Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Lockdown Windows OS for children

Posted on 2009-05-03
11
Medium Priority
?
741 Views
Last Modified: 2013-12-04
Hello
I am new for Windows 2003 Active Directory GPO - I understand its concepts for business use but would like to know if anyone has created a GPO for home use? I am particularly interested in protecting laptops in the home for use by children and making them safe for internet/general browsing. I use opendns for controlling the parental use policy but I need an understanding of the types of settings i should shut off so that no unwanted access is granted to the home network.

Thanks

0
Comment
Question by:djpatrick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 100 total points
ID: 24291326
I haven't used GPOs for kids on a home PC but I have helped a friend with a small business setup some machines as kiosks and for that I've used Windows steady state
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
It was pretty good and we haven't had issues so far.
As far as kids and controlling browsing, what I'd probably look into first (instead of GPOs) are some of the third party software apps out there.
Net Nanny is a well known one that gets good reviews but there are others too.  Here are some:
http://www.pcmag.com/category2/0,2806,1639158,00.asp
Thanks
Mike
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 24291503
djpatrick--Windows offers IE Tools|Internet Options|Content tab|Content Advisor.
If you want to lock down all but a few specific sites
http://www.boutell.com/newfaq/browser/restrictie.html
http://ask.metafilter.com/20098/Block-All-But-A-Handful-Of-Websites
Concerning using GPO
http://geekinparadise.com/2008/01/12/block-internet-access-for-specific-user-using-group-policy/
0
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 24292157
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 23

Expert Comment

by:Danny Child
ID: 24292943
I had NetNanny for my kids pc, but it didn't seem to be a product that was going anywhere, so I moved to Cyber Patrol.

But, for Steady State, here's a good How-To:
http://lifehacker.com/397786/kid+proof-your-pc-with-steadystate
and
a toddler alternative:
http://lifehacker.com/395647/baby-smash-kid+proofs-your-computer
 - also see the comments for other versions
0
 
LVL 7

Expert Comment

by:sfarazmand
ID: 24297627
You may also want to check with your ISP, most of them have free tools and education they provide to their customers.  http://www.cox.com/TakeCharge/includes/docs/take_charge.pdf

You can use the local security settings to restrict log on and times as well as restrict sites. The only problem is how to restrict and what to restrict. Using a 3rd party tool will let you restrict what you want as well as let you monitor exactly what is said and when. What they log into (facebook, myspace), what was said and what passwords are used.
0
 
LVL 1

Expert Comment

by:jruocco_1
ID: 24301489
Buy a Terminal/Thin Client.

Create a mandatory user profile - this will not save any changes made to the system.

GPO can disable certain things - properties on taksbar of desktop for example can be disabled.
0
 
LVL 7

Expert Comment

by:sfarazmand
ID: 24303741
jruocco_1 I think that's going a little to far price wise. This is a father looking for simple way to protect his kids.  

djpatrick check the link I sent you. it will give you some ideas on what you can do.
0
 

Author Comment

by:djpatrick
ID: 24306438
Thanks to everyone for your replies

I like the idea of Windows Steady State and I had a quick look at it on my vm. In response to this - can SteadyState settings be controlled through GPO, e.g. are there extensions which you can import to enable policy enforcement?

I also like the concepts behind McAfee antivirus but need to be able to control those settings centrally - is there a version which supports settings via a server? Without paying through the nose - I know there are business class policy servers but this is for a small home network

I realise these things may be overkill for a small network but I'm amazed at how quickly my family is picking up the use of a PC/internet browsing. It's a sign of the times that the traditional reading, writing and arithmetic is being replaced by Reading, Arithmetic & IT in the school curriculum for children aged 4-5 and over!

Thanks again
0
 
LVL 1

Expert Comment

by:jruocco_1
ID: 24309600
For controlling browsing you can ban certain IP address and websites from being accessed using your router.
0
 
LVL 7

Assisted Solution

by:sfarazmand
sfarazmand earned 100 total points
ID: 24441344
djpatrick,
McAfee has McAfee EOP which is a server based AV that let's you control settings.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question