As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Looking to lock down my sons computer

clsCorwinclsCorwin Registered User regular
Just got a nettop box for my son and was looking for new free software I can use to restrict his access.

Its running XP Home SP3, and right now the plan is to have 2 accounts, one with very limited internet access, and another that would have access to games and a bit more of the net.

Also, a time based login restriction would be super.

clsCorwin on
«134

Posts

  • Options
    ueanuean Registered User regular
    edited September 2009
    clsCorwin wrote: »
    Just got a nettop box for my son and was looking for new free software I can use to restrict his access.

    Its running XP Home SP3, and right now the plan is to have 2 accounts, one with very limited internet access, and another that would have access to games and a bit more of the net.

    Also, a time based login restriction would be super.

    I'm also looking for this, but for a set of 7 laptops we\re trying to run a small computer-lab with. Laptops were donated and came with XP Home. And home doesn't give you anything for permissions beyond a limited account. Specifically I'd want to restrict internet access and program access, same as OP.

    uean on
    Guys? Hay guys?
    PSN - sumowot
  • Options
    ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited September 2009
    I don't know any specific software to recommend, but remember that physical access means that the machine can be generally considered compromised. Particularly for a Windows machine.

    At least, remember to lock down the boot order in BIOS (system drive first) and give it a master password. Then put a lock on the computer case. This halts the easiest ways to get around software locks.

    That depends how old or computer-literate your son is, I guess.

    ronya on
    aRkpc.gif
  • Options
    ImprovoloneImprovolone Registered User regular
    edited September 2009
    Perhaps some version of Linux can really lock it down. Would you be willing to dual boot?

    Improvolone on
    Voice actor for hire. My time is free if your project is!
  • Options
    DaedalusDaedalus Registered User regular
    edited September 2009
    Your son is going to disable your net-nanny software in ten minutes, find your own porn stash in fifteen, and lose some amount of respect for you.

    At least, that's how it worked for me. What age are we talking about here?

    Daedalus on
  • Options
    happy cabbagehappy cabbage Registered User regular
    edited September 2009
    Talk your son. Don't waste both of your time. You won't accomplish anything, and he will be pissed at you and find a workaround within 20 or 30 minutes.

    happy cabbage on
  • Options
    travathiantravathian Registered User regular
    edited September 2009
    http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

    Steady State by Microsoft can lock down the system to prevent changes, malware, spyware etc from buggering the system. Every time he boots up its in a clean state. Now this wont prevent him from doing stupid shit, you'll need net-nanny or something for that, but if they do get into a mess, Stead state rolls the system back each time. Oh and its free. You can create a white list of websites he's able to visit, but that may be a lot of work.

    travathian on
  • Options
    ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited September 2009
    Huh. Looks like Microsoft has its own web filtering software, too. Haven't tried it or encountered it ever, though.

    edit: you can lock down a desktop in a such a way as to make getting around limitations too difficult to be practical, given other likely real-life conditions such as being able to visually observe the computer every now and then. :rotate: Your "opponent" is a kid with no budget, not a crack NSA team squirreled away under Cheyenne.

    ronya on
    aRkpc.gif
  • Options
    Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    edited September 2009
    Set your DNS to a public filtered DNS server with a configurable white/blacklist (e.g. OpenDNS) rather than your ISP's defaults. Set that in your wireless router and there's not much that can be done about it short of factory-resetting the router and/or hopping the neighbour's unsecured wi-fi.

    Mr_Rose on
    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
  • Options
    Mortal SkyMortal Sky queer punk hedge witchRegistered User regular
    edited September 2009
    As a kid who has been placed under many of these in his many years of using the internets, the best option is to use dansguardian on a proxy server. ultra customizable, so you can filter or un filter whatever you want.

    Mortal Sky on
  • Options
    ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited September 2009
    Mr_Rose wrote: »
    Set your DNS to a public filtered DNS server with a configurable white/blacklist (e.g. OpenDNS) rather than your ISP's defaults. Set that in your wireless router and there's not much that can be done about it short of factory-resetting the router and/or hopping the neighbour's unsecured wi-fi.

