1 Windows Vista: Enabling Parental Controls in your Application Brian Trenbeath FUN304 Program Manager Microsoft Corporation
2 Why Parental Controls On Windows? Primary gateway for kids to the Internet Parents want child safety features on their computer Governments, Parent Groups, Media, Industry are all active in this space Microsoft and Windows at heart of the discussion
3 Basic Approach Goals: Help protect kids from bad people Help protect kids from bad content Guiding Principles: Give parents tools so that they know what activities their children are doing on the computer Give parents the tools to help decide what activities their children can do on the computer Provide controls to help kids form accidentally hitting ‘bad’ content Provide an extensible platform so that 3rd parties will be able to add value/improve upon the work we have done Non-Goals: Prevent ‘bad’ kids from doing ‘bad’ things Be the arbiter of what is appropriate content
4 Windows Parental Controls
5 Windows Parental Controls What users see Parental Controls Panel Logging and Activity Reporting Restriction Silos Time Limits Game Restrictions General Application Restrictions Web Restrictions 3rd Party Settings
6 Windows Parental Controls Building Blocks
7 Windows Parental Controls Restriction Areas Time Limits Game Restrictions General Application Restrictions Web Restrictions API’s available to tell you if an action is restricted All settings also available through WMI
8 Windows Parental Controls Time Limits
9 Mechanism used to enforce is a Fast User Switch (FUS) Can subscribe to a disconnect warning event Fires at ~15 minutes before and just before the forced FUS For example, multi-user programs, or programs that use audio may want to pay attention to this
10 Windows Parental Controls Game Restrictions Working in Beta 1
11 Parental Controls – Game Restrictions
12 Windows Parental Controls Game Restrictions Closely integrated with the Games Explorer GDF’s (Game Definition Files) contain ratings information Supported titles install their own GDF Windows will find about 2000 legacy titles Enforced 3 ways File System ACL’s ‘Insta-slam’ – process termination for legacy titles Supported titles self-check (VerifyAccess API)
13 Windows Parental Controls Game Restrictions – GDFs Game Definition File (GDF): An XML file, supplied by the ISV, which contains Game Explorer, Patching, and Parental Controls information for a specific title The GDF is a: Simple, easy-to-create XML file Simple, easy-to-create XML file Embedded as a localizable resource Embedded as a localizable resource Can reference other resources files Can reference other resources files Windows is planning a GDF Editor tool that will ship with DirectX SDK Simplify creation of GDFs Simplify creation of GDFs Allow a preview of what your Game Explorer view will look like Allow a preview of what your Game Explorer view will look like Ease in creating proper, localizable, resource DLLs Ease in creating proper, localizable, resource DLLs
14 Sample GDF File Will change prior to release (1/2) Meltdown 2005 Meltdown 2005 The Penultimate Game The Penultimate Game <ReleaseDate> </ReleaseDate><Version> <!-- (or otherwise you can use) --> --></Version> Action Action Adventure Adventure Life Simulation Life Simulation RPG RPG continued….
15 Sample GDF File Will change prior to release (2/2) <Ratings> </Rating> </Rating></Ratings>
16 Windows Parental Controls General Application Restrictions
17 Windows Parental Controls General Application Restrictions When turned on, only programs an Admin specifies are allowed to run Exceptions include: All binaries required for Windows to function All executables that register (using API) Games specified as being allowed under Games Restrictions Enforced using SRP “Software Restriction Policy” Prevents execution from all media (USB keys, floppies, etc.) Uses ‘path’ rules to specify programs that are allowed to run NTFS ACL ‘write’ permissions revoked from anything allowed to run
18 Windows Parental Controls Web Restrictions
19 Parental Controls – Web Restrictions
20 Windows Parental Controls Web Restrictions Windows Vista will ship, in box, with a free Web Content Filter service LSP implementation 3 types of interaction “Browser” applications Application ‘uses’ HTTP but not a browser Other Web Filter applications
21 Web Restrictions “Browser” applications If you are displaying HTML, you are a ‘browser’ Minimum Bar – Don’t need to change anything. Legacy browsers should work Sites blocked by our filter will return HTTP error code 450 “Blocked by Parental Controls” and an Error Page
22 Web Restrictions “Browser” applications We are monitoring all HTTP Get and Post requests Individual parts of web pages can be blocked (images, script, controls, etc..) Step above min bar support is to provide UI to describe ‘partial blocks’
23 Web Restrictions “Browser” applications
24 Web Restrictions “Browser” applications Windows Vista Supported browsers can also check a ‘Downloads allowed’ setting to allow/block file downloads Providing an API to request permission to view a blocked page Browsers can call this API to kick off a process where Toby can request access // Create the root WPC object // Create the root WPC object CComPtr spiWPC = NULL; HRESULT hr = spiWPC.CoCreateInstance(__uuidof(WindowsParentalControls)); if (SUCCEEDED(hr)) { CComPtr spiWPC = NULL; HRESULT hr = spiWPC.CoCreateInstance(__uuidof(WindowsParentalControls)); if (SUCCEEDED(hr)) { // Retrieve the Web settings object for our user SID // Retrieve the Web settings object for our user SID CComPtr spiWeb; CComPtr spiWeb; hr = spiWPC->GetWebSettings(m_pcszSID, &spiWeb); if (SUCCEEDED(hr)) { hr = spiWPC->GetWebSettings(m_pcszSID, &spiWeb); if (SUCCEEDED(hr)) { // Request the URL override for our single URL (we could also include sub-URLs if needed) // Request the URL override for our single URL (we could also include sub-URLs if needed) BOOL fChanged; hr = spiWPC->RequestURLOverride(pcszURL, 0, NULL, &fChanged); BOOL fChanged; hr = spiWPC->RequestURLOverride(pcszURL, 0, NULL, &fChanged); } } } }
25 Web Restrictions Applications that use HTTP Legacy apps should be potentially expecting a failure on any HTTP Get Windows Vista Supported applications can potentially special case the 450 – Parental Controls blocked error Windows Vista Supported titles can register themselves on an exception list – so that they are not filtered Take care using this option Need to install with admin privilege to get added to this list
26 Web Restrictions Other Web Filters Windows Vista supports running a single compliant Web Content filter at a time Other Web Content Filters can replace the in-box filter API called with (GUID, friendly name) to set who current filter is If your filter is not specified as the current filter, then you should not do filtering Clear setting on uninstall Parental Controls panel UI will be extensible to show who the current filter is
27 Web Restrictions Other Web Filters
28 Windows Parental Controls Parental Controls Panel Extensibility Will appear in the “Other parental controls” section of the control panel Information needed Launch URL Icon Display Name Secondary text
29 Windows Vista Parental Controls Logging and Activity Reports Parental Controls logs use Windows Eventing API’s Special Parental Controls channel defined Many events Windows Vista handle logging Many other events, need the application to do the logging IM events File download events Media playback events Other PC interesting events – channel is extensible
30 We Need Your Help Cannot make the computer safe without help from ISV’s Going to ask that Windows Vista supported software Log all ‘Parental Controls’ interesting events Ones defined in SDK New ones specific to your software Respect parental controls settings relevant to your software Place entry points to your own PC settings in the control panel
31 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.