As practice shows, the fewer users have access to a particular computer, the longer the system remains operational on it and the greater the likelihood that folders and files will be safe and sound. It is best if the computer has only one user. Alas, in reality this is not always the case: at work you have to let other employees use your computer, at home quite often the same computer is used by all family members, and in public places (in particular, in educational institutions and computer clubs) the number of computer users in general may be very large.

About the need to restrict access

It is quite clear that usually neither colleagues nor family members want to harm your computer, but if they belong to the category of novice users, then problems cannot be avoided. And the younger generation in educational institutions usually does not set themselves the goal of disabling the computer and destroying the information stored on it - they are simply actively experimenting, without thinking about what consequences certain actions may lead to.

As a result, computers inevitably experience certain problems in the operation of individual applications or operating system. This is not surprising, because it is quite accidental (simply through carelessness or during an experiment) to remove, for example, a monitor driver - and the image on the screen will become less attractive, remove a printer - and printing documents will be impossible, change network settings - and the computer will stop working properly. local network etc. And this is not the worst option - accidentally deleting a number of system folders and files can lead to complete inoperability of the operating system, so it will have to be reinstalled. And the destruction of important working documents can have even more dire consequences - it is possible that they will not be restored in full and part of the work (or even all of it) will have to be done again. In addition, one cannot discount the fact that if your personal or corporate materials are of any commercial value, attackers may want to use them.

Thus, the issue of restricting access to a computer, its individual devices, as well as the data stored on it is, to one degree or another, relevant for all computer users, without exception. It’s just that for some (administrators, teachers in computer classes, home users with children), the tasks of blocking access to operating system settings and protecting files and folders of the operating system and installed applications, and for others (this includes administrators, specialists in computer security departments and teachers, who in our country, along with teaching activities, are often also forced to ensure the functionality of the computers under their control), it is more important to block access to various devices(USB, CD/DVD, FireWire, etc.). There are three reasons for the need to block access to devices: firstly, it is on such devices that insiders often steal confidential information from companies; secondly, through these devices viruses and Trojan programs often enter the computer; thirdly, with removable media various programs are installed, which is desirable to prevent - otherwise, in a week, for example, in an educational institution, so many toys will be installed on a computer that there will simply be no room left for other applications.

Many office workers are interested in completely blocking access to a computer that is turned on in the absence of a legitimate user. The need for such protection in the office is very urgent, because even if you have your own computer, the user cannot be near it all the time, and there are often situations when the computer is turned on and left unattended, which can be taken advantage of by other employees interested in your materials.

Another group of users (this includes all office workers and home users) is concerned about the protection of personal data to prevent its damage, deletion or leakage. The problem of protecting personal folders and files inevitably arises when several people work at the computer. This can be at home, when you need to protect other family members (for example, a child) from information not intended for them, and at work, where even if each user has their own computer, situations are possible when another employee needs to perform some tasks on your computer. operations. In both cases, there is no need to show your work materials to outsiders, and not at all because they are classified as “top secret.” Everything is much simpler: no one likes interference from outsiders in their affairs. In addition, by blocking access to your folders and files, you don’t have to worry that something will happen to them due to the fault of another (insufficiently prepared) user or they will be used illegally, which, unfortunately, is quite possible if the materials are of commercial value.

In general, the issue of reasonable access restriction is very complex and multifaceted, and without suitable applications it is impossible to solve it. This article is devoted to such applications.

Programs for restricting access

The range of access restriction applications offered on the market is quite wide and covers a variety of software products. Some of them block access to operating system settings, others allow you to control access to various devices, others completely block the computer in the absence of the user, and others ensure the hiding of personal data. Often these capabilities are combined in one or another combination, which is quite understandable, because many users need to restrict access in several directions at once in order to solve the problems they face.

Blocking access to operating system settings and system data

Built-in Windows tools allow you to impose some restrictions on user access to operating system settings and system data by managing local security policy (Control Panel=>Administrative Tools=>Local Security Policy). In particular, you can prevent password changes account and installation of printer drivers, limit the list of applications allowed for use, etc., however, the list of limited parameters is small.

At the same time, in practice, to ensure stable operation of the system, quite often it is necessary to further limit the capabilities of users, which can only be done with the help of highly specialized utilities designed to control access to the computer. As an example, we will look at the Security Administrator, WinLock, Deskman and My Simple Desktop programs. The most interesting of them is the Security Administrator utility, which allows you to restrict access to all important system settings and is aimed at system administrators. The My Simple Desktop program has the least functionality, but it is free for personal use and has quite sufficient capabilities for some home users, and you can master it in a matter of seconds.

Security Administrator 12.0

Developer: Getfreefile

Distribution size: 1.85 MB

Work under control: Windows 9x/Me/NT 4/2000/XP/2003/Vista

Distribution method http://www.softheap.com/download/secagent.zip)

Price: $69

Security Administrator is a professional solution for managing access to a computer, allowing you to restrict access to the computer and all its important settings (Fig. 1) both in general and for individual users. It is also possible to completely block a switched-on PC in the absence of a user. In addition to setting restrictions, the utility can be used to control the work of users on the computer, since it keeps statistics on the use of the local network, the Internet, etc.

Rice. 1. Restricting access to system settings and hiding drives
in Security Administrator

This solution is useful for setting a wide range of access restrictions. With its help, it is easy to restrict access to desktop settings (prohibit changing display properties, hide certain icons, etc.) and disable some Start menu items, hide the taskbar (entirely or only individual elements). And also prohibit installation/uninstallation of applications and limit user capabilities when working on the Internet: prohibit changing settings Internet Explorer, downloading files, accessing the Internet from applications, etc. There are also ample opportunities to protect critical system settings from changes - for example, you can prohibit editing system registry, activating DOS mode, installing new drivers, adding/removing printers, copying/moving files in system folders and deleting files and folders from the “My Computer” folder. And also hide the Control Panel, Printers, Network Connections, and the Run command from the Start menu. If necessary, the control panel can be hidden not completely, but partially, hiding the most critical elements from the point of view of unauthorized changes, such as “System”, “Display Properties”, “Network”, “Passwords” and “Printers”. It is equally easy to hide local, network and USB drives, prohibit burning and auto-playing of CDs, block the use of hot Windows keys and launching specific applications, as well as hide specified folders - these folders will become invisible in the My Computer folder, Explorer and dialog boxes Open/Save Windows applications.

WinLock 5.0

Developer: Crystal Office Systems

Distribution size: 2.65 MB

Work under control: Windows 95/98/Me/NT 4.0/2000/XP/Vista

Distribution method: shareware (30-day demo - http://www.crystaloffice.com/winlock.exe)

Price: WinLock - $21.95; WinLock Professional - $31.95

WinLock - convenient solution to limit access to important system resources (Fig. 2) and user data, including remotely. The program is presented in two versions: basic WinLock and extended WinLock Professional (the capabilities of the basic version do not allow you to restrict access to web resources and use encryption).

Rice. 2. Restricting access to system settings and hiding drives
in WinLock

Using this solution, you can deny access to the system registry, hide commands for accessing the control panel, printers, and network connections and completely block access to the corresponding system folders and to some other folders (“My Computer”, “My Documents”, Recycle Bin, etc.). And also set a ban on blocking the computer and make it impossible to change taskbar settings, display settings, network settings, adding/removing programs from the Start menu and renaming icons on the desktop. It is just as easy to set restrictions on activating DOS mode and loading Windows into safe mode and block Windows hotkeys (Alt+Ctrl+Del, Alt+Tab, Ctrl+Esc, etc.). If desired, you can even limit the ability to manage windows (for example, prohibit resizing and moving them). The program also includes tools for blocking access to removable media (CD/DVD drives, USB devices, etc.) and hiding the display of certain drives in the “My Computer” folder and Explorer. You can block the launch of specific applications (download managers, games, etc.) and deny access to certain files and folders (the former cannot be opened for viewing or editing, and the latter cannot be opened, renamed or deleted). And also prevent access to dubious web resources (based on a white list of allowed sites and a black list of prohibited sites) keywords) and set limits on the time specific users can use the computer.

Deskman 8.1

Developer: Anfibia Software

Distribution size: 1.03 MB

Work under control: Windows 2000/2003/XP/Vista

Distribution method: shareware (30-day demo - http://www.anfibia-soft.com/download/deskmansetup.exe)

Price: personal license - 25 euros; business license - 35 euros

Deskman is a simple tool for regulating access to a computer and its settings (Fig. 3), allowing you to completely block the PC (including the keyboard, mouse and desktop) or limit access to certain of its functions (individual restrictions are possible for different users).

