The 450 Error

Windows Parental Controls also supports Web restrictions and is TCP port agnostic. WPC does not just monitor port 80, the technology monitors HTTP traffic at the WinSock layer to determine whether the Web site should be blocked or allowed. Web blocking is not all or nothing; a Web site could render correctly except for perhaps one JPG file that comes from a blocked Web site.

WPC issues a 450 “Blocked by Parental Controls” error to browser and browser-like software if it determines the site should be blocked, so your application might need to special-case the 450 error.

Detecting Whether “Block file downloads” Is Enabled

If your application is a Web browser, or has browser-like functionality, you should leverage the “Block file downloads” option in WPC by using the following code to determine if file downloads are blocked or not.

 DWORD dwRestrictions = 0; hr = piWPCUserSettings->GetRestrictions(&dwRestrictions); if (SUCCEEDED(hr)) {    if (dwRestrictions & WPCFLAG_WEB_SETTING_DOWNLOADSBLOCKED)       wprintf(L"Downloads restrictions\n"); }

Note that other restrictions include blocking certain games (WPCFLAG_GAMES_BLOCKED) and applications (WPCFLAG_APPS_RESTRICTED).

Turning Off Filtering for Your Application or URL

Be careful here, but if you think WPC should not block requests by your application or certain URLs should not be blocked, then you can use the WPC WMI interface to add your application or URLs to the “don’t block” list:

 try {     const string property = @"HTTPExemptionList";     ManagementObject setting = new ManagementObject(        @"root\CIMV2\Applications\WindowsParentalControls",        "WpcSystemSettings=@",        new ObjectGetOptions());        // get list of current exemptions        string[] exemptions = (string[])setting[property];        List<string> lst = new List<string>();        lst.AddRange(exemptions);        // add our app to the list        lst.Add(@"c:\MyCode\myapp.exe");        exemptions = lst.GetRange(0, lst.Count).ToArray();        // save the updated exemption list        setting[property] = exemptions;        setting.Put();     }    catch (ManagementException e)    {        // This is a version of Windows Vista that does not have        // Parental Controls, or you are not an admin        System.Console.WriteLine(e.ToString());      }

Note that this code must run with full administrator privileges to add an exemption. Also note the WMI object used is unfortunately named HTTPExemptionList; take our word for it that this is the object that holds a list of exempted applications! If you want to add a URL to the list, then use the URLExemptionList object. If you look at the WPC WMI schema, you’ll notice two other similarly named classes: WinHTTPExemptionList and WinURLExemptionList. These are read-only lists of exemptions that apply to all users.

Logging Events

Microsoft cannot make computers safer to use online alone; we need the help of Independent Software Vendors (ISVs) too. One way you can help is by logging “interesting online events” in the WPC activity reports. For example, if you build some form of instant messaging system, you should log the time and date of the communication, as well as the IP address or DNS name of the remote computer. David Bennett of the Parental Controls team at Microsoft has a good logging code sample on his blog (Bennett 2006).