Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Advice For a Single Parent As Server Admin?

Posted by timothy on from the dinnertime-comments-on-traffic-sniffing dept.

Dragon_Eater, with "lots of experience setting up PCs and a passable knowledge of Linux but severely lacking in the server/client department," writes with a situation that probably faces a lot of parents: I want to set up three kids, 12, 14, and 15, with newer computers so they will stop fighting for time on the one ten-year-old Dell they share now. I can get the individual computers and a server put together without any problems, but the computer-handicapped single parent needs to be able to do the following via an simple application/web page: View client computer status, On/off, sleeping etc.; Deny Internet access, not LAN, just the web; Schedule time usage of computer, ex. 7 am to 10 pm on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes; and Apply some kind of firewall filter for blocking undesired web content. And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task; Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms. Given the lists above I am thinking about a Linux-based router/server machine and running Windows on the clients for game compatibility. I also know that a server and network boot client is possible but not sure where to start on that one."

21 of 618 comments (clear)

  1. One issue by Anonymous Coward · · Score: 1, Interesting

    One issue will be the specific games that they will be playing. If they require administrator access, you're going to have a big headache.

    Schedule time usage of computer, ex. 7 a.m. to 10 p.m. on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes

    If they don't get admin access, then you can do some of that with windows scheduler.

    1. Re:One issue by slashdot_commentator · · Score: 2, Interesting

      Only XP era games "need" administrator access.

      Learn to configure/administer virtualization. You control what gets on the box, and "never" have to worry about permanently hosing the machine, even if they have administrator privileges.

      Sounds like he needs a firewall machine to regulate internet access (But I can't think of any prepackaged firewall software that will not require work to configure/administer). He could order up win7 ultimate as a central server, doling out usage rights to the clients, managing access to the OS disk images.

      --
      There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
    2. Re:One issue by mysidia · · Score: 2, Interesting

      You can setup compatibility mode and run only the game as Administrator, without letting the user login as more than a Power User.

      Or use Filemon/Regmon. Figure out what files/registry keys the game needs Administrative control over and grant it only the permissions it needs.

      Also, run Windows 7, not XP. It has some backwards-compatibility features such as registry/file redirection which makes some things that required admin on XP not require admin on 7.

  2. I work for a public school by waspleg · · Score: 2, Interesting

    We use a program called SynchronEyes which does most of these things, allows you to see essentially thumbnails of what each machine is doing, see its status remote on/off etc. It's Windows only. I see they've changed their product. It's called SMART Sync now. I don't see pricing which is probably not good. Here's a link
    It's a pretty front end for VNC like functionality which would be free/oss but nowhere near as easily set up (but I'd wager largely what people will say since you specifically mention Linux and Windows and it works on both). I'm not really an expert on this part, but SychronEyes has worked well, after I added it to a custom Ghost image for that lab and set the clients to use hostnames instead of usernames for identification. It might be overkill for what you need though.

  3. Parental controls by pvera · · Score: 4, Interesting

    Both Windows 7 and OSX have parental controls that enforce usage times in a per-account basis, which apps can be run from these accounts, which sites can be accessed, etc. I have been using these with OSX (a good write up at http://theappleblog.com/2009/01/13/kid-proofing-a-mac-with-parental-controls/) with my 11-year old autistic boy and they couldn't be any simpler. He can only log into the machine at certain times, and I have the option to set a maximum session time per day. He can only run apps that I approve, and can go to sites only if I explicitly allow them. The bad news is that, at least in OSX, Firefox doesn't respect the parental control settings (Safari does it fine).

    I checked with Windows 7 and the parental controls seem to be pretty similar. More at http://www.microsoft.com/windows/windows-vista/features/parental-controls.aspx

    My only real annoyance is that Youtube doesn't have real content rating, which makes it a pain to filter properly. My son loves to make balloon sculptures and is always checking for new video tutorials, the problems is that while looking for these, he runs into the videos of the balloon popping fetishists. One second I am hearing a video explaining how to twist balloons into a roadrunner, next I hear a 300-pound woman in a bathing suit giggling and sitting on balloons to pop them. Gross.

    --
    Pedro
    ----
    The Insomniac Coder
  4. Re:Do this, ground your kids, make them Engineers by HungryHobo · · Score: 2, Interesting

    Absolutely!
    I learned more after my highschool outsourced it's computer network to some braindead company which had a preference for locking everything down than I did when it was an open network.

    I learned how to use the command line, I learned about proxies, I learned a hell of a lot of basic networking crap etc etc.