Rice. 3. Setting restrictions in Deskman

Using this solution, you can restrict access to desktop settings (for example, prohibit changing display properties, deleting icons, calling the context menu, etc.), Windows Explorer, taskbar, Internet Explorer settings and prevent changes various elements Start menu. And also limit access to the control panel and other critical system settings - for example, prohibit deleting network drives, block rebooting and shutting down the computer, etc. If necessary, it is easy to block all or only certain Windows hot keys (Alt+Ctrl+Del, Alt+Tab, Ctrl+Esc, etc.) and configure the utility to automatically remove new entries from startup to prevent the action of viruses, adware and spyware modules . It is possible to set a ban on the use by other users of specific hard drives and removable media (CD/DVD drives, USB devices, floppy drives, etc.), block autoplay of CDs and their burning. You can set restrictions through preset profiles (this is more convenient for beginners and much faster) or manually.

My Simple Desktop 2.0

Developer: Anfibia Software

Distribution size: 1.76 MB

Work under control: Windows XP/Vista

Waydistribution: My Simple Desktop Office Edition and My Simple Desktop School Edition - shareware (30-day demo version - http://www.mysimpledesktop.com/downloads.sm.htm); My Simple Desktop Home Edition - freeware (http://www.mysimpledesktop.com/download/msdsetup_home.exe)

Price: My Simple Desktop Office Edition - 32 euros; My Simple Desktop School Edition - 20 euros; My Simple Desktop Home Edition - Free (for personal use only)

My Simple Desktop is very simple program to restrict access to the computer and its settings (Fig. 4). It is presented in three editions: paid My Simple Desktop Office Edition and My Simple Desktop School Edition and free My Simple Desktop Home Edition (the capabilities of the editions are completely identical).

Rice. 4. Setting access restrictions in My Simple Desktop

Using this utility, you can protect the desktop, taskbar and Start menu from changes, and make it impossible to make changes to the display settings and the Explorer context menu. And also deny access to the control panel, folder properties and system registry and block the use of Windows hot keys and the right mouse button. In terms of restricting access to devices, there is a ban on the use of stationary disks and external USB devices, as well as hiding network drives and blocking autoplay of CDs. If necessary, you can set a limit on the time you use the computer - the same for all users, except for the administrator. Restrictions are configured by assigning one of the preset profiles or manually.

Restricting access to devices

The built-in mechanisms for distributing access rights and setting security policies in operating systems of the Windows family (except Windows Vista) do not allow controlling other users’ access to potentially dangerous devices (USB devices, CD/DVD drives, FireWire and infrared ports, etc.). Of course, you can disable such devices in the BIOS, but this is not an option, since to work with a disabled device (if necessary), you will have to access the BIOS every time and turn it on again, which is quite time-consuming and very inconvenient.

It is much wiser to control access to devices using additional applications, which can be very different. Often, the ability to hide or block devices is provided in utilities designed to control access to operating system settings, including those discussed by us. True, the ability to restrict access to devices in them is small: it is not possible to control access to all dangerous devices, and we are not even talking about controlling media. Utilities that block access to devices and specialized solutions for protecting the system from corporate information leaks have much greater functionality in this regard. As an example, we will look at the DeviceLock, USB Lock Standard and ID Devices Lock programs. The most functional of them is the DeviceLock program, with which you can control (and not just block) access of individual users and groups of users to almost any potentially dangerous devices (and even media), but it is aimed primarily at system administrators. The capabilities of the other two utilities are much more modest, but they are quite sufficient for most users.

DeviceLock 6.3

Developer: JSC "Smart Line Inc"

Distribution size: 39.7 MB

Work under control: Windows NT/2000/XP/Vista

Distribution method: shareware (30-day demo version - http://www.devicelock.com/ru/dl/download.html)

Price: 1300 rub.

DeviceLock is a specialized solution for organizing a system for protecting against corporate information leaks, allowing you to control access to the entire range of potentially dangerous devices: USB ports, floppy drives, CD/DVD drives, as well as FireWire, infrared, parallel and serial ports, Wi-Fi and Bluetooth adapters, tape drives, PDAs and smartphones, network and local printers, internal and external removable drives and hard drives. The program has a centralized system remote control, providing access to all functions from the system administrator's workstation. Such management is realized using the additional DeviceLock Enterprise Manager console or through group policies Actvie Directory, which allows you to automatically install DeviceLock on new computers connected to the corporate network, and configure it for new computers automatically.

It is possible either to completely block a certain type of device, or partially, that is, in accordance with the white list of media (Fig. 5), in which access to some media will be allowed despite the blocking of the corresponding type of device. It is also possible to set the read-only mode and protect disks from accidental or intentional formatting. It is possible to assign different access rights to devices and I/O ports for individual users and groups of users with the ability to set control depending on the time and day of the week. If necessary, you can log all user actions with devices and files (copying, reading, deleting, etc.) by performing shadow copying.

Rice. 5. Setting up device access restrictions in accordance
with a media whitelist in DeviceLock

USB Lock Standard 3.4.1

Developer: Advanced Systems International SAC

Distribution size: 2.02 MB

Work under control: Windows XP/Vista

Distribution method: shareware (10-day demo version - http://www.advansysperu.com/down_st.php)

Price: $44

USB Lock Standard - handy tool to block access (Fig. 6) to all types of removable media: USB ports (USB drives, iPods, MP3 players, etc.), Zip devices, floppy drives, CD/DVD drives, Bluetooth adapters and reading devices smart cards (CF, SD, MMC, XD, etc.). It allows you to completely block access to specified devices or do it partially, opening access to authorized devices. To cancel the blocking, you need to know the password or a USB key. Operations with unblocked devices are recorded in logs.

Rice. 6. Blocking access
to CD/DVD drives in USB Lock Standard

ID Devices Lock 1.2

Developer: ID Security Suite

Distribution size: 1.47 MB

Work under control: Windows 98/NT/2000/XP/Vista

Distribution method http://www.idsecuritysuite.com/files/iddeviceslocksetup.exe)

Price: $37

ID Devices Lock is a simple utility for restricting access (Fig. 7) to USB devices, CD drives and disk drives by prohibiting copying of data to them, which helps prevent information leakage on mobile media. To cancel blocking, you need to know the password.

Rice. 7. Restricting access to the drive in ID Devices Lock

Completely blocking the computer in the absence of the user

The easiest way to block access to a computer that is turned on is to set a password for the screen saver, but this is not the best option, since when you reboot, the password from the screensaver can be removed without any problems. It is much safer to completely lock the computer using special software that will make it impossible to access any elements of the computer, including the keyboard, mouse and desktop. After that, view any information on it, launch applications, gain access to files and folders (including those open on this moment) and even restarting the computer by pressing the keyboard combination Ctrl+Alt+Del will no longer be possible. You can unlock your computer only if you know the user's password, and a normal reboot (even in safe mode) or a power failure will not remove the protection.

Such computer blocking is usually achieved using highly specialized utilities: Desktop Lock, Lock My PC and similar ones, however, such capabilities can also be provided in programs designed to set various types of access restrictions, in particular in Security Administrator and Deskman.

Desktop Lock 7.2.1

Developer: TopLang software

Distribution size: 792 KB

Work under control: Windows NT/2000/XP/2003/Vista

Distribution method: shareware (15-day demo - http://www.toplang.com/dlsetup.exe)

Price: $24.95

Desktop Lock is a utility for locking a computer (Fig. 8) while the user is away. The blocking is installed from the utility itself by pressing a certain key combination automatically at a time specified by the user or, if the user is inactive, after a specified period. Putting the computer into locked mode can be accompanied by launching a screensaver or playing an audio or video file, which is reasonable, for example, at exhibitions when demonstrating corporate presentations. When locked, the mouse is disabled and it becomes impossible to use basic keyboard shortcuts. To exit the locked mode, you need to press a secret keyboard combination or mouse button and enter a password. If you wish, you can configure the utility to record short messages from other users who approached the computer while its owner was away and wanted to write something to him.

Rice. 8. Configuring computer lock settings in Desktop Lock

Lock My PC 4.7

Developer: FSPro Labs

Distribution size: 1.4 MB

Work under control: Windows 2000/XP/2003/Vista

Distribution method: shareware (30-day demo version - http://www.fsprolabs.com/download/distr/lmpc.zip)

Price: personal license - $19.95; business license - $29.95

Lock My PC is a tool for locking a computer (Fig. 9) while the user is away. Locking your computer is easy - just double-click on the corresponding icon in the system tray or press a special keyboard combination. Automatic blocking is possible after a specified period of user inactivity. When locked, the mouse and CD/DVD drives are turned off (this will not allow you to remove CDs from them) and it becomes impossible to use the main keyboard combinations: Ctrl+Alt+Del, Alt+Tab, etc. On a locked computer, any , including self-created images in GIF, JPEG, BMP and animated GIF formats. You can unlock your computer only if you know the user or administrator password.

