The Windows Vista Parental Controls – included in Windows Vista editions Home Basic, Home Premium, Starter and Ultimate, and part of Microsoft's Family Safety efforts – allow parents and guardians to protect kids against the big bad Word Wide Web and inappropriate content. Parental Controls settings are configured per user, and only by administrators, and only for standard users. Standard users can read the settings but cannot change them. The Parental Controls panel can be reached through the User Accounts and Family Safety Control Panel applet, and provides access to the following User Controls after you selected a user.
By default, Parental Controls are turned off. When you enable it, you can configure restrictions for the selected user through the following sections:
- Windows Vista Web Filter
- Time Limits
- Allow and block specific programs
Each of the sections is covered below in more detail. Although the Parental Controls are designed for home users, besides controlling Internet access for kids, it can be useful for Windows Vista clients that are not joined to a domain. For example, you could use it to restrict Internet access on a computer in a canteen, or on a kiosk in public waiting rooms. In Windows domain environments Parental Controls are not available, you should use Group Policy settings instead for more granular restrictions.
Windows Vista Web Filter
The Windows Vista Web Filter allows you to filter web content for a particular user. You can do this by allowing/blocking specific websites based on the URL, selecting or configuring restrictions based on content, and blocking file downloads.
By default, web filtering is disabled. You can enable it by selecting Yes below the question “Do you want to block some web content?” Once enabled, you can allow or block specific sites entirely, or you can filter web content based on predefined restriction levels or custom restrictions based on categories.
The Highest Restrictions will block all sites that aren’t explicitly allowed in the Control specific websites section. The High Restriction level below it additionally allows websites that are rated suitable for Kids. The Medium Restriction and Low Restriction level make use of a predefined selection of the content categories. When you choose Custom, you can select your own combination of content categories you want to block. Additionally, you choose to block websites that Parental Controls cannot rate.
Last but not least, you can block file downloads entirely.
When the Windows Vista Web Filter block a website, he or she can request permission from a user with an administrator account, which will have to enter the password to give the user access. The admin can then choose to make it a one-time exception or allow access to the website for future sessions as well by adding it to the Allow list.
Time Restrictions are pretty much self-explanatory, the red squares represent the hours of the week in which access to the computer is blocked, and the remaining white area(s) represents the hours the users can log on to the computer. You can simply click on or drag over hours you want to block, or allow if already blocked.
When a user attempts to logon during a ‘blocked hour’, he or she will receive the following message: “Your account has time restrictions that prevent you from logging on at this time. Please try again later.” 15 minutes and 1 minute before the end of an approved period, Windows Vista will notify the user their allowed time is about to expire. If the user doesn’t log off before the end, Windows Vista will show the logon box (allow another user to log on if any) and save the user’s session so it can be continued later on when the user is allowed to log on again.
The Game Controls allow you to restrict access to games entirely, by ratings, or by specifically blocking or allowing specific games. To deny playing games entirely for the user, you can select No as depicted on the right.
Blocking games by rating and content types gives you extensive control about with games or blocked or allowed. In addition to thousands of built-in pre-rated game titles, an external rating system can be used. By default in the US, the latter is connected to the Entertainment Software Rating Board (ESRB) rating system.
Besides these rather dynamic restrictions, you can allow or block specific games by selecting them from a list of known installed games or by specifying the startup executable for the game. When a user tries to start a blocked game, an admin can make an exception by entering the password of an administrator account.
Allow and block specific programs
The Application Restrictions that enable you to allow and block specific programs. You can allow the user to use all programs or only the ones specified in the list. You can add additional programs by browsing for and selecting the corresponding executables. If application restrictions are turned on, the RunAs command will not work. Just as with Game Controls and the Windows Vista Web Filter, an administrator can grant access as an exception when a user attempts to start a blocked application.
Activity Reporting is available from the main screen of the Parental Controls for a user (as depicted in the first screen shot above) and disabled by default. As with any other type of Access Controls, it is imperative to check log/audit files frequently to determine whether the configured Parental Controls are effective and/ or need further configuration. Once enabled Windows Vista will also occasionally popup a reminder on the system tray of the task bar when an administrator logs on.
The reporting functionality depends on the new Windows Event Logging functionality in Windows Vista. Activity events are also stored in the Application log and accessible through the new and improved Event Viewer. The image on the right show the different categories that each can contain detailed information about the user’s activity on the computer. Including which websites were accessed or blocked, applications and games that were used, but also activity not controlled by Parental Controls like changes to systems settings, failed logon attempts, and email activity for example. You can also generate a report and save it to a HTML file.