    Restrict the children but only such that they must learn to break their bonds!

  5. Linksys WRTG54L by Splab · · Score: 4, Interesting

    This does most of what you want out of the box.

    There is a nice admin interface where you can create profiles based on day of week, per MAC etc. Block certain keywords.

  6. Re:A good router by Anonymous Coward · · Score: 1, Interesting

    Buy a second hand intel mac. For most o what is described above the parental controls for access time and simplified interface and locked down doc are the best I have seen out of the box.
    Configure it for openDNS For filtering out the worst of the net content and just use a console system for games.

  7. Re:Do this, ground your kids, make them Engineers by luder · · Score: 2, Interesting

    Agreed. Once upon a time, my father forbid me to use our 486SX. At that time, it was common for computers to have a key switch (like this), which would prevent booting when locked. I got so pissed off I made a key out of the cap of a bic pen :-).

  8. Re:Do this, ground your kids, make them Engineers by Bert64 · · Score: 2, Interesting

    Create 2 networks - one that doesn't extend outside of a locked rack, and one that goes around the house... The former is the only one with direct internet access and accessing it from the latter requires using a vpn client...

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  9. Re:A good router by tepples · · Score: 2, Interesting

    The force log out could be done via router too, just deny internet.

    Denying Internet access won't block use of single-player video games and other non-networked applications unless they have that one company's DRM on them.

  10. What's with all of the criticism? by Riplakish · · Score: 3, Interesting

    Parents should be the ones making these decisions instead of the government (Australia anyone?). This goes to the heart of the argument regarding censuring content and who's responsibility it is to decide. Adults should be able to decide for themselves and parents should decide for their kids. It is up to each parent to decide what is and is not appropriate for their kids and to determine the best way to do it. Saying that the poster is enforcing fascist policies on his/her kids is the same argument that a government uses when trying to implement censorship laws on its citizens: you know what is better for them more than they do.

    As for the technical question: Most of what you want to implement can be done through an off-the-shelf router that has had the firmware flashed with DD-WRT. You can set up individual profiles for the MAC address of the kids laptops that limits the times that they can access the internet, and when you ground them you can disable access completely via their individual profile. It also has some VERY basic web filtering. You have to have/buy a router that is supported by DD-WRT, but you can get one pretty cheap. The ASUS 520GU is supported and it usually can be had at NewEgg for around $40. If want more robust web filtering you can set up a linux server and run Dan's Guardian & install Nagios for hardware monitoring.

  11. Re:A good router by peterofoz · · Score: 2, Interesting

    We use this approach in our house with teens using a Linksys router. I set up access permissions by MAC address for the kids computers. Our other computers use for work and my wife are all password protected. I disallow internet access between 11 pm and 6 am generally, and occasionally block some sites if they prove to be problematic. The computers run Vista and we use the basic internet filter provided to restrict content to porn sites (though this is inadequate). Parents have the right to inspect the computers at any time (plus we keep an eye on social sites and the router logs). The kids have a 6 page "Acceptable Use Contract" with us (their eyes went wide when they saw this) and we've had only 2 violations in several years where access was 100% denied for a week. In one case, I just shut off internet access without saying anything and left a new copy of the AUP on their bed. It took two weeks for that child to come to me to apologize and renew the contract. Earned trust is a powerful thing and they realize its cost when it is lost.

  12. Re:+200 informative by AndGodSed · · Score: 4, Interesting

    AND, to continue singing the praises of ClearOS as the perfect solution to the server/gateway side of OP's requirement, it includes among other thigs:

    - an email gateway/server
    - proxy server with content filtering
    - protocol filtering (mommy/daddy can limit those pesky torrents or set up time based filters to gaming servers) He could even give some protocols bandwidth priority at certain times of day - more gaming over weekends, more http at other times.
    - shared folders for users

    Heck there are tons of features, some not really needed but others perfect.

    and lots more. ClearOS would be the best to use, also there is an active forum where OP can ask for assistance, and $singleparent can sign on for help.

    Heck OP can log into the server remotely and assist with any issues requests that might show up.

    --

    Seven Days with Ubuntu Unity

  13. Re:A good router by Anonymous Coward · · Score: 1, Interesting

    If the single player game doesn't require connectivity, remote lockout and monitoring can be bypassed by unplugging the network cable.

  14. Re:The human factor by Dun+Malg · · Score: 2, Interesting

    One word: Padlock.