Rice. 9. Configuring computer blocking options in Lock My PC

Protection of personal information

There are several ways to protect personal data from unauthorized access: you can compress folders and files in a password-protected archive; hide them; place it in a secret folder, access to which will be blocked for other users with a password; encrypt or create a virtual encrypted disk on which to write your secret materials. The choice of the most preferable method depends on the situation, but in most cases the best option is to hide and encrypt folders and files, so in this article we will limit ourselves to this.

Theoretically, you can hide folders and files using built-in Windows features- to do this, just enable the “Hidden” attribute in the properties of the corresponding objects. Folders and files hidden in this way will not be visible in Explorer to other system users, but only if the “Do not show” checkbox is enabled in the properties of the parent folders containing them hidden files and folders." In principle, this may be sufficient to protect data from unprepared users. However, objects hidden in this way will be visible in applications that do not use the standard dialog for displaying files and folders (FAR, Total Commander etc.), so such protection is not very good.

A more reliable option for protecting data using built-in Windows tools is to use the Encrypting File System (EFS), which allows you to encrypt files by enabling the “Encrypt contents to protect data” option in Explorer (Properties=>General=>Advanced). It is impossible to read files encrypted in this way without knowing the password, but the EFS system allows you to protect folders and files only in file system NTFS.

For these reasons, it is better to use specialized utilities to protect personal folders and files. These solutions will allow you to more reliably hide folders and files (they will not be visible if you disable the “Do not show hidden files and folders” checkbox), as well as block access to them. Moreover, some of these utilities also provide the ability to encrypt data, which will ensure its protection from other users even when booting Windows in safe mode, booting into another operating system or on another computer (if it is previously installed HDD with protected information). As examples, we will look at the programs Folder Lock, Folder Guard and Hide Folders XP. The first provides the highest level of protection for encrypted data, the second additionally provides tools to protect basic OS settings from changes. The Hide Folders XP package is noticeably inferior to the named solutions in terms of its capabilities, but it has a Russian-language interface and is offered to Russian-speaking users at a very attractive price.

Folder Lock 6.0.1

Developer: NewSoftware Professionals, Inc.

Distribution size: 2.78 MB

Work under control: Windows 2000/XP/2003/Vista

Distribution method: shareware (20-day demo - http://dl.filekicker.com/nc/file/130083-0M78/folder-lock.exe)

Price: $35.95

Folder Lock is an effective and reliable solution for protecting personal files, folders (Fig. 10) and disks by setting a password, hiding and encrypting them (AES algorithm with a 256-bit key). For greater security, this solution allows the use of blocking and encryption at the same time - files protected in this way are not displayed in Explorer and in applications and are completely inaccessible, since it is impossible to access them without knowing the password even if booted into DOS, in a safe Windows mode, from a different OS or on a different computer. In case the password is forgotten, it is possible to gain access to the data using the registration key. The original data that needs to be protected can be located not only on the hard drive, but also on USB drives, memory cards, CD-RW drives, floppy disks and laptops. And the process of installing the provided protection can be carried out automatically if the computer is inactive. In special Stealth mode Mode program can hide all traces indicating that data protection is installed on the computer: it prevents the display of its own shortcuts on the desktop and in the Start menu, hides installation/uninstallation data in the corresponding section of the control panel, clears history and clipboard data, etc. In addition, for greater security, the program keeps a record of all unsuccessfully entered passwords to remove protection, which allows the user to timely detect the manifestation of unhealthy interest in his own computer on the part of other users.

Rice. 10. Working with protected folders in the Folder Lock package

Folder Guard 7.6

Developer: WinAbility Software Corporation

Sizedistribution: Folder Guard Editions and Folder Guard x64 Edition - 1.8 MB; Folder Guard Professional Edition - 2.5 MB

Work under control: Windows 2K/XP/2003/Vista

Distribution method: shareware (30-day demo - http://www.winability.com/folderguard/editions.htm)

Price: Folder Guard Editions and Folder Guard x64 Edition - $39.95; Folder Guard Professional Edition - $59.95

Folder Guard is a simple and convenient solution for restricting access to folders and files, as well as preventing access to a number of Windows settings. It is available in three versions: Folder Guard Editions, Folder Guard x64 Edition and Folder Guard Professional Edition. The first version works in 32-bit Windows versions, the second - in 64-bit, and the third - in both.

Restricting access to personal data is carried out by hiding them (Fig. 11), setting the “read-only” mode or blocking. In this case, hiding is implemented in two options: you can make folders and files hidden or assign them empty (Empty). In the second case, the folders will be visible, but when opened they will be empty, although in reality they contain information - this option protection is suitable for standard Windows folders, complete hiding of which will indicate that information on the computer is blocked, which is undesirable. Protected folders without a password will not be accessible to other system users even when Windows is loaded in safe mode, although this will require some settings in the program. In case you forget your password, there is a function to recover it using free utility Emergency Recovery (http://www.winability.com/folderguard/eru.htm). The ability to operate the program in Stealth Mode has also been implemented, in which its own shortcuts and files will be hidden.

Rice. 11. Hiding a folder in Folder Guard

Folder Guard can also protect basic settings OS from adjustments (Fig. 12) - in particular, block access to the properties of the taskbar, Start menu and a number of other windows, prohibit saving display properties (if they have been changed), block changes to folder properties and Internet settings Explorer, do not show desktop icons. And also prevent changes to parameters critical for system operation by closing access to the control panel and setting a series of restrictions: access to the system registry, adding/removing printers, using the “Run” command, etc. You can also hide certain drives in the My Computer window, Explorer, and standard Open/Save dialog boxes, and block CD/DVD burning. Different users may have different sets of such restrictions.

Rice. 12. Setting restrictions on access to Windows settings
in Folder Guard

Hide Folders XP 2.9.8

Developer: FSPro Labs

Distribution size: 1.23 MB

Work under control: Windows 2000/XP/2003/Vista

Distribution method: shareware (30-day demo - http://www.fsprolabs.com/download/distr/hfxp.zip)

Price: $29.95 (in the Softkey.ru store - 400 rubles)

Hide Folders XP is a simple program for protecting folders and files (Fig. 13) from unauthorized access by hiding and/or blocking them. Protected folders will not be accessible to other users, including the system administrator, even when Windows starts in safe mode. In this case, not only protected folders and files will be protected from deletion, but also the folders containing them. And in order to prevent other users from guessing that there is protected data on the computer, the program can remove traces of installed protection and can hide itself (it may not appear in the list of frequently downloaded programs, may not show a line about uninstallation in the control panel, hide itself in list running processes and etc.).

Rice. 13. Working with protected files in the Hide Folders XP environment

The Internet is fraught with a lot of dangers, especially for the fragile minds of the younger generation. But few parents manage to protect their child from harmful information through prohibitions and admonitions. 90% of schoolchildren easily deceive their mother and father and continue to visit non-children's resources.

Adults also “sin” by using the Internet for inappropriate purposes. Mistakes made by office workers often arise because 50% of the time they are busy not with business, but with social networks.

Only one remedy can radically solve the problem - blocking unwanted resources. Read how to block a website from children and careless adults using eight proven methods.

The method of blocking web resources through Hosts, a local database of IP addresses and domain names associated with them, is designed for the most inexperienced. Since even elementary schoolchildren know about Hosts today, for many it will not be difficult to reset the setting and reduce your efforts to nothing. Therefore, you should take measures to protect it. For example:

• Create an account with limited rights for the user you are going to block access to unwanted sites. Then he will not be able to correct anything in the Hosts file even if he wants to.
• Use tricks to hide blocking records.

The blocking technology itself is very simple:

• Log in to Windows using an administrator account.
• Go to the folder %Windir%\System32\drivers\etc, find a file without an extension with the name “Hosts” and open it using Notepad or a program that replaces it. To avoid problems with saving changes, you can do this: run Windows Notepad (file notepad.exe, located in Windows folder) with administrator rights, through the “File” - “Open” menu, go to Hosts and load it into the program.
• Add an entry anywhere in the file starting on a new line 127.0.0.1 site, where instead of “site” we write the address of the blocked resource.

• Save the file in its original location. To prevent notepad from assigning the txt extension to it, write the name “hosts” in quotes, and select “all files” from the file types.

