Set up Windows 10 user for children without online account [技術]
A PC with Windows 10 Home has arrived to my household after all these years, and I have to set up a user for my children.
In order to use "Parental Control" on Windows 10, the standard way is to use the "family group" feature, and to do so, a MS-affiliated email account is necessary. However, I did not want to create an online account just to let my children use the PC. So I did some research and decided to use "local account" that is not linked to any online accounts, and restrict usage by some means other than "family group".
Two main purposes of parental control are:
Create a local account
First thing first. You need to create a local account on Windows 10 for a child. Please search the net. For example, this is the description from Microsoft. Do not give Administrator privilege to the local account.
Restricting time of use
Next step is to restrict time of use for the account. This must be done from parent's accout with Administrator privilege, too.
Restricting access to particular web sites
Use a DNS service here. DNS is the internet version of phone book. It can convert the domain name like "blog.ss-blog.jp" into an IP address like "99.84.142.5" before connecting to the web site. We use the OpenDNS FamilyShield service that can filter out domain names for inappropriate sites and redirect such access to a different page.
Normally, DNS server information is configured automatically along with PC's IP address by DHCP at startup, but you can configure DNS server information manually. Since the DNS servers by OpenDNS FamilyShield are 208.67.222.123 and 208.67.220.123, you need to configure Windows to use these IP addresses for DNS. Configuration steps are described in this page. This operation must be performed using an account with Administrator privilege, too.
If the above page is difficult, there maybe more descriptive web pages out there with screen shots. In these examples, they typically use Google's DNS server, 8.8.8.8, but this time you need to configure 208.67.222.123 and 208.67.220.123.
Note that the DNS configuration is against network interfaces, so it will be applicable to all users of the PC, not just children. Also, if your PC has multiple network interfaces like WiFi + Ethernet, it is recommended that you configure the DNS servers for all the interfaces.
Confirmation
Once you have done all the above, try testing if all settings are correct by logging on using the child's account and access the web sites that should be blocked. Also test the time frame settings by trying to logon with the child's account outside of permitted timeframe.
In order to use "Parental Control" on Windows 10, the standard way is to use the "family group" feature, and to do so, a MS-affiliated email account is necessary. However, I did not want to create an online account just to let my children use the PC. So I did some research and decided to use "local account" that is not linked to any online accounts, and restrict usage by some means other than "family group".
Two main purposes of parental control are:
- Restrict time of use
- Restrict access to particular web sites
Create a local account
First thing first. You need to create a local account on Windows 10 for a child. Please search the net. For example, this is the description from Microsoft. Do not give Administrator privilege to the local account.
Restricting time of use
Next step is to restrict time of use for the account. This must be done from parent's accout with Administrator privilege, too.
- Run Command Prompt in Administrator's mode.
In the Search Box at the lower left part of the screen, enter "command", and Command Prompt should show up in the search result. Right clich the Command Prompt and you will see "Run as administrator". Click it. - In the Command Prompt, execute "net use /times" command to configure time of use for the local account.
You cannot restrict total amount of time of use per day with this command, but you can configure the time frame in which your children can use the PC for each day of the week. For example, in order for user "michael" to be able to use the PC from Monday to Sunday between 7AM to 9PM, run the command as follows:
See Microsoft's page for details.C:\Windows\system32>net user michael /times:m-su,7am-9pm
- In order to confirm the result of the above command, execute "net user" command without /times option.
C:\Windows\system32>net user michael User name michael Full Name Comment User's comment Country/region code 000 (System Default) Account active Yes Account expires Never Password last set 2021/05/15 18:54:13 Password expires Never Password changeable 2021/05/15 18:54:13 Password required No User may change password Yes Workstations allowed All Logon script User profile Home directory Last logon 2021/05/16 12:14:17 Logon hours allowed Sunday 7:00:00 - 21:00:00 Monday 7:00:00 - 21:00:00 Tuesday 7:00:00 - 21:00:00 Wednesday 7:00:00 - 21:00:00 Thursday 7:00:00 - 21:00:00 Friday 7:00:00 - 21:00:00 Saturday 7:00:00 - 21:00:00 Local Group Memberships *Users Global Group memberships *None The command completed successfully.
Restricting access to particular web sites
Use a DNS service here. DNS is the internet version of phone book. It can convert the domain name like "blog.ss-blog.jp" into an IP address like "99.84.142.5" before connecting to the web site. We use the OpenDNS FamilyShield service that can filter out domain names for inappropriate sites and redirect such access to a different page.
Normally, DNS server information is configured automatically along with PC's IP address by DHCP at startup, but you can configure DNS server information manually. Since the DNS servers by OpenDNS FamilyShield are 208.67.222.123 and 208.67.220.123, you need to configure Windows to use these IP addresses for DNS. Configuration steps are described in this page. This operation must be performed using an account with Administrator privilege, too.
If the above page is difficult, there maybe more descriptive web pages out there with screen shots. In these examples, they typically use Google's DNS server, 8.8.8.8, but this time you need to configure 208.67.222.123 and 208.67.220.123.
Note that the DNS configuration is against network interfaces, so it will be applicable to all users of the PC, not just children. Also, if your PC has multiple network interfaces like WiFi + Ethernet, it is recommended that you configure the DNS servers for all the interfaces.
Confirmation
Once you have done all the above, try testing if all settings are correct by logging on using the child's account and access the web sites that should be blocked. Also test the time frame settings by trying to logon with the child's account outside of permitted timeframe.
コメント 0