    I had my first lockpick set when I was 14. Padlocks, particularly the kind typical tightwad single parents used, were no barrier to me. For $10 a week I'd pick the lock to a guy's mom's bedroom, then pick the lock to her weed storage box so he and his friends could get high. It was easy money.

    --
    If a job's not worth doing, it's not worth doing right.
  15. Re:Do this, ground your kids, make them Engineers by Anonymous Coward · · Score: 1, Interesting

    Right on. And when they do, keep your cool. Ask them to explain how they did it. Let them know what an accomplishment this was. Ask them what was fun, or interesting, about it. Then support them as they try to do more, and in the process work out a deal where they buy in to your restrictions in exchange for supporting them instead of shutting them down.

  16. Re:Replacing good parenting with tech solutions .. by Anonymous Coward · · Score: 1, Interesting

    My family fixed this by keeping all the computers in the Living room. This meant that we never had to worry about late night computer us and it would just be a quick glance over a shoulder to see what they are up to.

  17. As an admin and a parent by ancientt · · Score: 2, Interesting

    As a parent and as also an admin who has to worry that co-workers will act like kids, I have both some experience and some tips in this area. The most important tip is to know your kids and care about them. Train them to be safe and teach them morals. With my kids, I use the motto: Trust but verify.

    1. Basic Security: The kids shouldn't have Administrator access, the bios needs a password you don't type in front of them and the boot sequence should be set to boot from hard drive first. They might still get around that security by moving drives around, so you may want tamper evident tape.
    2. Command line tools: go ahead and install an ssh server on the windows clients, but do it the easy way with something like sshwindows*. You don't really need it if you enable RPC, but it does come in handy, particularly in combination with unixutils* and Sysinternals*.
    3. Remote commands: I use winexe* and enable remote access services on the client machines. You can then run the shutdown command or pretty much any other command remotely. If you have set the boot password as required for startup, shutting the PC down is the same as locking it. I don't really recommend requiring a password for boot if you can avoid it since it is a pain, but if the situation calls for it, it is useful to know that you can. In most cases the bios will let you set a password for modification without requiring one for booting and this is usually much easier to work with, particularly when it comes to automatic updates that reboot.
    4. IP tables with static IPs: Since you have admin and they don't, you can set static IPs on the workstations pretty reliably which also allows you to use IP tables effectively to limit or control access.
    5. Logs and web control: If you use OpenDNS* and intercept DNS*, then you have pretty decent logs. If you use a transparent squid proxy in combination with strict IP tables rules, you can get really good logs. Beware of SSL proxies and VPNs.

    All this comes with a cost of your time and effort. The tools built into the typical router can do a lot of the work for you, but you give up some control. Also, consider your target audience, if your kids are bright teenagers, then they will look at ways around the system. They will almost certainly try to browse by IP or through proxies. If this is a potential issue, then you should also look at setting up a transparent squid proxy and blocking 443 and other ports for addresses not explicitly allowed.

    VNC: I didn't list VNC because I don't personally use it at the moment, but I have in the past and it can be a very useful tool. If you use it, I recommend you don't set it to run automatically, but rather start the service when you want to use it with remote commands. In a few cases I've done this so that I could monitor activity without any obvious indication.

    --
    B) Eliminate all the stupid users. This is frowned upon by society.
  18. Re:"I don't trust you" by Lemmy+Caution · · Score: 2, Interesting

    Why do I suspect you are much closer to being a kid than to having one?

    Restrictions can tell a kid "I give a fuck about you," not just "I don't trust you." A lack of restrictions can mean "I either don't give a shit about you or have given up." If a kid already has a dogged determination to see porn and shock sites, then yes, it's probably shutting the barn doors after the cows have gotten out. But that's seldom the issue.

  19. Re:Cheap DLink router. by wmelnick · · Score: 2, Interesting

    In any area where there is a neighborhood that will not work. We have some very good friends who are not particularly computer literate. I am very close with them and with their kids. They secured their router and put time restrictions and everythign else on them./ About a week later at 11pm I saw their middle daughter online and IM'd her "On the neighbor's router?" "Of course." I had a talk with the parents, took the kids' laptops for an afternoon. Explained to them that I now had logs of everything that was going on, just as I had done for my kids. I showed them quick excerpts from the logs. They have been good every since now that I am packet sniffing everything that goes on from within their own machines. I occasionally take a quick (and I do mean quick) look through all of the logs just to make sure that nothing particularly nasty has been happening. Aside from catching my son on porn sites, nothing really has. Ronald Reagan said it best: "Trust but verify". Kids get that. W