    DNS filtering can be defeated by using a proxy server or just tapping IP addresses in manually, you need more than that.

    ronya on
    aRkpc.gif
  • Options
    Mortal SkyMortal Sky queer punk hedge witchRegistered User regular
    edited September 2009
    ronya wrote: »
    Mr_Rose wrote: »
    Set your DNS to a public filtered DNS server with a configurable white/blacklist (e.g. OpenDNS) rather than your ISP's defaults. Set that in your wireless router and there's not much that can be done about it short of factory-resetting the router and/or hopping the neighbour's unsecured wi-fi.

    DNS filtering can be defeated by using a proxy server or just tapping IP addresses in manually, you need more than that.

    Hence why I recommended dansguardian. It's not too fascist, unlike some other overpriced private programs, but my god it works.

    Mortal Sky on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited September 2009
    My son is 10 and not very computer literate. Hes never had his own computer before, and I've been very wary of him using mine because of a fear of him breaking it.

    I don't need anything crazy, but something that would prevent him from logging in after 9pm each night would be nice, and something akin to netnanny.

    I want him to be able to learn and do cool stuff, I just don't want him up all hours of the night and stumbling across porn.

    clsCorwin on
  • Options
    Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    edited September 2009
    ronya wrote: »
    Mr_Rose wrote: »
    Set your DNS to a public filtered DNS server with a configurable white/blacklist (e.g. OpenDNS) rather than your ISP's defaults. Set that in your wireless router and there's not much that can be done about it short of factory-resetting the router and/or hopping the neighbour's unsecured wi-fi.

    DNS filtering can be defeated by using a proxy server or just tapping IP addresses in manually, you need more than that.

    Proxies can be added to the block list easily enough and how many people actually know the IP of their favourite internet sites?

    Mr_Rose on
    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
  • Options
    japanjapan Registered User regular
    edited September 2009
    Mr_Rose wrote: »
    ronya wrote: »
    Mr_Rose wrote: »
    Set your DNS to a public filtered DNS server with a configurable white/blacklist (e.g. OpenDNS) rather than your ISP's defaults. Set that in your wireless router and there's not much that can be done about it short of factory-resetting the router and/or hopping the neighbour's unsecured wi-fi.

    DNS filtering can be defeated by using a proxy server or just tapping IP addresses in manually, you need more than that.

    Proxies can be added to the block list easily enough and how many people actually know the IP of their favourite internet sites?

    There are any number of sites that will do free DNS lookups for you.

    japan on
  • Options
    elliotw2elliotw2 Registered User regular
    edited September 2009
    clsCorwin wrote: »
    My son is 10 and not very computer literate. Hes never had his own computer before, and I've been very wary of him using mine because of a fear of him breaking it.

    I don't need anything crazy, but something that would prevent him from logging in after 9pm each night would be nice, and something akin to netnanny.

    I want him to be able to learn and do cool stuff, I just don't want him up all hours of the night and stumbling across porn.

    If that's all you need, you should be able to punch the computer's MAC address/IP into your router and set it up to only allow connections from x AM to x PM

    elliotw2 on
    camo_sig2.pngXBL:Elliotw3|PSN:elliotw2
  • Options
    ronyaronya Arrrrrf. the ivory tower's basementRegistered User regular
    edited September 2009
    japan wrote: »
    Mr_Rose wrote: »
    ronya wrote: »
    Mr_Rose wrote: »
    Set your DNS to a public filtered DNS server with a configurable white/blacklist (e.g. OpenDNS) rather than your ISP's defaults. Set that in your wireless router and there's not much that can be done about it short of factory-resetting the router and/or hopping the neighbour's unsecured wi-fi.

    DNS filtering can be defeated by using a proxy server or just tapping IP addresses in manually, you need more than that.

    Proxies can be added to the block list easily enough and how many people actually know the IP of their favourite internet sites?

    There are any number of sites that will do free DNS lookups for you.

