photos out of iCloud and iTunes backups made from an iPhone, iPad, or iPod touch, but it requires either restoring a device with that backup in question in the case of iCloud, or the usage of a third party tool if the backup was made with iTunes. You can learn more about recovering photos from iPhone backups here if you’re interested, but it’s quite a different process from the method outlined above about simply downloading pictures from on the web. 

Downloading photos from iCloud to a×112.jpg 300x” sizes=”(max-width: 309px) 100vw, 309px” style=”padding: 0px; border: 1px solid rgb(255, 255, 255); max-width: 100%; margin: 0px auto !important; display: block !important; float: none !important;” apple-inline=”yes” id=”BDA3939D-9355-4BE3-A92E-D1B295EF624C” apple-width=”yes” apple-height=”yes” src=””>

Do you know of another easy way to download photos from iCloud? Maybe you know of a method to bulk download all your pictures, or a group of pictures, in their original format and size, from iCloud to a computer? Let us know your iCloud photo tricks in the comments!

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:; line-height: 16px; background-position: 10px 40px; background-repeat: no-repeat no-repeat;”>

223; display: inline-block; white-space: nowrap; font-family: Verdana, Helvetica, sans-serif; height: 16px; line-height: 16px; width: 60px; position: relative; background-repeat: no-repeat no-repeat;”>; line-height: 16px; background-position: 10px 40px; background-repeat: no-repeat no-repeat;”>

96; display: inline-block; white-space: nowrap; font-family: Verdana, Helvetica, sans-serif; height: 16px; line-height: 16px; width: 60px; position: relative; background-repeat: no-repeat no-repeat;”> 




Related articles:

Posted by: Paul Horowitz in Tips & Tricks


» Comments RSS Feed

  1. Jamie and The Fiddlesticks says:

    Good tip. You can select multiple photos and download them together from iCloud, but yes it would be nice if there was a download all button, or an ability to download photos as a zip archive from iCloud for date ranges, etc.

    iCloud Photo Library is not something I have ever understood but I think I am not the user it is intended for. I don’t know really know who is. I think it uploads your pictures, and stores a thumbnail locally but then you can get a higher resolution picture by downloading it from Photos app in iOS and Mac. But then if you delete a picture, it deletes from iCloud completely, so you can’t free up disk space this way, and iCloud does not permanently serve as a photo repository. It would be nice if you could just take a picture on your iPhone and know it was stored in iCloud to access anytime you wanted it. Also it would be nice to not shovel over $10 per month for the iCloud.

    I agree with your point about internet speed too, iCloud Photo Library was clearly designed for Cupertino and major global hubs where Comcast and Google Fiber are the norm. Out here in the rest of the USA we have surprisingly tight bandwidth caps and slow DSL, there is no great high speed internet available in my city, so the thought of relying on broadband to access my pictures or anything else reliably or quickly is just out of the question. 

    Finally if you use iCloud Drive like DropBox and create your own folder up there, and upload your pictures manually as files, it would work like that, but it would not be accessible from Photos apps in iOS or Mac, it would only be accessible from iCloud Drive.

    • Jeff Archer says:

      I think the point you are making is that you want to access the photos from within your iCloud backups from or through iCloud Drive, is that right? That sounds interesting, but the backups are not meant to be used that way right now.

  2. Jeff Archer says:

    You forgot the other big caveat with iCloud Photo Library and iCloud Photos — it is not supported by earlier versions of Mac OS X or iOS.

    My Mac has Mavericks runs perfect so why mess with it? No iCloud for me

    My iPad has iOS 6 and runs OK so no iCloud Photos on that either

    I support Macs on Snow Leopard still as well as Windows computers. Not to mention Android. 

    All of these situations mean that if you want to get pictures from iCloud you go to the website as you describe here, as there are no other options. That is why Apple should allow batch downloads of iCloud pictures from It would be a good feature!

  3. Jeff Archer says:

    One final point, to have photos access on you have to enable iCloud Photo Library from somewhere, usually from an iPhone if you’re like me and have a Maverick Mac.

  4. Dina says:

    So far so good, but all of my pictures are in my Mac already.
    If I delete a photo from Photos, it is removed also from iCloud so. what’s the use re-download again a photo?

    • Paul says:

      This is really most useful if you are on a device that isn’t using iCloud Photo Library but still want to download pictures from iCloud. For example, you’re visiting family and using their computer, you can log in to and download a few photos this way.