After this, the site will no longer open in browsers, since the computer will look for it not on the Internet, but on itself.

Tricks that will prevent a user from deleting your entry in Hosts

The first option is to hide the entry itself in the file. It is impossible to make it invisible, but you can insert 2-3 hundred empty lines between comments (lines starting with #) and it. The user, when opening a file, most likely will not pay attention to the scroll bar of the document and will not see your entry, since it will be far down.

The second option is to move the Hosts file to another, more secluded location. Decide for yourself where to place it, but to prevent the system from losing it, you will have to make a small edit to the registry. Open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters branch in the RegEdit editor and in the parameter value DataBasePath write a new path to Hosts.

Via DNS

Traffic from a computer connected to the Internet passes through DNS server(which, like hosts, maps website names to their IP addresses). In addition to the DNS provided by the provider, you can use others, for example, free public ones.

Some public DNS have a content filtering system, that is, they do not load sites with certain content onto the computer.

Unfortunately, you can't block resources of your choice using DNS, but if you want to block access to adult content or potentially malicious websites, the method is very effective. To use it, you just need to specify the required DNS addresses in the connection and protocol properties of the IPv4 version.

This example uses Yandex public DNS with an adult content filter.

There are other blocking options:

• Yandex: 77.88.8.88 (main) and 77.88.8.2 (alternative) - filtering phishing and fraudulent resources.
• Norton ConnectSafe (Symantec): 198.153.192.40 (primary) and 198.153.194.40 (alternate) - filters phishing, fraud, malware.
• Norton ConnectSafe: 198.153.192.50 and 198.153.194.50 - the same plus an adult content filter.
• Norton ConnectSafe: 198.153.192.60 and 198.153.194.60 - the same plus blocking of any “inappropriate” topics.

In browsers

Modern browsers contain a lot of useful things, but most of them do not have functions for blocking sites of the user's choosing. It remains, perhaps, only in Internet Explorer.

To make the ability to block sites appear in your favorite browser, just install a special extension in it, for example, Block Site. This link takes you to the Chrome store, where you can download such a plugin (not just one, but three with the same name) for Google Chrome and Yandex.Browser.

The principle of operation of such extensions is very simple. They add a blocking feature to the context menu. Clicking right click click on any link (including a file download) and selecting the “Block” command, you will blacklist the site. And the whole thing, and not a separate page.

Some of the presented extensions also allow you to manually add to the blacklist and create custom filters for blocking by content.

Plugins with web resource block functions are produced not only for Chrome, but also for Opera, Mozilla Firefox and other less popular browsers.

Using Windows Firewall or a third-party firewall

Windows Firewall can only block websites based on IP addresses. This is not the most The best way, since one IP is sometimes shared by several resources, and large portals such as VKontakte and Odnoklassniki occupy entire ranges of addresses. Third party firewalls can be configured more flexibly - they allow you to block access to even a single page. To do this, it is enough to indicate its URL in the program, not its IP, which is much more convenient for the user.

Since each firewall is configured differently, and we cannot consider all of them, we will study the principle of setting up a universal tool - the Windows 10 firewall.

To create a blocking rule, we first determine the site's IP. To do this it is convenient to use the command ping_URL(for example, “ping ya.ru”) or whois services.

• Let's open the firewall. In the left panel, select “Outgoing Connection Rules”, and in the “Actions” list, select “Create Rule”.

• In the next window, check “All programs” (if the site should be blocked in all browsers) or “Program path” (if in one). When choosing the second option, indicate the path to executable file browser.

• We'll skip the next window. After it, we have to indicate the IP to be blocked. At the bottom of the “Area” window, select the “Specified IP addresses” item and click “Add”. We do not touch the top field, since it is intended for creating rules in local networks.

• Enter the IP address or range of website addresses and click OK.

• Next, select “Block connection”.

• Let's mark the network profiles for which we are going to use the rule.

• The last step is to give the rule a name.

After clicking “Finish” the rule will take effect.

On the router

Access control settings on routers different models are not the same, but their algorithm is largely similar. Let's figure out how to block access to unwanted sites using TP-Link as an example.

TP-Link access control (and not only) works in black and white list mode. In the first case, access is allowed to any web resources except those specified. In the second, it is prohibited to apply to everyone, except, again, those indicated. Let's consider creating a blacklist as an example, since it is used more often.

• Go to the admin panel, open the “Access Control” section and click “Setup Wizard”.

• In the new window, select the “IP address” mode, indicate the name of the host for which we are creating a rule, and enter its IP or address range.

• Next, select the mode “ Domain name", write an arbitrary name of the target (for which the rule is created) and list the prohibited sites.

• The next step is to create a blocking schedule.

• Then we set the name of the rule, check all the parameters and click “Finish”.

• The last step is to select a filtering mode (in our case, prohibit packets from the specified domains from passing through the router) and save the rule. Also, don’t forget to check “Enable Internet access control management.”

This completes the setup.

Parental controls

Parental controls are now being built in wherever possible. It is available in many routers antivirus programs and even in the operating systems themselves. Before Windows 7, parental controls were a separate system feature. In Windows 10, it became “family safety with settings via the Microsoft website,” but its essence did not change. Parents still have the opportunity to use it to limit their child’s access to network resources.

However, what are we all about Windows and about Windows? Let's look at how parental control works in Kaspersky Internet Security.

• Restrictions are configured through a specially designated section.

• The first thing you have to do after entering it is to set a password to disable the function and change settings.
• Next, you will see a list of user accounts for which you can enable parental controls. Click “Set up restrictions” next to the selected account.

• Restrictions on access to web content are set in the “Internet” section. There are 2 blocking modes: sites for adults (black list) and all sites except permitted ones (white list).

• When you select blacklist mode, you can specify categories of content to be blocked, but without specifying specific sites. When selecting whitelist mode, allowed sites must be added to exceptions. Everything else will be blocked.

The control on/off slider is located at the top of the settings window in the user list.

Using static routes

A static (permanent) route is a rigidly defined path for packets to follow from one network node to another. For example, from your computer to the server that hosts the website. Having registered in Windows registry or in the router settings there is a false route to an Internet resource (more precisely, to its IP address), you will make sure that it does not open.

How to do it:

• Define using the command ping_URL IP address of the desired site.
• Without closing the command line (it must be launched as administrator), run one more instruction: route -p add destination_site_IP mask 255.255.255.0 192.168.1.0 metric 1.

The answer “Ok” means that the route to the site 213.180.193.3 has been created. Now ya.ru will not open on this computer.

In the Windows registry, all static routes are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes.

To remove an entry from there that has become unnecessary and resume access to the site, right-click on the entry and select “Delete.” Or run in command line instructions route - f. Last method deletes all existing permanent routes. If you want to remove only one of them, run the command route delete target_node_IP, For example, route delete 213.180.193.3. After this, the ya.ru website will become accessible again.

Using local IP security policies (IPSec)

Using IP Security Policy (IPSec) to restrict Internet access is a non-trivial method. Very few people know about the existence of such a possibility (unlike Hosts), and anyone for whom you block a certain web resource will never guess how you did it.

Using IPSec, you can block both an individual IP site and a pool of addresses. The only drawback of this method is that the policy management snap-in is not available in all editions of Windows. So, it is absent in home releases.

Creating an IP security policy may seem complicated, but only the first time. After several attempts, it will not take you more than 2-3 minutes. Moreover, every step of the setup is accompanied by a Wizard.

• So, to access the snap-in, open Administrative Tools in Control Panel, click Local Security Policy, and select Local PC IP Security Policies.
• Right-click on the empty area of ​​the right half of the window " Local policies" and select "Create IP security policy". The first Setup Wizard will launch.

• In the window that opens, enter the name of the new policy and briefly describe its purpose. You can leave these fields as default, but it’s better to fill them out so you don’t get confused later.

• Then click “Next” without changing anything.

• Complete the Wizard by checking “Edit Properties” and clicking “Finish.”

• In the properties window for the future IPSec policy, click “Add”. This will launch the next Wizard - creating IP security rules.

• In the “Tunnel Endpoint” window, leave everything as is.

• Under Network Type, select All Connections.

• In the “List of IP filters” (they just need to be created), click “Add”. Next, give your list a name and click “Add” again. The third Wizard will start - IP filters.

• First of all, give the new filter a description (it’s most convenient to specify the URL of the site to be blocked).

• Specify “My IP address” as the traffic source.

• Destination: “Specific IP or subnet.” Below, write the address of the site or subnet to be blocked.

• In the “Protocol Type” section, check “Any”.

• The last step is to click “Edit Properties” and “Done”. There is very little left.

• Confirm the new filter settings.

