Editor’s Note: The following article is an excerpt from the just-released
Take Control of Users & Accounts Leopard, a $10 electronic book available for download from
TidBits Publishing. The 88-page ebook looks in depth at how user accounts work in Leopard, using accounts for troubleshooting, sharing files between accounts, and much more.
While Tiger had parental controls, they were part of the Accounts preference pane. Leopard has split these functions into their own preference pane, called Parental Controls. You can enable and configure parental controls at any time, for any account. You can also change these limitations as needed: for example, if a certain user needs access to an application you have blocked, or if you want to change the limitations applied to your Guest account.
To set or change parental controls, click the Parental Controls icon in System Preferences. You’ll see a list of accounts to which you can apply parental controls.
Note that you can’t apply parental controls to administrative accounts, or to Sharing Only or Group accounts. The Sharing Only and Group accounts can only access your Mac’s files over a network, so it wouldn’t make sense to apply parental controls to them.
When Parental Controls are enabled for a user, you can configure all of the above limitations.
Enabling Parental Controls
To configure parental controls for any account, you first need to authenticate, by clicking the lock icon and entering your administrator’s password. Next, click a user name in the account list and then click the big Enable Parental Controls button in the main section of the window. When you have enabled Parental Controls for a user, you will see all the options available to you.
The Parental Controls preferences are on five sections, each of which is labeled by a button at the top of the pane. I cover each one in turn.
The first section in the Parental Controls preference pane, System, determines if the account is managed or if it uses Simple Finder, and it lets you choose which applications the account’s user can run.
When you apply Simple Finder to a user, you limit the access the user has in the Finder, but the rest of the Parental Control options don’t change.
To create a simplified account, check Use Simple Finder (pictured, right). This gives a simplified view of the Finder, with limited menu options, for younger users, or for those who you want to prevent from accessing all the functions of a normal account. Once you have made this choice, you can still apply the rest of the Parental Control settings.
Limit application access
Whether you check use Simple Finder or not, you can limit a user’s access to applications on your Macintosh. To begin, check Only Allow Selected Applications. Now, a default set of applications becomes checked in the lower portion of the System section:
iLife applications: iTunes, iPhoto, iMovie, etc.
Internet applications: Mail, Safari, iChat, etc.
Widgets: Utilities that can appear in Dashboard.
Other: Applications are listed here. Apple applications—such as Address Book and iCal—are selected for you.
Utilities: All programs found in the /Applications/Utilities folder—utilities are unchecked by default.
This set of checked applications is the same whether you have checked Use Simple Finder or not. However, if you have checked Use Simple Finder, the applications that you select in the list become available in the My Applications folder on the user’s Dock.
You can block access to any program by unchecking its checkbox.
In the case of the potentially huge Other group, you may see some software that you are not familiar with, such as helper applications. The applications are listed alphabetically, so scroll through the list and check any programs you want to allow, such as games. Note that some software may require certain helper applications, so it’s a good idea to look inside the folder containing the application and see if there are any other programs that look like they are needed.
By default, System Preferences isn’t checked in the Other group. However, I suggest that you allow it, so users can change settings, such as the Desktop picture, screen saver, and mouse-tracking speed. They won’t be able to access administrator-only preferences, though, since they will need to authenticate to use them, so there is no risk in giving access to System Preferences
If a user tries to launch an application that has not been allowed, an authorization dialog will appear, enabling an administrator to enter a user name and password in order to allow the application once or always. So, even if you haven’t authorized a helper application, you should be able to do so when the user needs it. (For more on application limits, see the sidebar
on the next page.)
Click the Content button to set controls for two types of content, that which is accessible from Dictionary, and that which users can access via Safari or other Web browsers.
To prevent a user from reading the definitions of “certain words,” check the Hide Profanity in Dictionary box. The user will be able to look up these words, and will see a list of the words contained in the dictionary, but will not be able to access their definitions.
(While I understand that some parents and teachers may want to isolate users from disturbing words, the futility of such a procedure is evident. Nothing prevents users from looking up such words in a paper dictionary, at home or in the library, nor from searching for their definitions on the Web. Further, the fact that Dictionary still displays word lists (look up the most common word you can think of that should be blocked, and you’ll see it together with a list of combinations containing that word), makes this protection risible at best.)
Web site restrictions
The Parental Controls preferences offer you limited restrictions for Web site access. These controls affect any program that accesses the Web, whether it is Apple’s Safari Web browser; other browsers such as Firefox; or even other applications that can access the Web, such as RSS readers. You have three options:
When Parental Controls blocks a Web site, you can add the site to the list of allowed sites. This gives users the ability to access sites that are incorrectly filtered as having adult content.
Allow unrestricted access to websites: This places no controls over Web access.
Try to limit access to adult websites automatically: This uses a built-in set of filters to attempt to block access to sites with adult content. When a site is blocked, the Web browser displays a page (pictured, right), explaining why it was blocked, and offering to add the site to the list of allowed sites.
Allow Access to only these websites: If you select this radio button, you will drastically limit the sites that your children can access.
By default, Apple includes a handful of kid-friendly sites, but you can add your own as well:
Click and hold down the plus (+) sign (located near the bottom of the preference pane, below the list of permitted Web sites).
To add a bookmark—an individual Web site—choose Add Bookmark, then enter a name for the Web site and its address, then click OK. This site will be added to the list of allowed sites, which is displayed in this user’s Safari bookmarks bar.
You may find that you want to organize the list into folders, both to make the list easier to work with and to make it easier to use the bookmarks in Safari.
To add a folder, from the plus (+) button, choose Add Folder. You can name the folder as you like. To add a bookmark to that folder, click the folder to select it, then click the plus (+) button and choose Add Bookmark as in Step 2 above. For bookmarks already in the list, you can just drag them into the folder.
To remove an item from the allowed sites list, select it, then click the minus (-) button. This deletes the site or folder immediately.