What Advice For a Single Parent As Server Admin? 618
Dragon_Eater, with "lots of experience setting up PCs and a passable knowledge of Linux but severely lacking in the server/client department,"
writes with a situation that probably faces a lot of parents:
I want to set up three kids, 12, 14, and 15, with newer computers so they will stop fighting for time on the one ten-year-old Dell they share now. I can get the individual computers and a server put together without any problems, but the computer-handicapped single parent needs to be able to do the following via an simple application/web page: View client computer status, On/off, sleeping etc.; Deny Internet access, not LAN, just the web; Schedule time usage of computer, ex. 7 am to 10 pm on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes; and Apply some kind of firewall filter for blocking undesired web content. And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task; Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms.
Given the lists above I am thinking about a Linux-based router/server machine and running Windows on the clients for game compatibility. I also know that a server and network boot client is possible but not sure where to start on that one."
One issue (Score:1, Interesting)
One issue will be the specific games that they will be playing. If they require administrator access, you're going to have a big headache.
Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes
If they don't get admin access, then you can do some of that with windows scheduler.
I work for a public school (Score:3, Interesting)
We use a program called SynchronEyes which does most of these things, allows you to see essentially thumbnails of what each machine is doing, see its status remote on/off etc. It's Windows only. I see they've changed their product. It's called SMART Sync now. I don't see pricing which is probably not good. Here's a link [smarttech.com]
It's a pretty front end for VNC like functionality which would be free/oss but nowhere near as easily set up (but I'd wager largely what people will say since you specifically mention Linux and Windows and it works on both). I'm not really an expert on this part, but SychronEyes has worked well, after I added it to a custom Ghost image for that lab and set the clients to use hostnames instead of usernames for identification. It might be overkill for what you need though.
Re:One issue (Score:3, Interesting)
Only XP era games "need" administrator access.
Learn to configure/administer virtualization. You control what gets on the box, and "never" have to worry about permanently hosing the machine, even if they have administrator privileges.
Sounds like he needs a firewall machine to regulate internet access (But I can't think of any prepackaged firewall software that will not require work to configure/administer). He could order up win7 ultimate as a central server, doling out usage rights to the clients, managing access to the OS disk images.
Parental controls (Score:5, Interesting)
Both Windows 7 and OSX have parental controls that enforce usage times in a per-account basis, which apps can be run from these accounts, which sites can be accessed, etc. I have been using these with OSX (a good write up at http://theappleblog.com/2009/01/13/kid-proofing-a-mac-with-parental-controls/ [theappleblog.com]) with my 11-year old autistic boy and they couldn't be any simpler. He can only log into the machine at certain times, and I have the option to set a maximum session time per day. He can only run apps that I approve, and can go to sites only if I explicitly allow them. The bad news is that, at least in OSX, Firefox doesn't respect the parental control settings (Safari does it fine).
I checked with Windows 7 and the parental controls seem to be pretty similar. More at http://www.microsoft.com/windows/windows-vista/features/parental-controls.aspx [microsoft.com]
My only real annoyance is that Youtube doesn't have real content rating, which makes it a pain to filter properly. My son loves to make balloon sculptures and is always checking for new video tutorials, the problems is that while looking for these, he runs into the videos of the balloon popping fetishists. One second I am hearing a video explaining how to twist balloons into a roadrunner, next I hear a 300-pound woman in a bathing suit giggling and sitting on balloons to pop them. Gross.
Re:Do this, ground your kids, make them Engineers (Score:3, Interesting)
Absolutely!
I learned more after my highschool outsourced it's computer network to some braindead company which had a preference for locking everything down than I did when it was an open network.
I learned how to use the command line, I learned about proxies, I learned a hell of a lot of basic networking crap etc etc.
Restrict the children but only such that they must learn to break their bonds!
Linksys WRTG54L (Score:5, Interesting)
This does most of what you want out of the box.
There is a nice admin interface where you can create profiles based on day of week, per MAC etc. Block certain keywords.
Re:A good router (Score:1, Interesting)
Buy a second hand intel mac. For most o what is described above the parental controls for access time and simplified interface and locked down doc are the best I have seen out of the box.
Configure it for openDNS For filtering out the worst of the net content and just use a console system for games.
Re:One issue (Score:2, Interesting)
You can setup compatibility mode and run only the game as Administrator, without letting the user login as more than a Power User.
Or use Filemon/Regmon. Figure out what files/registry keys the game needs Administrative control over and grant it only the permissions it needs.
Also, run Windows 7, not XP. It has some backwards-compatibility features such as registry/file redirection which makes some things that required admin on XP not require admin on 7.
Re:Do this, ground your kids, make them Engineers (Score:3, Interesting)
Agreed. Once upon a time, my father forbid me to use our 486SX. At that time, it was common for computers to have a key switch (like this [made-in-china.com]), which would prevent booting when locked. I got so pissed off I made a key out of the cap of a bic pen :-).