    And nslookup.exe is of course included with Windows.
    clsCorwin wrote: »
    My son is 10 and not very computer literate. Hes never had his own computer before, and I've been very wary of him using mine because of a fear of him breaking it.

    I don't need anything crazy, but something that would prevent him from logging in after 9pm each night would be nice, and something akin to netnanny.

    I think SteadyState does that, it's hard to tell from its stated featurelist. There's also the Windows Live Family Safety stuff. If you want to minimise installing stuff, technically you can just use Window's inbuilt user account capabilities to prevent logins outside a particular time, then use Task Scheduler to force logoff at the end of that period.

    All this said, there's a very good chance that if your son isn't currently computer literate, being faced with software restrictions is an excellent motivator for becoming computer literate... :mrgreen:

    ronya on
    aRkpc.gif
  • Options
    Brodo FagginsBrodo Faggins Registered User regular
    edited September 2009
    He's not computer literate now, doing this will ensure he is in a few months.

    Brodo Faggins on
    9PZnq.png
  • Options
    travathiantravathian Registered User regular
    edited September 2009
    Ms SteadyState will do what you want, with the added bonus that if he borks up the computer some how, you just roll it back.

    travathian on
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited September 2009
    elliotw2 wrote: »
    clsCorwin wrote: »
    My son is 10 and not very computer literate. Hes never had his own computer before, and I've been very wary of him using mine because of a fear of him breaking it.

    I don't need anything crazy, but something that would prevent him from logging in after 9pm each night would be nice, and something akin to netnanny.

    I want him to be able to learn and do cool stuff, I just don't want him up all hours of the night and stumbling across porn.

    If that's all you need, you should be able to punch the computer's MAC address/IP into your router and set it up to only allow connections from x AM to x PM

    This is one of the better, low-maintenance ideas. I wouldn't worry about locking the computer itself down too much, and instead put it in a public place where you can monitor its use. This worked reasonably well on me when I was a kid. Sadly, I think you need XP Pro to enable remote desktop connections.

    But basically, if it's his computer, don't worry about preventing him from breaking it. Let him break it. It's the best way to learn. Just be standing by with the system disk to reformat if need be :)Edit: Oh okay, I see, you obviously bought him his own specifically for this purpose. Nevermind me.

    (Also, make sure it and any other computers on the network are secure against viruses.)

    LoneIgadzra on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited September 2009
    He's not computer literate now, doing this will ensure he is in a few months.

    Thats kinda the point.

    clsCorwin on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited September 2009
    And also while I'm here, what are some good free games that I could get for him?

    clsCorwin on
  • Options
    Roland_tHTGRoland_tHTG Registered User regular
    edited September 2009
    There are tons of children friendly flash games out there.

    Install adblock and put shortcuts on the desktop that send him to some kids sites of your choosing.

    The places that have links to other places are what you would want to watch for.

    Roland_tHTG on
  • Options
    LoneIgadzraLoneIgadzra Registered User regular
    edited September 2009
    pshaw, nevermind this flash bullshit, when I was a kid I played Angband

    (Actually, come to think of it, the content of that game probably wasn't very kid friendly, once I finally got to it after poring over the manual for months. The town lets you kill all manner of innocent townsfolk, and some of them are a real pain in the ass, which just encourages you.)

    LoneIgadzra on
  • Options
    DaedalusDaedalus Registered User regular
    edited September 2009
    Quake Live is open to everyone now, right? That's free.

    Daedalus on
  • Options
    elliotw2elliotw2 Registered User regular
    edited September 2009
    elliotw2 wrote: »
    clsCorwin wrote: »
    My son is 10 and not very computer literate. Hes never had his own computer before, and I've been very wary of him using mine because of a fear of him breaking it.

    I don't need anything crazy, but something that would prevent him from logging in after 9pm each night would be nice, and something akin to netnanny.

    I want him to be able to learn and do cool stuff, I just don't want him up all hours of the night and stumbling across porn.