• If you want to create another one, click the Add button in the next window. Otherwise, click “OK”. This will launch the Filter Action Configuration Wizard.
• 
  In the “List of IP filters”, mark the one you just created and click “Next”.
  
• Give a name and description of what it will do (block the site).
  
• In the action parameters, specify “Block”.
  
• The final step of the stage is “Changing properties” and completing the wizard.
  
• Now check and confirm the setting again.
• The final push is to create safety rules. The fifth Master will do this.
  
• When it’s finished, change the properties again and click “Finish.”
  
• Review and confirm the parameters of the new rule.
• And finally - all the properties of the policy. It has been created and is displayed in the section list.
• All that remains is to put the policy into effect. Right-click on it and select “Assign”.

In the “Properties” section you can later change any policy settings, and through the context menu you can disable, rename and delete.

Restricting access to your computer can help solve several problems at once. For example, protecting confidential information, limiting a child’s access to a computer, protecting from overly curious colleagues.

Instructions

Set a password to boot your computer into the BIOS. To do this, on most computers you need to hold down the “Delete” key when turning it on. The BIOS shell will load. Go to the menu " Advanced Bios Features" and change the "Psssword check" parameter from "Bios" to "System". Exit to the main menu using the “Esc” key. In the “Set user password” item, specify twice the password that the computer will require when the system boots. Select "Save and exit setup". The computer will reboot and the next time you boot it will require you to enter the password you specified.

Disable unused accounts. Right-click on the My Computer icon. Select "Manage" from the drop-down menu. Expand the directory " Local users and groups." Open the Users folder. Disable all accounts except the Administrator account and the one you are using. Set passwords for the remaining accounts.

In order to protect a computer that remains turned on for a short time in your absence, use password protection on your desktop screensaver. Right-click anywhere on the desktop (not occupied by shortcuts) and select Properties. On the Screensaver tab, reduce the interval at which it appears to three to five minutes and check the Password Protect box. Now, if the computer has been idle for longer than the time you set, a screensaver will appear, from which you can only exit by typing the password.

Setting up and using user accounts

In the operating room Windows system 7 A user account is a set of information that determines what folders and files a user has access to and what changes the user can make to the operation of the computer. In addition, the account stores the user's personal settings - for example, the desktop background and screen saver. Using accounts allows multiple users to work on the same computer using own files and parameters. The account is accessed when the operating system boots by entering a username and password.

Types of accounts

The user account mechanism is designed to solve the following problems:

Differentiation of user rights to access information;

Individual configuration of the user interface and desktop elements for each user of a given computer;

Protect your computer settings and confidential information;

Quickly switch between different users without closing running programs and applications.

All accounts depending on their functionality are divided into three types: computer administrator, limited account and guest account. A user with a limited account can perform operations with his password (create, change, delete), change his account picture, desktop settings, and view files. The administrator account allows you to perform the following operations:

Creating, deleting and editing user accounts (including your own account);

Operations with your password (creating, editing, deleting);

Installing and removing programs and equipment, editing their parameters and properties;

Read all shared files;

Making configuration changes at the system level.

As for the guest account, it is created automatically during the system installation process and is intended for third-party users who do not have their own accounts on this computer. A guest account does not have access to password-protected files, folders, settings, or applications. Using the appropriate links, you can enable or disable the guest account (in the first case, third-party users will be able to log in, in the second - not).

To switch to the mode for setting up and editing accounts, you must select the User Accounts category in the control panel, and in this category click on the Add and change user accounts link. As a result, the window shown in Fig. 1 will open on the screen. 5.1.

Rice. 5.1. Accounts in Windows 7

This window contains a list of previously created accounts, as well as the Select a task menu. You can independently create new and edit existing entries, as well as delete them. Next we will look at each of these modes.

Entering a new account

To create a new account, click on the Create an account link - the window shown in Fig. 1 will appear on the screen. 5.2.

Rice. 5.2. Create an account

In this window, you must enter the name of the account to be created using the keyboard. You can use any word, an arbitrary set of characters, etc. as a name. For example, in Fig. 5.83 The created accounts are named Alex, Network Entry, Administrator and Guest.

After this, using the appropriate switch, you must select the type of account to be created; Possible values ​​are Normal access and Administrator (functional differences between user account types are given above).

The process of creating a user account is completed by clicking the Create Account button - after which the new account will appear in the list of accounts (Fig. 5.3). The Cancel button is intended to exit this mode without saving changes.

Rice. 5.3. New account on the list

Existing accounts can be edited and deleted. How this is done is described in the next section.

Editing and deleting accounts

To switch to account editing mode, click on its icon. As a result, a request for further action will be issued in the window that opens; To select, click on one of the following links:

Changing your account name;

Create a password;

Changing the pattern;

Set up parental controls;

Changing the account type;

Deleting an account.

If a password was previously set for the selected account, then instead of the Create a password link, the list will contain the Change password and Remove password links.

When you click on the link Change account name, a window similar to the window shown in Fig. 1 will open on the screen. 5.2. The difference is that there will be no switch for selecting the account type, and instead of the Create an account button there is a Rename button.

Rice. 5.4. Entering your account password

In this window, you must enter the user account password using the keyboard. The password is entered twice in order to avoid errors when entering the password. In the field located at the bottom of the window, it is recommended to enter a short password hint using the keyboard. Please note that this hint will be visible to all users of the computer, so it is important that the connection between the password and the hint is not directly visible.

ATTENTION

Do not forget that when entering a password, the case of characters (the state of the Caps Lock key) is taken into account.

The password creation process is completed by clicking the Create Password button. Using the Cancel button exits this mode without saving changes.

If you need to change your password in the future, you must use the Change password link. The procedure for changing a password is the same as for creating it.

To remove a password, use the Remove Password link. In this case, a window will open on the screen that will contain a warning about the possible consequences of this step and a Delete password button, when clicked, the password for this account will be deleted.

Using the Change picture link, you can replace the account picture (each account is decorated with an image, see Fig. 5.3). This image is shown in the welcome window when you log in. When you click on this link, a window is displayed, which is shown in Fig. 5.5.

Rice. 5.5. Change the picture used for your account

The current account picture is shown at the top left of the window. To replace it, you need to place the cursor on the required image (the list of images is contained in the central part of the window) and click the Change picture button. If the desired picture is not in the list, then you should use the Search for other pictures link - when you click on it, a window will open on the screen in which, according to the usual Windows rules, the path to the file of the required image is indicated.

To change the user account type, use the Change account type link. When you click on this link, a window will open on the screen in which you need to use the switch to specify the account type and click the Change account type button.

To delete an account, use the Delete account link. Please note that it is impossible to delete the account under which the system is currently running (in this case, the Delete account link is missing). When you click on this link, a window will open on the screen in which the system will offer to save the contents of the desktop and some system folders (Documents, Favorites, Videos, etc.) in a new folder, which will be named by the name of the account being deleted and located on the desktop . When you click the Save Files button in this window, the account will be deleted, and this data will be saved. If you click the Delete files button in this window, then simultaneously with deleting the account, this data will also be deleted. Using the Cancel button, you can exit this mode without deleting your account.

Parental control

In any family with minor children, sooner or later the problem of limiting the child’s access to the computer arises. It is no secret that in recent years the problem of computer addiction among children and adolescents has seriously worsened. Psychologists, teachers and other specialists are working on this problem, and they all note: computer addiction is a disease. Moreover, it entails the emergence of a whole series of disorders, which in general can be divided into two categories: mental and physical.

Among the mental disorders among children and adolescents, the occurrence of which is caused by computer addiction, the following can be noted:

Lack of interest in “live” communication and, on the contrary, excessive passion for virtual communication (e-mail, chats, etc.);

Inability to verbally express one's thoughts;

Silence, isolation;

Irritability;

A clear decrease in interest in the surrounding reality, the desire to sit down at the computer at any free moment;

Fatigue, decreased performance at school, inability to concentrate;

Sleep disturbance;

Decreased appetite.

As for physical disorders in children suffering from computer addiction, the most important among them are:

Deterioration of vision (despite the fact that LCD monitors are considered almost harmless, the eyes are under strain when working at a computer in any case, especially when playing various games, shooters, etc., not to mention CRT monitors) ;

Changes in posture up to curvature of the spine;

Headache;

Problems in the pelvic area.

But any disease, as we know, is easier to prevent than to cure. In this section we will talk about how, using the function implemented in Windows 7, parental controls limit your child’s use of the computer (this applies to both time spent on the computer and access to certain applications and materials).

Parental controls allow you to regulate your children's computer use. In particular, you can determine the periods of time during which children can work on the computer, as well as determine what games and applications they can use.