      The other big perk is that it’s cross platform, you can use it on any version of any system software that has a web browser.

  5. Paul Minz says:

    Good article, but not being a fan of a computer terminal and a “server” in the Old days. I will still keep all of my own Info and data – On My computers and my own Backup system. Even computers are going, one sort of way, backward with all external peripherals hanging off of a main CPU. the 1980s are returning, Ugh. Modern name for server is cloud. I.E. I would never put my Gems in a neighbors house.

    • Paul says:

      I tend to agree, I like direct access to high resolution pictures and other important files from physical backups. Maybe the ideal solution is to have local physical backups of your data and pictures, and an encrypted online solution with all files accessible online when needed too, assuming you have the high speed internet access to support the latter anyway.

      Much of this is personal preference though, some like cloud-only storage.

  6. Mac4Me says:

    This is a good article, and perhaps this observation is slightly off target, but by using Photo Stream instead of iCloud Photo Library, all photos from my iOS devices are automatically added to my Photos libraries on both of my computers, and all the photos I import to my computers from my camera (or other sources) are automatically available to my iOS devices in Photo Stream. Of course I backup my computers to a Time Machine disk as well as saving them to an additional external drive.

  7. Clifford says:

    There is another way…
    Since my son was born my wife and me started taking pictures of him at any given opportunity. We both have iPhones so I told her we should share a folder on iCloud and we put all our pictures in one safe place.
    However we wanted a physical back-up… You know… Just in case!
    After trying almost everything I remembered I installed iCloud Photos on my Windows laptop.
    It so happens that all photos in our shared folders are directly downloaded in a folder on my laptop where they are easily accessible and all I need to do is copy and paste the whole folder on an external drive for safekeeping.
    Simple. Automatic. Effective ?

  8. Draypoke says:

    iCloud Photo Library should “just work” but I saw enough confusion and weird stories on the Apple Discussion Boards of picture libraries disappearing into the ether or high res images seemingly vanished that I never trusted it with my pictures. I hope those problems have been worked out and fixed. Can anyone confirm?

    Apple describes iCloud Photo Library here:

    It sounds good if you have broadband, big iCloud 1TB plan, with no data caps on cellular or home networks.

  9. John says:

    Amazon Prime does this (for free as a Prime member) without having to deal with Apple’s Photos app on your Mac, THE MOST inane photo management software ever written.

  10. Serafinamia says:

    I am in despair about iCloud photo storage. I had some 20,000 photos on my Mac, many edited. After updating (stupidly!) to Yosemite, I now have no way to access my photos, which included several major trips and numerous irreplaceable photos. 

    Is there anything I can do? As batch downloads are not an option. I’ve been an Apple user for 20 years, but this feels like a total betrayal. My husband his his photos on his Dell laptop and they’re fine.

    • Ragnarok says:

      Where did your pictures go? Are they still visible on Are they on the Mac? How would they not be unless you removed them? Did you look in Photos app or iPhoto? Did you search the hard drive?

      If you had 20,000 picture files on the Mac, they must still be there unless you deleted them or formatted the Mac. What else is there to this story? I am confused.

  11. juliaw says:

    I had the same disaster as Serafina. my solution was to access a Time Machine backup and restore the iPhoto library. It was a while ago now so I’m not 100% sure but I think Time Machine gave me the option to create a new library rather than replace my new one. I then imported the restored photos into my Photos app. That took ages and I was really annoyed but at least I recovered the missing photos.

    • Ti Do says:

      That sounds like a major flaw with iCloud or Photos, where did the pictures go when they disappeared? Were they on the file system but missing from Photos app? Glad you were able to get them back. Photos are the most valuable thing on most personal computers! iCloud needs work.

  12. Jig says:

    Is there a better way to get all photos from iCloud? I am looking to download all photos and pictures from iCloud to the computer. I hope Apple has this feature.

  13. “You have to manually download the pictures one by one if you want to get them from iCloud Photos on the web… Hopefully a future version of the iCloud website will offer bulk downloading”

    So, according to the author of this article and ‘osxdaily’, if I need to download 10,000 photos from iCloud using a browser on my mac (or even Windows for that matter), I need to manually download them one by one? Like, select a photo ->click download, then select another photo->Click Download and Continue this 10,000 times? Really? I mean, Seriously??

