Thursday, March 01, 2007

Windows Vista - Parental Controls

Windows vista has some nice parental controls. I have always thought that the Macintosh had nice controls for restricting a child's ability to run certain software, and visit certain sites on the internet built in, and I always wondered why they didn't promote that more... now it's too late beacause that's no longer an advantage they hold over MS.

Vista allows an administrator to further lock down a regular user account so that that user can only access programs from a specified list, or only games with a certain rating (and you can pick which rating system you prefer from a list of several.) or only access the internet between the hours of X and Y. you get the idea. It's cool and it's free the only catch is it gets turned off if the PC is being run in a domain environment (corporate installs) . I think it would have been handy to have there too. I would love to be able to restrict access like that on some of the Point of Sale machines I work on, maybe it'll happen when Longhorn server comes out and Active Directory gets updated.

Windows Vista - Users

Windows Vista changes the way we use Users and the Administrators group.
As always you should create an administrator account and then immediately create a standard user account that you will use for day to day work, the difference is that the standard user is not quite as crippled when it comes to installing sfotware as it was in XP.

You still need to know the administrator's password to install, but you don't have to log out of the standard user's session or fast switch between users to install programs, instead if you try to do any sort of administrative function when you are logged in as a non-admin user windows will just prompt you to enter the username and password of an administrator.

This means that while you are working away in a safely non-admin account you don't have to stop your work to install some piece of software or change some configuration option that Windows considers to be in the domain of the administrator.

On the other hand, while you can log in as an administrator and work that way, and you will only be prompted to click OK when you do an admin function, you'll find that the administrator's ability to map network drives and run startup scripts has been crippled this is a security feature that has the side effect of making it just inconvenient enough to run as admin all the time that you will prefer to be a standard user.

Also of note, there is no more power user, the new standard user with the ability to escalate privledges with a password replaces that role.

It may take a little getting used to but this new way of working makes Vista much closer to the Unix/MacOS security model, which has been proven to be more effective against viruses and intruders.