Flip to page 69 in the November issue of Macworld and you’ll find The Kid-Safe Mac, a parent’s guide for setting up OS X. Portions of that feature—Leopard’s Parental Controls and Beyond Parental Controls—have recently appeared on Macworld.com. We’ve received a measure of feedback on those portions along the lines of “Parental Controls is terribly, horribly, broken!”
To which I reply, “Maybe. Maybe not.”
I’d like to address those Maybe Nots now.
Check the log
One concerned parent complained that his child couldn’t access Gmail’s webmail when, under Website Restrictions in the Content tab, he’d enabled the Try to Limit Access to Adult Websites Automatically option. Even though he’d added gmail.com as an exception, he encountered an error when attempting to access Gmail via Safari.
The issue here is that Parental Controls is getting hung up because of an address redirect. Safari doesn’t go directly to www.gmail.com but rather to a Google page that redirects to gmail.com. This particular page hasn’t been added as an exception and Parental Controls is careful about redirects—choosing to err on the side of safety by preventing the website from loading rather than loading it and hoping it doesn’t contain inappropriate content.
So the trick here—and with any case where Parental Controls appears to capriciously deny access to a website—is for the person administering the Mac’s Parental Controls to check the log files and make sure they’re adding the proper addresses as exceptions. To do this, click Logs in Parental Controls and then click Websites Visited. In the Logs pane to the right you’ll see a list of sites that were visited with the account set up under Parental Controls. In this case, tick the triangle next to Google, select an entry, and click the Open button. Safari launches and you see the site that was visited. You’re looking for the page that redirects to Gmail. In my case that address began with http://www.google.com/coop/cse.
This is the address you want to add as an exception. Once you do, you should be able to gain access to the page it redirects to. (You may also have to add the eventual destination page as an exception.)
(By way of sticking my nose where it may not belong, I’m not sure I see a really good reason to allow a child to have access to webmail if you’re concerned about inappropriate content. If you’re going to the trouble to set up Parental Controls for your child, create a POP account for your kid and take advantage of Parental Controls' Mail restrictions.)
Let applications run
Others have reported that even when you’ve allowed certain applications to run, they won’t. This can happen for a couple of reasons.
The first is that some applications need to get their house in order before they can run. And that means that you have to launch them at least once in an unrestricted environment within that account before you impose Parental Controls. So, switch off Parental Controls for the account you eventually wish to control, switch to that account, and launch all the applications you’re going to allow that account to use. Log out of that account, return to the administrator’s account, and set up Parental Controls.
Another possibility is that the application you want to run requires a background application or outside resource the user doesn’t have access to. For example, Microsoft Office applications rely on other Microsoft applications to do their job. If you haven’t allowed those other applications, Word or Excel may not be able to launch. (Fortunately Parental Controls will often throw up a dialog box telling you that such and such an application hasn’t been allowed and needs to be in order for things to move forward.)
The Think system
I’m not suggesting that Parental Controls is without quirks. At the very least it could be smarter about telling you why some action was disallowed. But before damning it as a hunk of buggy code, step back for a second and try to think about what it’s doing. If it won’t do something you believe it should, it’s likely because it doesn’t have something it needs—as I’ve explained above, a correct web address or resource that you haven’t allowed, for example.