    If that's all you need, you should be able to punch the computer's MAC address/IP into your router and set it up to only allow connections from x AM to x PM

    This is one of the better, low-maintenance ideas. I wouldn't worry about locking the computer itself down too much, and instead put it in a public place where you can monitor its use. This worked reasonably well on me when I was a kid. Sadly, I think you need XP Pro to enable remote desktop connections.

    But basically, if it's his computer, don't worry about preventing him from breaking it. Let him break it. It's the best way to learn. Just be standing by with the system disk to reformat if need be :)Edit: Oh okay, I see, you obviously bought him his own specifically for this purpose. Nevermind me.

    (Also, make sure it and any other computers on the network are secure against viruses.)

    You really don't need Pro, you can use a VNC app, or the remote assistance thing that comes with XP instead

    elliotw2 on
    camo_sig2.pngXBL:Elliotw3|PSN:elliotw2
  • Options
    Roland_tHTGRoland_tHTG Registered User regular
    edited September 2009
    Daedalus wrote: »
    Quake Live is open to everyone now, right? That's free.

    Almost nothing that has unknown humans on the other end of the line is kid friendly, unless there is nothing but predefined communication.

    Roland_tHTG on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited September 2009
    Right now I want to keep him away from FPS type games, hes just not mature enough to really handle that yet. I'm going to install Moonbase Commander and Starcraft (since I already own these) and see how much he likes strategy games. He really likes Pokemon and some harder RPGs, just not sure what he'd be into on PC.

    clsCorwin on
  • Options
    powersurgepowersurge Registered User regular
    edited September 2009
    Pretty much anything from popcap would work. Also www.tetrisfriends.com has a bunch of free versions of tetirs to play.

    powersurge on
  • Options
    ArcSynArcSyn Registered User regular
    edited September 2009
    As someone who was under this restriction, and sufficiently bypassed it when I was a kid (though it's gotten MUCH more advanced now), the biggest thing to do is sit down and talk about it. Going "behind their back" and installing it and waiting for them to find out they are restricted is the worst thing to do. If you set up restrictions verbally, and let them know that you are putting this on the computer (and from what I can see, Net Nanny or Safe Eyes are the two best internet/computer filtering/protection programs) and what restrictions you are setting.

    Communicating is very effective, as it lets them know why and what is being restricted, and what you expect from them. Also it allows you to stress what you are looking to get from it (if the emphasis is on time restrictions - no computer after bedtime - or computer protection - like blocking malware or false links that would lead to virus prone sites - etc) and not that you don't trust them, but you want to be a good parent.

    The fact you are even getting a computer for them should be incentive enough to follow some rules, as I know I would have been thrilled to have my own computer I didn't have to share time on. So you can also remind that this is a privilege to have his own computer, rather than have to share the family PC.

    Here's a decent review of Net Nanny and Safe Eyes, as they do more than just internet filtering.

    ArcSyn on
    4dm3dwuxq302.png
  • Options
    KistraKistra Registered User regular
    edited September 2009
    I'm going to agree with everybody else: Talking to your son is the most important part.

    When my mom tried to put parental controls on my computer account I promptly took them off and put them on hers. It would have never crossed my mind to do that to my father, but he also wouldn't have done something like that without sitting down and explaining why and honestly listening to any complaints we had. Also you should probably get something pretty customisable and get familiar with it. If he has reasonable websites he wants to visit you should be able to whitelist them quickly or allow a special one night late night game party or other things like that.

    Kistra on
    Animal Crossing: City Folk Lissa in Filmore 3179-9580-0076
  • Options
    clsCorwinclsCorwin Registered User regular
    edited September 2009
    Oh, don't get me wrong here, I'm not just doing it and not saying anything about it.

    My step-son has had very limited exposure to computers, outside of occasionally playing some flash games or looking up action replay codes. I want him to be able to look up stuff hes interested in and be able to play games at times too, but, he has a bad habit of doing what he wants to do, when it comes to playing video games. We already have a no games past 8pm rule, and thats about when hes getting ready for bed anyways, so adding that block to the router isn't anything new, its just making sure he stays within rules we've established.