    Well, at least since the last 12 months (And probably even before that), I have been downloading photos in bulk using these simple steps:

    – Select first photo.
    – Keep scrolling down straight to last photo.
    – Then press shift button first and click on the last photo.
    – This will select all items in between.
    – Click Download & The photos will start downloading automatically.

    • Jignesh says:

      Yes that is correct, if you want to download photos from you download each photo independently. This is how I downloaded my photos from iCloud to my computer, it is a Windows PC.

      You can download photos from iCloud with iCloud Photos Library or with Photos app in iOS in bulk as described.

      Please describe what you are using, if it is a browser or the iCloud Photos, as that is relevant. 

  14. tkoband says:

    If you don’t want to “verify” every pic make sure that in whichever browser you are using, to turn OFF the “ask every time” feature in your options/tools. 

    Also, in options, you can change WHERE you want these to download to. You can leave as default and they they will end up in your “download folder” or you can connect an external drive and download to there, saving your PC memory. 

    The only caveat to this that I have experienced is that it DOES change the date of your photo/doc/video and they will have “today’s” date, as if they were taken on the date you are saving them from iCloud. 

    Then use the same click, scroll to last pic, shift click again to select all in the iCloud and delete all.

    • Susie says:

      Hi tkoband – where is the setting in iCloud you mention above where you can change WHERE the photos download to? In “Settings”? I do not see it there! 

      ARGH! I am SO frustrated with iCloud for all the reasons mentioned in this post. I can’t wait until Apple gets their butt kicked with a better program which inevitably it will

      • Karen says:

        It’s a browser setting, not an icloud setting. Once you get the “ask every time” feature turned off you can select all the photos at once and download them all to your new, or default location. I FINALLY figured this out and got all my photos downloaded. *Bonus – it didn’t change the date of the picture either. They all still say the correct date that they were taken.* Man, I miss just plugging in my phone and doing a copy paste to back them up. I think I may just have to turn off the optimization. That way all my new photos are actually on my phone – not just thumbnails. I’ll have to clear my phone more often, but at least it will be simple.

  15. Matteo says:

    I had about 11000 pic in my iCloud, I used this guide for selecting all pic on a Mac and It worked like a charm.
    I hope will help you as the same!

Leave a Reply





Shop for Apple & Mac Deals on

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Are your DCs too busy to be monitored?: AD Data Collector Set solutions for long report compile times or report data deletion | Ask the Directory Services Team

Oops: Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors

Oops: Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors

Microsoft has demonstrated why the FBI’s desire for “Golden Key” backdoors allowing “good guys” to bypass security is such a bad idea: it inadvertently released its own keys to Windows tablets, phones, HoloLens and other devices using UEFI Secure Boot.

Microsoft created a convenience key to bypass UEFI security, then leaked it

As noted by Charlie Osborne for Zero Day, the ability to bypass Windows Secure Boot using the profiles Microsoft made public not only allows users to replace their Windows OS with something else such as Linux, but also “permits the installation and execution of bootkit and rootkits at the deepest level of the device.”

Security researchers MY123 and Slipstream published a detailed explanation of how Microsoft bungled its security keys, and then failed to correctly patch for the issue, resulting in an ongoing issue that “may not be possible to fully resolve.”

“A backdoor,” the researchers noted, “which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!”

Evidence for the FBI to examine

Over the past winter, the FBI has locked horns with Apple over its efforts to bypass the boot security system of iOS, with the intent to make it easier to decrypt data on iPhones and other devices.

In February, Apple’s chief executive Tim Cook issued a statement in response to FBI demands, writing that, “We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them.

But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”“the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone” – Tim Cook

Cook concluded, “while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

Sure enough, after Microsoft did create a backdoor for Windows Phone and other Secure Boot devices, it subsequently leaked the tools for unlocking that backdoor.

The researchers involved in documenting Microsoft’s screwup observed, “About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad!

“Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don’t
understand still? Microsoft implemented a ‘secure golden key’ system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a ‘secure golden key’ system? Hopefully you can add 2+2…”

At this week’s BlackHat security conference, Apple engineer Ivan Krstić provided new details about how Apple’s own security system works on iOS devices, noting that iOS lacks any sort of backdoor mechanism that would allow Apple or others to bypass device security the way Microsoft’s Secure Boot for Windows does.

Apple’s serious approach to security has enabled the company to take a leading roll in supplying computing devices to enterprise buyers, one of the markets Windows Phone has made very little progress in, and a market segment that has purposely shunned the sloppy security associated with Google’s Android. 

