Parental Controls in a Lab Setting w/ OS X 10.5.1 Leopard
Over the past two weeks, we installed brand new Mac Pros in the Computer Lab on my college campus. These Mac Pros are running OS X 10.5.1 Leopard. Things went unusually smooth in the transition from PowerMac G5. That is, until we let the Mac Pros loose into the wild.
The purpose of using Parental Controls in a Lab Setting would be to limit Administration of Printers, changing of the User Password, modification of the Dock. Limiting website access doesn’t seem worthwhile in a lab. But to our dismay, even with Parental Controls set to Allow unrestricted access to websites, Firefox and Safari both tripped the censors and blocked certain websites. This is probably a bug in Parental Controls that Apple, Inc. will hopefully address in OS X 10.5.2 Leopard. With Parental Controls going haywire, we were forced to shut it off completely.
But now students have the ability to change the Dock, even modify the password. So I wanted to turn to a few third party applications that do the same job. I found that an Application called Deeper by Titanium Software will Lock the Dock. I hid Deeper, so students won’t mess with it. But I have not found a solution for disallowing the User to change the Password. I suppose if anyone gets to that point, I could easily change the password back using the Leopard Install Disk. But for now the Dock can stay like it is…
Any other Lab Managers experiencing the same problems and have some solutions? Anyone else having problems with Parental Controls in OS X Leopard? Post a comment below.
What did you learn in this post?
Or did it leave you with further questions?
Comment here to Ask Steve Blue!
Written by Steve Blue
steveblue@iuseapple.com
Bill Freese
Steve,
We have the solution. You have to select “Try to limit access to adult websites automatically”. Then select “Allow unrestricted access to websites” again. That solved the problem for us. It seems the default choice shown in the Parental Control control panel and the default behavior do not match. Making the choice made the change.
Jan 22nd, 2008 3:47 pm
steveblue
Thanks Bill! Sounds like good advice until Apple makes a fix. I will try this in our lab this week!
Jan 26th, 2008 9:58 am
Paul Sparrow
Same problem here, student lab just set up with Leopard and on turning on Parental controls it blocks ALL web access! fix from Bill Freese NOT a fix for us!
Feb 1st, 2008 1:36 am
Steve Giessler
In the Mac labs that I manage at West Virginia University, I don’t use parental controls. Instead, I lock the dock with Onyx - a free utility made by the same folks that make Deeper (Titanium Software). We just have the machines logging in automatically with a non privileged account so they can’t delete apps, etc. I wrote a very simple shell script to automatically replace the home directory of the default user on every shutdown (or restart). This way, the next time the user turns on a machine to use it, a perfect original copy of the default user’s home directory is restored - background settings, screen saver, default web page, etc are all back to pristine defaults. This is a nice setup, because the users can mess it up all they want and then you just reboot the machine and you’re back to normal. The script also saves files saved in the account to a folder for one subsequent boot so no one loses any files that they may have saved locally.
Here is the script that runs on every shutdown (or restart):
#!/bin/sh
rm -rf /Users/user.bak
mv /Users/user Users/user/bak
tar -C /Users -xf /Users/user.tar
This script is for a default user named “user.” You have to make a “user.tar” file of your pristine directory there in order this to work (tar cfp /Users/user.tar /Users/user). Be sure permissions are chmod 700 and owned by root for this script. Lastly, create a shutdown script in your /Library/StartupItems folder which will activate the above script on Shutdown, be sure permissions are correct for this and you’re done!
If you’re not comfortable with the Unix command line and shell scripting, alternatively you can buy a commercial product that does the same thing as the scripts (and much more): It is called Deep Freeze - get it here:
http://www.faronics.com/html/DFMac.asp
I’m not sure why folks above are concerned about users changing the password. They have to know the current password before they can change it right? So it shouldn’t be a problem - just don’t tell anyone the default user password. We have an admin account on our machines that we give to certain individuals who need to be able to install software, etc. Mike Bombich’s Netrestore is awesome for managing Mac labs though he needs to update it for Leopard (still works with Leopard but with some limitations). And with Apple Remote Desktop you can really have nice control of your Mac labs!
Hope this helps some of my fellow Macintosh Lab managers out there!
Blessings,
Steve
Feb 8th, 2008 8:54 am
Steve Giessler
I forgot to mention - if you aren’t going to give out the user password, the account will need to login automatically on bootup. And if someone happens to log off (I almost never see this), they can just restart the machine to get back in again. You can also set your Macs to auto shutdown every night at a certain time (4am might be good) to ensure a fresh pristine environment on the next boot. And I encourage folks to use a flash drive or network space to save their files so they don’t lose any of their work (never expect important work to remain on a public lab machine). With this setup, files are gone after 2 reboots.
Steve
Feb 8th, 2008 9:04 am
Greg
This might be a few weeks late - but Try deep freeze & another product they have called Anti-executable. Even if the change the dock and change the passwords all day - the reset of the machines will reset all the changes.
Mar 22nd, 2008 12:31 pm