    And yes, exceptions can be made for partys, weekends, etc.

    And I don't want him to run across any malware or porn either, he doesn't need to worry about that yet.

    clsCorwin on
  • Options
    ArcSynArcSyn Registered User regular
    edited September 2009
    That's good. There are just some people who come and ask for stuff like this and want to "teach them a lesson!" by locking down the system and essentially be a jerk about it, so we just want to make sure that you were doing better by communicating. So it's good to hear that.

    Plus, I think many of us suffered from parents who didn't quite grasp the concept of parenting and computers, so they just did stuff without talking about it and instead just made us try to bypass it the first time we run into it.

    ArcSyn on
    4dm3dwuxq302.png
  • Options
    AntithesisAntithesis Registered User regular
    edited September 2009
    Deep Freeze is a possibility if you're looking to avoid damage to the computer, though it'd definitely be overkill if your son ever wanted to install anything (and he probably will).

    Antithesis on
  • Options
    logic7logic7 Registered User regular
    edited September 2009
    here's how I do it:

    my kids have a restricted "User" account on their machines (each one has their own PC). I use the Content Filter in IE to restrict their access to questionable websites and add new ones to it periodically. The password is 11 characters long and is completely random (I use a password generator for it) and I keep a copy of it and all other passwords in an mcrypt password protected text file stored in an encFS encrypted partition on my linux box.

    anyways...

    Their accounts have a password I set, and they're not allowed to change it (restricted in Windows). Further, their machines are also on an AD domain, which allows me to monitor files on their machines by going directly to the administrative share on their machines and browsing.

    I also have VNC installed as a service that they cannot disable or change the password on (as if they even knew what it was). I have the VNC Viewer installed on my PC and set up so that I can see what they're doing but cannot interact with their machine. This way I can watch them without their knowledge.

    It works, and no one has been able to get past it yet, nor has any of their friends.

    logic7 on
  • Options
    DiannaoChongDiannaoChong Registered User regular
    edited September 2009
    to be honest we played doom and wolfenstien when we were kids at 10 on up. Quake live dosent actually have any gore in it anymore. if you dont mind online strangers then on a personal level, i wouldnt see it as a huge issue. Theres also battlefield heroes, but i dare say the community is fucktarded there, becuase they know kids are playing and they want to fuck with them.

    Theres a pretty thorough free games thread here too. I am not good on ratings though in my head, but cavestory? Want him to murder you in your sleep? Give him i want to be the guy. or nethack.

    A small investment in a steam sale will keep him going for a long time, with games like plants vs zombies,bookworm/adventures etc. Itill also give him a safe place to get demos from.

    Good luck to you, I question my ability to parent when I think about my time on the internet as a child. He is going to totally go straight for the pr0n all the time. The best advice for you as a parent and worse for the kid, is keep the computer in a high traffic area where everyone can see him on it. And dear god dont get your kid a webcam, nothing positive will ever come from it.

    DiannaoChong on
    steam_sig.png
  • Options
    ImpersonatorImpersonator Registered User regular
    edited September 2009
    logic7 wrote: »
    here's how I do it:

    my kids have a restricted "User" account on their machines (each one has their own PC). I use the Content Filter in IE to restrict their access to questionable websites and add new ones to it periodically. The password is 11 characters long and is completely random (I use a password generator for it) and I keep a copy of it and all other passwords in an mcrypt password protected text file stored in an encFS encrypted partition on my linux box.

    anyways...

    Their accounts have a password I set, and they're not allowed to change it (restricted in Windows). Further, their machines are also on an AD domain, which allows me to monitor files on their machines by going directly to the administrative share on their machines and browsing.

    I also have VNC installed as a service that they cannot disable or change the password on (as if they even knew what it was). I have the VNC Viewer installed on my PC and set up so that I can see what they're doing but cannot interact with their machine. This way I can watch them without their knowledge.

    It works, and no one has been able to get past it yet, nor has any of their friends.

    o_O

    I'm sure your kids love having you as their father!