If a child tries to launch a prohibited game or open a prohibited program, an information message will be displayed on the screen stating that this application blocked. In this case, the child can use the appropriate link to request permission to access the application, and you can grant this access by providing your credentials.

ATTENTION

To enable parental controls, you must be logged in with administrator rights. Accounts to which parental controls will be applied must be of the Normal access type (see Figure 5.2), since the parental controls mechanism only applies to such accounts.

To go to the mode of setting up and enabling parental control, you need to click on the Parental Control link in the list of accounts window (see Fig. 5.3). As a result, the window will look as shown in Fig. 5.6.

Rice. 5.6. Selecting an account to enable parental controls

In this window, you need to click on the account for which parental controls will be enabled. As a result, you will switch to the parental control enable mode (Fig. 5.7).

Rice. 5.7. Parental control enable mode

By default, parental controls are turned off for all accounts, which is not surprising - after all, the system is designed primarily for adult users. To enable parental controls, set the Parental Controls switch to Enable using your current settings.

In principle, after this you can click OK and the parental control function will work. But in this case, its parameters that are offered in the system by default will be used. Note that these parameters are not always optimal: for example, some parents want to limit only the time the child spends at the computer, others want to prohibit him from using games, others want both, etc. In addition, you can independently determine a specific list of applications or categories of games that you want to deny your child access to.

Each parental control mode (Time Limits, Game Limits, and App Limits) is configured separately.

Setting a time limit for working on a computer

To limit the time your child spends at the computer, click on the Time limit link (see Figure 5.7). As a result, the window shown in Fig. 1 will appear on the screen. 5.8.

Rice. 5.8. Setting up time restrictions on computer access

The procedure for setting a time limit is extremely simple. The table shows the days of the week in rows, and the hours of the day in columns. By clicking on the required intersection, set the time during which you prohibit your child from using the computer. The time intervals selected for blocking will be highlighted with blue squares, and the allowed intervals will remain white. To remove the ban, click on the blue square.

The settings made will take effect after clicking OK. Using the Cancel button exits this mode without saving the changes made.

Setting up game access restrictions

Currently, the IT market offers a great variety of different computer games. Among them there are both useful games for children and teenagers, and those to which it makes sense to limit access. Among the useful computer games one can note, for example, educational and educational games, and among those harmful to the child’s psyche are various “shooters”, games with scenes of violence, intimate scenes, inciting national hatred, etc.

To restrict your child’s access to games installed on your computer, click on the Games link (see Figure 5.7). As a result, the window shown in Fig. 1 will open on the screen. 5.9.

Rice. 5.9. Setting game restrictions

At the top of the window there is a switch that can be used to immediately prevent the user from running any games on this computer. To do this, you need to set it to No. Note that in this case, all other settings for restricting access to games become unavailable - their use simply loses all meaning, since all games without exception will be blocked. If the switch is in the Yes position (this value is proposed to be used by default), then the links below become available: Set categories for games and Prohibit and allow games.

Rice. 5.10. Selecting categories for games

This window provides a list of game categories as rated by the Entertainment Software Rating Board (this rating is offered by default). More information about this rating can be found by clicking on the ESRB icon located to the right above the list of categories.

In general, Windows 7 can use different game ratings for parental controls, and you can choose any of them. To do this, in the window shown in Fig. 5.6, you need to click on the game rating system link. In this case, a window will open on the screen in which, using the switch, you need to specify the appropriate rating and click OK. You can view detailed information about each assessment on the corresponding website (links to websites for each assessment are provided in the same window).

Here we will consider the Entertainment Software Rating Board rating (see Figure 5.10), since, as we have already noted, this is the one offered by default.

It is worth noting that not all computer games have a category indicated. Therefore, in the category selection window (see Fig. 5.10), you can use the switch located at the top to indicate whether or not the user is allowed to launch games for which the category is not specified.

After that, use another switch to indicate which category of games the child can use. Note that when choosing a certain category, the child will be able to use not only games that belong to it, but also games of all the following categories. In other words, if you allow your child to use games in the “10+ years” category, then he will automatically have access to games that are assigned to the “3+ years” and “6+” categories. This can be clearly seen in Fig. 5.10: available categories are highlighted in color, and the “highest” of the available categories is marked by the position of the switch.

Below the list of categories is large group Block these types of content checkboxes. Using these flags, you can specifically indicate the content that can be used to block a game for a child, even if it is accessible for him according to age criteria. Each checkbox blocks a specific type of content, such as: blood, crude humor, drinking, nudity, mentions of sex or intimate scenes, foul language, inappropriate jokes, gambling, mentions of alcohol, tobacco or drugs, etc. So you can do very fine tuning blocking games: after all, for example, jokes and scenes that can be allowed for a 15-year-old teenager are not always acceptable for an 8- or 10-year-old child.

Using the Banning and allowing games link, you can switch to a mode in which you can specify specific games that your child is allowed to use. The window that opens will present a list of games in accordance with the restrictions specified earlier (see Fig. 5.10). In this list, select the games that you allow your child to play and click OK.

Setting up application access restrictions

As we noted earlier, you can set your child to limit access to programs available on the computer. This is useful not only to prevent the child from using dubious applications, but also to protect their data from damage or loss. For example, if you store a lot of important data in different Excel documents, then you can, to be on the safe side, completely block your child from launching the Excel spreadsheet editor. As an option, you can configure restriction of access rights to specific files and folders, but we will tell you how to do this later.

To restrict access to applications installed on your computer, click the Allow and block individual programs link (see Figure 5.7). As a result, a window will open on the screen, which is shown in Fig. 5.11.

Rice. 5.11. Selecting programs to block

If you want to block some programs, set the switch located at the top of the window to the position Username can only work with allowed programs (by default it is set to Username can use all programs - in this case the blocking will not work). After this, you will have to wait for some time until the system generates a list of programs installed on the computer. This may take a few seconds, or maybe a few minutes: it all depends on the amount installed on the computer software, on computer performance, as well as on other factors.

After the list of programs has been generated, check the boxes for those applications to which you want to block access. Using the Check All button, you can quickly select all checkboxes, and using the Uncheck All button, you can quickly clear all checkboxes. If the required program is not in the list, click the Browse button, and in the window that opens, according to the usual Windows rules, specify the path to the executable file of this program.

The program blocking configuration is completed by clicking the OK button in this window. Using the Cancel button exits this mode without saving the changes made.

Setting file access rights and limiting user rights

When working on a computer, there is often a need to protect certain of your data from unqualified and unauthorized viewing and editing. This task usually occurs when working on a local network, or when several different users have access to the computer at different times.

A mechanism for protecting information from outside interference also existed in previous versions Windows operating system. In this section we will explain how it functions in Windows 7.

To configure file permissions, right-click on it in the Explorer window, and in the resulting context menu select the Properties command. Then in the window that opens, go to the Security tab, the contents of which are shown in Fig. 5.12.

Rice. 5.12. File properties, Security tab

At the top of this tab the full path to the selected object is displayed (in Fig. 5.12 it is D:\Export. txt). Below is a list of users or user groups that have access to this computer. Even lower, a list of permissions for the user or group highlighted by the cursor is displayed. In Fig. 5.12 users of the Alex group in relation to this file have Read and Execute permission.

Note that on the Security tab you will not be able to change the current permissions. To add a user or user group, or to edit existing permissions, click the Edit button. As a result, the window shown in Fig. 1 will open on the screen. 5.13.

Rice. 5.13. Editing Permissions

If you want to change permissions for a user or group of users, select the corresponding item in the Groups or users list by clicking the mouse, then in the lower part of the window, by checking the appropriate checkboxes, define restrictions or permissions.

To add a new user or group of users to the list, click the Add button. As a result, the window shown in Fig. 1 will open on the screen. 5.14.

Rice. 5.14. Add a user or group to control access to a file

In this window, in the Enter the names of selected objects field, you need to enter the name of a user or user group for subsequent configuration of access rights. You can enter several names in this field at the same time - in this case, separate them with a semicolon. When entering names, use the following syntax:

Display Name (example: First Name Last Name);

Object Name (example: Computer1);

Username (example: User1);

ObjectName@DomainName (example: User1@Domain1);

Object Name\Domain Name (example: Domain1\User1).

The Check Names button searches for the names of users and user groups specified in the Enter the names of the selected objects field.

The Select Object Type field at the top of this window specifies the type of object you want to search for. For example, you can configure permissions for only users, or only for user groups, or for built-in security principals, or all types of objects at the same time ( the latter option is proposed to be used by default). To select object types, click the Object Types button, then in the window that opens, specify the required object types by checking the appropriate boxes and click OK.