Setting up Windows 10 for IoT on your Raspberry Pi 2 – Scott Hanselman

Setting up Windows 10 for IoT on your Raspberry Pi 2

Windows 10 IoT on small embedded devices

Windows 10 Raspberry Pi robotThis week at the BUILD conference in San Francisco Microsoft released the first preview of Windows 10 IoT (Internet of Things) for Raspberry Pi 2 (as well as other lovely devices like the Intel Galileo and MinnowBoard Max).

First, as I mentioned in February the Raspberry Pi 2 runs the Windows 10 IoT version. That means there is no “shell” or Windows Explorer. It’s not a tiny desktop PC, but rather the core brain of whatever embedded maker thing you choose to build with it. The core of it is Windows. You’ve got PowerShell, you can run Windows Universal Apps that you write in C#, and you can talk to peripherals.

Over here at there is a great list of projects you can build with Windows IoT, including a cool robot you can control with an Xbox Controller.

Installing Windows 10 on your Raspberry Pi 2

This is an early build so things will change and get easier I’m sure. To be frank, getting the builds for Raspberry Pi took some confusing on my part to download.

  • Go to the Windows Embedded Connect site and sign in.
  • Pick the Build you want. I got Windows 10 IoT Core Insider Preview Image for Raspberry Pi 2.
  • You’ll need to install this older “File Transfer Manager” if you don’t have it. If you have Chrome, you’ll need to click the “.dlm” file and open it with the File Transfer Manager. You’ll also need to accept two EULAs.
  • Then you’ll get a large ZIP file with the image you want inside. Unzip somewhere.
  • Here’s a kicker, you’ll need a Windows 10 Preview machine to run these commands and install.
    • I built one with a laptop I had around. I’m not sure why Windows 10 is needed. However, once it’s setup you can use Windows 8.1 to talk to the Pi 2 or Remote PowerShell in.
  • You should also get Microsoft Visual Studio 2015 RC.
    • After you install 2015, go try to make a Universal App and it will download the Universal Apps SDK.
  • Follow the instructions here.  Below is my summary along with the gotchas that slowed me down.

Now, plug your micro SD card into your Windows 10 PC (I use a micro to USB adapter) and open an Administrator PowerShell and run:

  • wmic diskdrive list brief and make note of the physical disk number of your SD Card.

next run this and change PhysicalDriveN to whatever your SD Card’s physical number is.

dism.exe /Apply-Image /ImageFile:flash.ffu /ApplyDrive:\.PhysicalDriveN /SkipPlatformCheck

  • NOTE: I had some issues and got “Error 50” on one of my micro SD cards. Changing cards worked. Not sure what’s up.

Now, just put your micro SD card into your Pi 2 and boot up your Pi 2 while connected to a display and Ethernet. It will initially startup very slow. It could be 2 to 4 minutes before you get to the main screen. Just hang in there until you see this screen. This is the Default app and just shows the IP Address of your Raspberry Pi 2.

Installing Windows 10 on a Raspberry Pi 2 

Now, from your local admin PowerShell run these commands to remote into your Pi 2. The default name is MINWINPC but you can also use the IP Address.

net start WinRM
Set-Item WSMan:localhostClientTrustedHosts -Value MINWINPC
remove-module psreadline -force
Enter-PsSession -ComputerName MINWINPC -Credential MINWINPCAdministrator

When the credentials dialog opens, make sure you use yourrpi2machinenameAdministrator or yourrpi2ipaddressAdministrator for the user name. I was just using Administrator. The default password is p@ssw0rd and you should change it.

See here how the PowerShell prompt changes to include the remote machine’s name after I’ve remoted in?

remoting into Windows 10 on a Raspberry Pi 2

On your Windows machine install the MSI that was included in the download. It will start a small watcher utility that will scan your network and look for Microsoft IoT devices. It’s easy to lose them if their IP address changes. It also has a nice right click menu for getting to its embedded web server.

Windows IoT Core Watcher

Included and running on the image is a web server that will let you explore attached devices and running processes.

Raspberry Pi 2 Windows 10 Web Management

You can also deploy applications from here although you’ll usually do it from Visual Studio.

Raspberry Pi 2 Windows 10 Web Management

As of the time of this blog post they didn’t have WiFi and Bluetooth ready yet but they are updating it often so I am sure we’ll see updates soon. Here is a list of devices that work today via USB.

