Windows

Question

Gravatar
Locked

Win7 Parental Controls

By ACGPHX ·
I guess it happens to everyone in IT at one time or another. I was asked to lockdown a single user profile on a stand aline WIN7 Home Premium box for a friend to prevent her 15 year old son from using IM to sex chat with people.

I enabled Win7 Parental controls.

Removed access to MSN Messenger and yahoo Messenger.

I setup time restrictions which would prevent him from getting up after she went to bed and playing online.

I removed the teens password.

I ensured that my friends account was password protected and that she was the only administrative account on that box.

Two days went by before I checked in on the system. Somehow this kid managed to disable parental controls and regained access to everthing I restricted. Without administrative access I'm not sure how he managed to pull this off.

Are MS Prental Controls that weak that the user its supposed to be limiting is able to un-do it? Could this kid have guessed his mom's password or maybe his sisters passward (standard user) and shut off the restrictions? Could he somehow have restored the system to undo the parental controls?

This is really ticking me off...I can't believe that MS would promote these tools if they were so easy to get around. Any insights, and advice, would be appreciated.

This conversation is currently closed to new comments.

24 total posts (Page 1 of 3)   01 | 02 | 03   Next
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Answers

gravatar
Collapse -

"Somehow this kid..."

by santeewelding In reply to Win7 Parental Controls

Despite you, mom, or Microsoft, I'm betting that fifteen and hormones will overcome you all, every time.

gravatar
Collapse -

thanks?

by ACGPHX In reply to "Somehow this kid..."

While I appreciate your response and even agree with it to some degree, I don't believe it helps work toward an answer.

gravatar
Collapse -

Loosen up

by santeewelding In reply to thanks?

Obviously, by your own testimony, straight-lace don't work.

gravatar
Collapse -

perhaps

by ACGPHX In reply to Loosen up

I'm not here for moral advice, simple recommendation based on professional experience. Stating the obvious (where there's a will....) isn't constructive and didn't advance the information request.

Regardless, she asked for help I responded. How she wants her "laces" is entirely her business. As a friend all I could do is help. I was simply wondering just how inept MS parental controls actually are AND thought to seek an answer in this diverse community of IT pro's.

gravatar
Collapse -

Never underestimate your opponent

by robo_dev In reply to "Somehow this kid..."

Seriously, I've seen seven-year old kids figure out how to bypass security controls in literally minutes.

You must NEVER write down your passwords, NEVER use the same password for multiple devices, and change your admin passwords often.

And watch out for 'shoulder surfing', as some of these miscreants have excellent vision and memory...two things us old fogeys lost long ago.

gravatar
Collapse -

Several approaches

by robo_dev In reply to Win7 Parental Controls

Client Software:
1) There is a free app called K9 from BlueCoat. Very powerful app that so far has not been hacked by the end user an installation I have done of the app.
http://www1.k9webprotection.com/

Proxy Server:
A more sophisticated approach is to deploy a proxy server and/or segment the LAN into grown-up and kids network.

I use a proxy called AllegroSurf from RhinoSoft. This allows complete control, either blacklists/whitelists of web content, as well as automatic category filtering. It also allows granular control of individual ports/services (e.g. IM, MS-Messenger, etc.). AllegroSurf costs around $40/user, and you need an extra PC to run it.
http://www.allegrosurf.com/

I run this on a separate network segment, so there is no way around the proxy, period. The proxy is the gateway to the Internet. I also have a firewall between the kids and adults network as some Nintendo devices do not play well with proxy servers.

An alternate proxy is Untangle. This is an open-source app that's free. I have not used it, but it looks very powerful.
http://www.untangle.com/

gravatar
Collapse -

MS

by ACGPHX In reply to Several approaches

In your experience id MS parental controls just that weak? How, without the admin password or administrative authority, did he manage to get around parental controls?

gravatar
Collapse -

Since the forum rules don't allow us to talk about how to hack things

by robo_dev In reply to MS

Let's just say that there are lots of "local privilege escalation exploits" that kids all seem to know about.

For starters, many people install a new Windows PC and leave the admin password blank. I will also hint that the Windows task scheduler runs with system-level access for many versions of Windows, and that I've never seen a group policy that a good VBScript could not bypass.

Even if components of the OS are removed, a clever youth can re-download those from the Internet. And I won't even mention what can be done with a bootable CD or jump drive running an alternate OS...the word 'owned' comes to mind. :)

A fatal security flaw is to use the same password for many different things, and if the child knows that, it makes it much easier to guess or discover the admin password.

gravatar
Collapse -

appreciated

by ACGPHX In reply to Since the forum rules don ...

Weird, I never had to lock down a stand alone system. I'm amazed MS can pitch this parental control to parents then have it so easily infultrated.

Appreciated.

gravatar
Collapse -

Probably knew her password

by TobiF In reply to Win7 Parental Controls

I think he has known her password all the time. And then it's just a quick session to do the settings.
Or he could have changed while she went to cook some tea.

Back to Windows Forum
24 total posts (Page 1 of 3)   01 | 02 | 03   Next

Start or search

Related Discussions

Related Forums