The area to search for objects is indicated in the In the following location field. This area can be, for example, a specific computer (the default is the current computer). To change the search area, click the Placement button, then in the window that opens, specify the required area and click OK.

To remove a user or group from the list of objects for setting permissions, select the corresponding position in the list (see Fig. 5.13) with a mouse click and click the Delete button. You should be careful when doing this, since the system does not issue an additional request to confirm the delete operation, but immediately removes the selected object from the list.

Permissions for folders can be configured in the same way. However, for folders and directories you can also configure Extra options access. To do this, in the folder properties window there is an Access tab, the contents of which are shown in Fig. 5.15.

Rice. 5.15. Settings public access

To configure shared access to a folder (this is usually used when working on a local network), click the Sharing button on this tab. As a result, a window will appear on the screen, which is shown in Fig. 5.16.

Rice. 5.16. Setting up sharing for individual users

In this window, from the drop-down list you need to select the user who needs to configure access. Note that the contents of this list are generated by the system automatically as accounts are added to it (we talked about how to add and edit accounts earlier, in the relevant sections of this chapter). In addition to the names of accounts added to the system by the user, this list also contains the positions Everyone, Guest, Administrator, Network Entry, and HomeGroup, which are added to it by default.

After selecting a user, you need to click the Add button - as a result, his name will be displayed in the list, which is located just below. In the Permission level field, you need to select the permission level for given user in relation to this folder. You can choose one of two options:

Reading – in this case, the user will only have the right to view the contents of this folder.

Read and write - when choosing this option, the user will have the right not only to view, but also to edit the contents of this folder.

To remove a user from the list, select Remove for the user in the Permission level field. You should be careful when doing this because the program does not issue an additional request to confirm the deletion operation.

For the sharing settings to take effect, click the Sharing button in this window. Please note that the sharing process may take some time - this may depend on the number of users who have shared access to the folder, the performance and configuration of the computer, as well as other factors. After a while, an information message about granting sharing access to the selected folder will appear on the screen (Fig. 5.17).

Rice. 5.17. Information about sharing a folder

You can inform by e-mail other users that they have shared access to the folder - to do this, use the appropriate link. To view the contents of a directory you've shared, double-click its icon in the Individual Items box. To complete the operation, click Finish in this window.

IN in this example We shared a folder called Documents. In the window shown in Fig. 5.15, for this folder in the Sharing network files and folders area, the information No sharing is displayed. Once you share this folder, this information will change to show Shared. In addition, the network path to this folder will be shown, where other users on the local network can find it.

To switch to the advanced sharing settings mode, click on the Access tab (see Fig. 5.15) the Advanced settings button. In this case, a window will open on the screen, which is shown in Fig. 5.18.

Rice. 5.18. Advanced sharing setup

The settings in this window are editable only if the Share this folder box is selected. If you have previously shared access to this folder (as described above), then this checkbox will be selected by default. If the folder has not been shared until now, the checkbox will be unchecked by default, and you can set it yourself.

The name of the resource being shared appears in the Share Name field. In some cases, this value can be reselected from the drop-down list. You can add a new shared resource - to do this, click the Add button in this window. As a result, the add resource window will open (Fig. 5.19).

Rice. 5.19. Adding a Share

In this window, in the Shared resource field, enter the name of the shared resource using the keyboard, in accordance with the name under which it is stored on the computer. In the Description field, if desired, you can enter an additional description of the resource using the keyboard - for example, briefly describe its contents, etc.

Using the User Limit switch, you can determine the maximum valid number users who can simultaneously work with this resource. If the switch is set to the maximum possible position (this option is proposed to be used by default), then there will be no limit on the number of users - everyone who wants can access the resource at any time, regardless of whether someone is working with it at the moment or not. If the switch is set to no more than, then a field opens on the right for editing, in which the maximum number of users who can simultaneously work with this resource is indicated using the keyboard or using the counter buttons. In other words, if you do not want more than 3 users to work with your folder at the same time, set the Limit number of users switch to no more than, and enter the value 3 in the field located on the right.

The entry of a new shared resource is completed by clicking the OK button in this window. Using the Cancel button exits this mode without saving the changes made.

To delete a shared resource, select it from the drop-down list (see Figure 5.18) and click the Delete button. Be careful when doing this, as the program does not issue an additional request to confirm this operation.

In the Limit the number of simultaneous users to field (see Figure 5.18), you can limit the number of users who can simultaneously work with this resource. This option works in the same way as the User Limit switch in the New Share window (see Figure 5.19).

In the Note field, if necessary, you can enter or edit additional information of a random nature related to this shared resource.

Using the Permissions button, you switch to the mode for setting permissions for the selected resource. How to work in this mode was discussed above (see Fig. 5.13).

Using the Caching button (see Figure 5.18), you can determine which files and programs will be available to users outside the local network. When you press this button, the window shown in Fig. 1 opens on the screen. 5.20.

Rice. 5.20. Setting up offline mode

In this window, using the appropriate switch, you can open or block access to files and folders off the network. You can choose one of three options:

Offline, only user-specified files and programs are available;

Files and programs in this shared folder not available offline;

Outside the network, all files and programs opened by the user are automatically available.

By default, this switch is set to Offline: Only user-specified files and programs are available.

All settings made in the Advanced sharing settings window (see Figure 5.18) take effect after clicking OK or Apply. To exit this mode without saving the changes made, click Cancel.

One of the problems that parents are forced to solve is their child’s access to a computer and the Internet. How much time can a child spend in front of a monitor screen? How long is he allowed to play games? How to make your little user’s time on the Internet safe? Each family answers these and many other questions for itself.

However, the fact that the problem of parental controls has long been common is evidenced by the fact that tools for restricting access to applications, games and sites were included in Windows Vista. Similar tools have recently appeared in many comprehensive security applications, for example, Norton Internet Security and Kaspersky Internet Security. There are also special programs, intended solely for parental control. If a few years ago almost all of them were English-speaking, today it is not a problem to find an application developed specifically for Russian-speaking users, which undoubtedly indicates that there is a demand for such solutions.

Parental Controls in Windows Vista

If you are using on home computer Windows Vista, you can use built-in parental controls.

To do this, the child must have their own account created. It is clear that you do not need to assign administrator rights to it. Next, you need to go to the Control Panel and in the “User Accounts” section, click on the “Set parent controls” link. Next, you need to select the user for whom restrictions will be enabled, and in the “Parental Controls” group, set the switch to the “On” position.

Windows Vista makes it possible to control your child's computer use in four ways: limit the time he spends in front of the monitor screen, block access to certain sites and other Internet services, and prohibit the launch of certain games and programs.

In the “Restrictions on Internet Use” section, rules for a child’s access to Internet resources are established, and you can also prohibit downloading files.

Enabled by default average level protection, which includes a filter for sites dedicated to weapons, drugs, pornographic content and containing obscene language. By selecting a custom protection level, you can add to the prohibited categories sites about alcohol, cigarettes, gambling, as well as those sites whose content the filter cannot evaluate automatically. The most severe restrictions on web content occur when using high level protection, when a child can only visit sites that are identified by the filter as “children’s”.

Regardless of which content filtering mode is selected, you can create a black and white list of sites, that is, determine which resources a child can or cannot access, regardless of the automatic filter settings.

Since the filter does not always work, it is very useful to keep the activity tracking function turned on. In this case, Windows will save the addresses of all sites that the child viewed. If an unwanted address is found in the generated report, it can be added to the blacklist.

The time limit settings for computer use are very simple. There is a grid that looks like a school schedule, in which the parent indicates the hours during which access to the computer is prohibited for the child. Restrictions are set separately by day of the week.

In the "Games" section, restrictions on launching games are set. Let us note right away that you should not rely on this section of the settings, since Vista does not perceive some games as such, mistaking them for ordinary applications. The same applies to rating restrictions. In theory, you can specify a rating for games that a child cannot play, but in practice, a child may be running a game that won't be found in the Vista database.

That is why it is much safer to use the “Allow or block individual programs” section. It displays all the applications that are installed on the computer, and parents can mark those that the child is allowed to run. You can add a program to the list manually. This approach is good because the child will not be able to launch, for example, a new game that he borrowed from a classmate without showing it to you.

Parental controls in Kaspersky Internet Security

Parental controls can often be found in online safety apps. Let's take the Parental Control module in Kaspersky Internet Security 7 as an example.

When parental control is enabled, all users are assigned the “Child” profile and, accordingly, the restrictions set for it in the program settings are set.

