Section 120. Restrict Another User s Capabilities (Parental Controls)


120. Restrict Another User 's Capabilities ( Parental Controls)

BEFORE YOU BEGIN

117 About Administrative Responsibilities

119 Grant Admin Capabilities to Another User


SEE ALSO

122 Delete a User


Under some circumstances, you might want to configure a user account to have even more than the standard limitations on what can be done with the computer. For instance, you might have your Mac acting as a public computer for a classroom of unruly kids . In such a case, you might want to restrict them to pick from only a few approved applications, or to prevent them from downloading hundreds of MP3 files to fill up your disk. Mac OS X lets you apply these kinds of parental-control limitations to specific users. You can also require any user to use the Simple Finder, a simplified version of the Finder that uses large icons and single clicks to make the system more accessible to younger (or vision-impaired) computer users.

NOTE

You must be logged in as an Admin user, or able to authenticate as one using the lock icon in the Accounts Preferences , to restrict another user's capabilities. Also, you cannot perform this operation on a user that is currently logged in. The user must log out first.


1.
Open the Accounts Preferences

Open the System Preferences application (under the Apple menu); click Accounts to open the Accounts Preferences pane.

2.
Select the User to Restrict

From the list of users on the left, select the user whose privileges you want to modify. Then click the Parental Controls tab to reveal the various options for restricting the user's privileges.

120. Restrict Another User's Capabilities (Parental Controls)


NOTE

You cannot restrict the privileges of an Admin user; only standard users have an active Parental Controls tab.

3.
Configure Usage Limitations

Enable parental controls for one of the areas of the system ( Mail, Finder & System, iChat, Safari , or Dictionary ) by selecting the check box next to it. Until the check box is selected, that area of the system is unrestricted to the user. After the check box is selected, however, each of these applications becomes configurable in several areas. For example, Mail and iChat can be restricted by only allowing the user to communicate with certain approved partners , defined by adding them one-by-one to an approved list. The Finder & System area has many configurable options, as discussed in the next step. The Dictionary application can be restricted so that it doesn't show any dirty words. (Technology might change, but kids never do )

Open an application's configurable restrictions by clicking the Configure button next to it.

CAUTION

Be aware that if you restrict a user's iChat communications or Safari browsing, the user will still be able to communicate or browse using other similar applications (such as ICQ or Camino). If you take the trouble to set up approved iChat partner lists and Safari browsing locations, be sure to disallow access to other kinds of communication applications, as shown in step 4.

4.
Specify Permitted Applications

In the configuration sheet for Finder & System , select the This user can only use these applications check box if you want to allow the user to be able to use only those applications you define. All the applications installed in the system are organized in this box; you can open one of the collections ( Applications , Utilities , and so on) to enable only certain applications, or you can use the check boxes to enable or disable whole collections of applications. By default, for example, all applications in the Applications collection (which corresponds to the global Applications folder) are enabled for the user, but Utilities and the other collections are disabled.

NOTE

If you restrict which applications a user can run or otherwise limit her capabilities with the Some Limits option, the user's status changes from Standard to Managed . If you don't permit a user to open all System Preferences panes, the user will not be able to change her password (because the user has to access the Accounts Preferences pane to change a password), and the Change password check box is grayed out. A user who is restricted in this way can open only those Preference panes that manage how her own login experience behaves, not any of the panes that affect the system.

If a Managed user tries to run an application that you haven't designated as an allowed application for the user, a dialog box informs her that she doesn't have permission to run it.

5.
Restrict the User to the Simple Finder

The Simple Finder option is a heavily restricted user mode you can use to give certain users a very simplified, easy-to-use view of the system. It's especially tailored for younger users. When a Simplified user (one configured to use the Simple Finder) logs in, only the applications you administratively specify are available. When the user clicks the My Applications folder icon in the limited Dock, the applications are presented in a large window in the middle of the screen. The only other Dock items are the Documents and Shared folders in which the user can save files. Applications can save files to other folders, but the Simplified user won't be able to access them.

Effectively, a Simplified user can run only the applications you specify, save documents only in the Documents and Shared folders, and log out.

Click OK to commit the changes to the restrictions on the user.

6.
Log In As the Restricted User to Define Allowed Safari Bookmarks

Perhaps the most obvious area of need for parental controls is the Web. The way Mac OS X handles this is that if a user's web browsing is under parental control, and the user tries to browse to a site that is not listed in the Bookmarks bar, Safari instead presents a screen warning that the site is disallowed because it's unknown, along with an Add Website button so that an administrator can enable access to it by simply entering a password. This means the only sites that the user can visit are the ones listed in the Bookmarks bar. As the administrator in charge of setting up the managed user's bookmarks, you must define these allowed bookmarks for the user.

Log in as the managed user (using Fast User Switching; see 112 Switch to Another User for more information). Notice that the Bookmarks Library icon in the Bookmarks bar has a "lock" icon on it, indicating that the bookmarks are managed. Click the icon. You are prompted for your administrator password so that Safari knows an Admin user is trying to get into the Bookmarks.

Set up bookmarks for the managed user as you normally would; see 61 Keep Track of WebSites with Bookmarks for more information. Remember to put approved sites directly in the Bookmarks bar, or in folders that appear in the bar. Log out of the user's account. From now on, the user won't be able to reach any sites except the ones you've set up as permitted. How's that for peace of mind?

TIP

Mac OS X's parental controls are good for more than just managing small children's web browsing. It's also potentially very useful if you run a company with "kiosk" computers in the lobby; this way you can control the information that walk-up customers can browse. This functionality, unique to Mac OS X, might make a Mac as attractive to your business as to your household




MAC OS X Tiger in a Snap
Mac OS X Tiger in a Snap
ISBN: 0672327066
EAN: 2147483647
Year: 2001
Pages: 212
Authors: Brian Tiemann

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net