Re:Do this, ground your kids, make them Engineers (Score:3, Interesting)
Create 2 networks - one that doesn't extend outside of a locked rack, and one that goes around the house... The former is the only one with direct internet access and accessing it from the latter requires using a vpn client...
Re:A good router (Score:3, Interesting)
The force log out could be done via router too, just deny internet.
Denying Internet access won't block use of single-player video games and other non-networked applications unless they have that one company's DRM on them.
What's with all of the criticism? (Score:4, Interesting)
Parents should be the ones making these decisions instead of the government (Australia anyone?). This goes to the heart of the argument regarding censuring content and who's responsibility it is to decide. Adults should be able to decide for themselves and parents should decide for their kids. It is up to each parent to decide what is and is not appropriate for their kids and to determine the best way to do it. Saying that the poster is enforcing fascist policies on his/her kids is the same argument that a government uses when trying to implement censorship laws on its citizens: you know what is better for them more than they do.
As for the technical question: Most of what you want to implement can be done through an off-the-shelf router that has had the firmware flashed with DD-WRT. You can set up individual profiles for the MAC address of the kids laptops that limits the times that they can access the internet, and when you ground them you can disable access completely via their individual profile. It also has some VERY basic web filtering. You have to have/buy a router that is supported by DD-WRT, but you can get one pretty cheap. The ASUS 520GU is supported and it usually can be had at NewEgg for around $40. If want more robust web filtering you can set up a linux server and run Dan's Guardian & install Nagios for hardware monitoring.
Re:A good router (Score:3, Interesting)
Re:+200 informative (Score:5, Interesting)
AND, to continue singing the praises of ClearOS as the perfect solution to the server/gateway side of OP's requirement, it includes among other thigs:
- an email gateway/server
- proxy server with content filtering
- protocol filtering (mommy/daddy can limit those pesky torrents or set up time based filters to gaming servers) He could even give some protocols bandwidth priority at certain times of day - more gaming over weekends, more http at other times.
- shared folders for users
Heck there are tons of features, some not really needed but others perfect.
and lots more. ClearOS would be the best to use, also there is an active forum where OP can ask for assistance, and $singleparent can sign on for help.
Heck OP can log into the server remotely and assist with any issues requests that might show up.
Re:A good router (Score:1, Interesting)
If the single player game doesn't require connectivity, remote lockout and monitoring can be bypassed by unplugging the network cable.
Re:The human factor (Score:3, Interesting)
One word: Padlock.
I had my first lockpick set when I was 14. Padlocks, particularly the kind typical tightwad single parents used, were no barrier to me. For $10 a week I'd pick the lock to a guy's mom's bedroom, then pick the lock to her weed storage box so he and his friends could get high. It was easy money.
Re:Do this, ground your kids, make them Engineers (Score:1, Interesting)
Right on. And when they do, keep your cool. Ask them to explain how they did it. Let them know what an accomplishment this was. Ask them what was fun, or interesting, about it. Then support them as they try to do more, and in the process work out a deal where they buy in to your restrictions in exchange for supporting them instead of shutting them down.
Re:Replacing good parenting with tech solutions .. (Score:1, Interesting)
My family fixed this by keeping all the computers in the Living room. This meant that we never had to worry about late night computer us and it would just be a quick glance over a shoulder to see what they are up to.
As an admin and a parent (Score:3, Interesting)
As a parent and as also an admin who has to worry that co-workers will act like kids, I have both some experience and some tips in this area. The most important tip is to know your kids and care about them. Train them to be safe and teach them morals. With my kids, I use the motto: Trust but verify.
All this comes with a cost of your time and effort. The tools built into the typical router can do a lot of the work for you, but you give up some control. Also, consider your target audience, if your kids are bright teenagers, then they will look at ways around the system. They will almost certainly try to browse by IP or through proxies. If this is a potential issue, then you should also look at setting up a transparent squid proxy and blocking 443 and other ports for addresses not explicitly allowed.
VNC: I didn't list VNC because I don't personally use it at the moment, but I have in the past and it can be a very useful tool. If you use it, I recommend you don't set it to run automatically, but rather start the service when you want to use it with remote commands. In a few cases I've done this so that I could monitor activity without any obvious indication.
Re:"I don't trust you" (Score:3, Interesting)
Why do I suspect you are much closer to being a kid than to having one?
Restrictions can tell a kid "I give a fuck about you," not just "I don't trust you." A lack of restrictions can mean "I either don't give a shit about you or have given up." If a kid already has a dogged determination to see porn and shock sites, then yes, it's probably shutting the barn doors after the cows have gotten out. But that's seldom the issue.
Re:Cheap DLink router. (Score:2, Interesting)