There’s lots of samples. You can make Background (headless) IoT apps or do ones with a UI since the Raspberry Pi has HDMI built in.

Finally, here’s turning on an LED from C# (with comments and defensive code).

using Windows.Devices.Gpio;

private void InitGPIO()


    var gpio = GpioController.GetDefault();


    if (gpio == null)


        pin = null;

        GpioStatus.Text = "There is no GPIO controller on this device.";



    pin = gpio.OpenPin(LED_PIN);


    if (pin == null)


        GpioStatus.Text = "There were problems initializing the GPIO pin.";





    GpioStatus.Text = "GPIO pin initialized correctly.";


Deploying from Visual Studio

Make sure the remote debugger is running with schtasks /run /tn StartMsVsmon and connect with no authentication while it’s running.


Now you can deploy a Universal App (with UI!) directly from Visual Studio:


And here is my amazing app. Which is basically just a bunch of controls I threw onto the XAML. But still. Fancy!

My XAML app running on my Raspberry Pi 2 with Windows 10

Windows Remote Arduino and Virtual Arduino Shields

A few other cool maker things worth pointing out are Windows Remote Arduino and Virtual Arduino Shields. Remote Arduino lets you talk to your Arduino from your Windows  machine using the Firmata protocol. Then you can reach out to an Arduino device and give it commands from a Windows Universal app. The Virtual Arduino Shields lets you use a Windows Phone as a well, just that, virtual shields. Shields for Arduino can add up and when you’re prototyping you may not want to shell out for a Gyro or GPS. A cheap phone like a Lumia 530 has like $200 worth of sensors (gps, touch display, gyro, internet, speech, etc) in it that you can exploit.

It’s early days but I’m pretty stoked about all the options that Makers have available. The ASP.NET team is in talks with the IoT folks to see if we can get ASP.NET 5 running on Windows IoT on a Raspberry Pi as well, so stay tuned. Get started here.

Related Links

Sponsor: Big thanks to the folks over at Grape City for sponsoring the feed this week. GrapeCity provides amazing development tools to enhance and extend application functionality. Whether it is .NET, HTML5/JavaScript, Reporting or Spreadsheets, they’ve got you covered. Download your free trial of ComponentOne Studio, ActiveReports, Spread and Wijmo.

About Scott

Nu muligt at afvise Windows 10 – permanent

Nu muligt at afvise Windows 10 – permanent

I forbindelse med at Microsoft vil gøre deres Windows 10 opgradering til eksisterende Windows 7 og 8,1 brugere mere bredt tilgængelig, annoncerer software giganten også, at man samtidig vil tilbydes en permanent måde at afvise opgradering på. Det betyder, brugere, der ikke ønsker at opgradere, slipper for de gentagne påmindelser om opgraderingen.

Private brugere og virksomheder, der opdater deres Windows via Windows Update, er siden lanceringen af Windows 10 konstant blevet spammet med reklamer i deres proceslinjen, hvor Windows Update tilskynder dem til at opgradere deres system. Men det lover Microsoft nu at give brugerne en mulighed for at slippe for.

Læs her, hvordan du allerede nu kan slippe for Windows 10 upgrade notifikationer.

Amerikanske brugere, der modtager deres opdateringer fra Windows Update, og ikke fra tjenester som WSUS eller SCCM, vil begynde at modtage det nye tilbud senere i denne måned, hvorefter resten af verden følger trop.

Den gratis opgradering til Windows 10 er tilgængelig for alle, som ikke kører en Enterprise-version af Windows 7 eller 8.1.

Does your logon hang after a password change on win 8.1 /2012 R2/win10? | Ask the Directory Services Team

Does your logon hang after a password change on win 8.1 /2012 R2/win10?

Hi, Linda Taylor here, Senior Escalation Engineer from the Directory Services team in the UK.

I have been working on this issue which seems to be affecting many of you globally on windows 8.1, 2012 R2 and windows 10, so I thought it would be a good idea to explain the issue and workarounds while we continue to work on a proper fix here.

The symptoms are such that after a password change, logon hangs forever on the welcome screen:

How annoying….

The underlying issue is a deadlock between several components including DPAPI and the redirector.

For full details or the issue, workarounds and related fixes check out my post on the ASKPFEPLAT blog here

This is now fixed in the following updates:

Windows 8.1, 2012 R2, 2012 install:

For Windows 10 TH2 build 1511 install:

I hope this helps,


Secured By miniOrange