The second profile - "Parent" - allows you to freely surf the Internet, without restrictions, without turning off parental controls. The first thing you need to do when setting up this module is to select the “Parent” profile and set a password for it. After this, you can turn off parental controls or switch to the “Parent” profile only after entering your password.

Using Kaspersky Internet Security 7, you can configure access rights to certain sites, mail and other Internet services. Parents can select categories of sites that the child will not be able to access, and prohibit his communication by mail and chats. In addition, you can create black and white lists of resources.

Another option for parental control is limiting the amount of time you can use the Internet. You can set a daily limit for staying on the Internet or set the hours during which you are allowed to use the Internet. However, unfortunately, there is no provision for changing these settings depending on the days of the week.

If a child tries to access a prohibited page, a message is displayed that the site is blocked.

All pages that are visited by a child when parental controls are enabled are recorded in the report.

Kaspersky Internet Security 7 does not have the ability to restrict computer work in general, but the program can be successfully used in conjunction with applications such as CyberMama.

CyberMama

Developer: Cybermama
Distribution size: 3 MB

"CyberMama", unlike Kaspersky Internet Security 7, allows you to control the time a child spends on the computer, but does not have tools for filtering web content.

After launching "CyberMom", the computer can operate in one of two modes - "parent" and "child". When you first start it, the “parent” mode is set and you can enter a password. It is this set of characters that will be used to unlock the computer after the time allotted for the child to work with it has expired.

Using "CyberMom" you can set restrictions on working with the computer, as well as prohibit the launch of certain applications.

The parameters responsible for time limits are quite flexible. A schedule is selected separately for working days, as well as for weekends and holidays. In the program settings there is a calendar in which you can mark all holidays. A very thoughtful decision, considering that each country has its own holidays.

Parents can decide how many hours a day the child can work on the computer, allow or prohibit the use of the Internet. In addition, you can allow the use of the PC only during certain periods of time, and for each of such periods, allow or deny access to the Internet.

Everyone knows that you need to take breaks while working at the computer, but not everyone adheres to this rule. Meanwhile, this is especially important for a child’s body. Using CyberMom, parents can set the frequency of breaks (for example, every 45 minutes) and their duration. During this time, the computer will be locked.

Regarding launching applications, “CyberMama” provides two modes of operation: when the child can launch all programs except those that are blacklisted, and when he can launch only those applications that are whitelisted.

When you switch to “child” mode, an alarm clock icon appears at the bottom of the screen. It shows the child how much time he can still use the computer. However, if desired, the child can disable it by right-clicking on the program icon.

The child can also look at his work schedule - how long he can still work, how long the break will last, etc.

Five minutes before the allowed time expires, a warning appears on the screen reminding you to save all documents.

When the program is running in "child" mode, it is impossible to close it from the task manager window - it immediately starts again. Attempts to turn time back are also unsuccessful. Moreover, if a child tries to do something similar, the strict “CyberMom” will immediately record these actions in a report, which the parents will then view. Rebooting does not help get rid of the program either - “CyberMama” remembers that the allowed time has already expired and blocks the computer immediately after startup.

KidsControl 1.6

Developer: YapSoft
Distribution size: 4.4 MB
Distribution: shareware

The purpose of KidsControl is to control the time a child spends on the Internet. The peculiarity of the program is that if a prohibited site is detected or an attempt is made to access the Internet at the wrong time, the child will not be able to load the web page. In other words, the program does not reveal itself in any way - it does not show any warning messages, does not say that the page is blocked, etc., it just displays in the browser empty page"Server not found."

KidsControl consists of two modules - the application itself, which is responsible for blocking sites, and the control panel. To enter the control panel, a code is used (yes, it’s a code, not a password). The control panel login window contains buttons from zero to nine, with which you can set the access code. This was done to prevent possible password interception by keyloggers.

The control panel provides several profiles - “child” and “no restrictions”; you can also set profiles for other family members. If a code is not entered when starting KidsControl, the program will start with the “child” profile; to switch to another profile, you need to enter a certain combination of numbers. The code for accessing the control panel and for activating the “without restrictions” profile and others are different things; each profile has its own combination of numbers for access.

For a child, KidsControl provides the following restrictions: a web filter by category, black and white lists of sites, a time limit on working on the Internet, and a ban on downloading certain types of files.

Despite the fact that the web filter, according to the developers, is based on a directory consisting of a million sites, our testing showed that it can hardly be relied on. By turning on all filter categories, which even included video and music sites, we freely opened resources from the first page Google search by request "mp3". Pages found for the query “porn” also opened without problems. Therefore, KidsControl is best used in conjunction with Kaspersky Internet Security 7, where the filters are more stringent.

Limiting work on the Internet by time works more correctly - during prohibited hours it is impossible to open a web page or even check email. However, the bad thing is that there is only the ability to create a work schedule, and it is impossible to set the total number of hours that a child can spend on the Internet per day.

Black and white lists work a little differently than in other programs. If you create a white list of sites, this will not mean that the child will be able to visit only these resources, just such pages will not be blocked. When creating a black and white list of sites, you can use the "*" symbol. For example, if you blacklist the string “*tube*”, then the child will not be able to access either Youtube, Rutube, or any other sites whose names contain this combination of characters. However, if you whitelist Youtube.com, it will not be blocked.

Finally, it is worth mentioning the restrictions on downloading different types of files. Our testing has shown that it works quite correctly, but it would be nice to add the ability to add prohibited file types manually. For example, KidsControl has the ability to block downloads ZIP files, but RAR archives can be downloaded without problems.

Time Boss 2.34

Developer: NiceKit
Distribution size: 1.6 MB
Distribution: shareware

Time Boss, as well as standard remedy Windows allows you to set account-based restrictions. The program window displays a list of all users who have access to the computer. For each account, you can define the account type - “Boss” or “Slave”.

Time Boss makes it possible to limit the time you use your computer, time spent on the Internet, and also create a list of prohibited programs and folders.

The tools for limiting work time are quite flexible - you can set how many hours the user can work per day or per week, specify the hours during which the computer can be used, and create a schedule by day of the week. There are also separate buttons for quickly adding bonus time for the current day or for the weekend.

Similar restrictions can be set for working on the Internet. It should be taken into account that by default the program perceives only Internet applications Internet browsers Explorer, Opera and Firefox, all others must be added manually in the program settings. True, there is a checkbox for automatic detection applications that use the Internet, but it's better to be safe.

One of interesting features Time Boss – the ability to set the time for using a specific application. With its help, you can limit the time your child spends playing computer games.

Time Boss allows you to set system limits. These include: a ban on using the system registry, control panel, task manager, changing the date and time, downloading files through Internet Explorer. In addition, you can disable the ability to search and run applications from the Start menu and set restrictions on access to disks.

Depending on the administrator's preferences, Time Boss can operate in one of two modes - normal and invisible. In the first, the user sees how much time is allotted for him to work by clicking on the icon in the taskbar, but in the “Invisible” mode the program does not reveal itself at all. To alert the user that the time limit has expired, you can enable alerts that will appear five minutes before the end of the allowed time. The warning can be displayed as a text message, picture, or as a system error.

A separate section – “Prizes” – is designed to add additional time to the user while working with the computer or the Internet. If you check the “Disable time limits” checkbox in the prize parameters, the user will be able to use the computer and the Internet, regardless of the set schedule.

Time Boss keeps detailed statistics of each user's work on the computer and presents it in a visual form. In the Log you can view all the actions performed by users, and it is possible to filter the logs. For example, only attempts to access prohibited sites or a list of running programs. In addition, statistics on computer and Internet use are provided in text and graphic form.

It is worth noting a very useful ability to create screenshots. Time Boss will take screenshots at set intervals, which can then be viewed in a log. For convenience, you can start a slide show by setting the time for each photo to be displayed on the screen.

However, it is necessary to take into account that by default, screenshots are saved in a very unreliable place - in the Screenshots folder, which is placed in the Time Boss installation directory. To prevent the users you are monitoring from discovering it, you should specify a more secure location and also deny everyone access to this folder.

Finally, it is worth noting that getting rid of Time Boss is very difficult - the program is not removed from Startup; when the process is completed, it immediately restarts. To unload it, you need to click the "Prepare for deletion" button in the settings.

Conclusion

Of course, children are sometimes much smarter than their parents, and there is probably no way to stop them from finding a way around the restrictions. Therefore, you should not rely entirely on programs for providing parental control; they will not replace conversations with mom and dad about the rules of behavior on the Internet and why you need a computer. On the other hand, they can become excellent educational assistants, and in combination with live communication about the benefits and harms of a computer, they can provide excellent results.