    Impersonator on
  • Options
    TrentusTrentus Registered User regular
    edited September 2009
    clsCorwin wrote: »
    Also, a time based login restriction would be super.

    My sister asked me to set up an old laptop for her little boy, and while it wasn't asked for, I know this'll come up. So while looking into it I found that you can implement this with the net user command.

    So, jump into the command prompt. If you want to bring up a list of users just use the net user command without any arguments. We'll use the account name "sonnyjim" for this example. To add the time restriction we'll be using the /time option. A few things about this. Day abbreviations are expressed as M, T, W, Th, F, Sa and Su. It'll only accept whole hours, so unfortunately you can't set a restriction for 9:30 or something. Time can be expressed as either 24 or 12 hour (remember to specify am or pm for 12 hour).

    Alright. So, the syntax is net user accountname /time:day,time-range
    We can string more rules onto the end by adding a semicolon and then the next rule.

    So, if I wanted to allow sonnyjim use of the computer between 7am and 9pm on weekdays, and be a little more lenient on the weekend, lets say 6am to 11pm, we would use something that looks like this:
    net user sonnyjim /time:M-F,7:00-21:00;Sa-Su,6:00-23:00

    You can fiddle around with that to your heart's content. To remove any restrictions use net user sonnyjim /time:all
    If you want to have a look at the restrictions you have in place, you can just use net user sonnyjim

    Now, here's where this falls down. If they are logged in, and they exceed their allocated time, nothing happens. You can use net accounts /forcelogoff:0 to log them off as soon as they've hit the restriction, but this sucks. If they're working on something they'll lose it without any warning. So instead I'd schedule a task to run at the end of the restricted time to log the machine out (using the shutdown -l -t 300 command, where -t is the timeout in seconds). They'll get a dialogue box notifying them of the impending logout and should have enough time to save their work.

    It's kind of a crappy solution and it's a bitch if you need to make changes to it, but I can't seem to find a free product to do the same (if anyone does know one, do let us know).

    Trentus on
  • Options
    clsCorwinclsCorwin Registered User regular
    edited September 2009
    Thats pretty handy, but I think I'm good with just restricting internet for a range of time.

    clsCorwin on
  • Options
    tsmvengytsmvengy Registered User regular
    edited September 2009
    logic7 wrote: »
    here's how I do it:

    my kids have a restricted "User" account on their machines (each one has their own PC). I use the Content Filter in IE to restrict their access to questionable websites and add new ones to it periodically. The password is 11 characters long and is completely random (I use a password generator for it) and I keep a copy of it and all other passwords in an mcrypt password protected text file stored in an encFS encrypted partition on my linux box.

    anyways...

    Their accounts have a password I set, and they're not allowed to change it (restricted in Windows). Further, their machines are also on an AD domain, which allows me to monitor files on their machines by going directly to the administrative share on their machines and browsing.

    I also have VNC installed as a service that they cannot disable or change the password on (as if they even knew what it was). I have the VNC Viewer installed on my PC and set up so that I can see what they're doing but cannot interact with their machine. This way I can watch them without their knowledge.

    It works, and no one has been able to get past it yet, nor has any of their friends.

    o_O

    I'm sure your kids love having you as their father!

    Seriously, the spying on your kids with VNC? Weird.

    Just put the computer in a public space where you can walk by at any time.

    tsmvengy on
    steam_sig.png
  • Options
    MoioinkMoioink Registered User regular
    edited September 2009
    Just my two pence but if you're doing a good job bringing up your child you don't need to worry about them looking up horse rape snuff murder porn nor about pedophiles groping them through the monitor (insert Brasseye clip here). I think monitoring everything your child does on a computer is a bit creepy and overbearing. If you want to set time limits you can do that the old fashioned way using a watch or the timer on the oven.

    I guess this is easy for me to say because I am not a parent but playing Quake at your son's age didn't do me any harm nor did the copious amounts of porn my brother downloaded as a teen (people masturbate including your spawn, news at 11).

    Moioink on
Sign In or Register to comment.