Newly Released: Device Config Generator

Tech Lockdown Team

|

Updated April 11, 2025

If you're trying to block adult content on Apple devices, you probably know numerous loopholes that must be considered to prevent content blocking from being bypassed.

Fortunately, our newly released Device Config Generator can customize Mac and Supervised iPhone devices to protect certain settings and reliably block unwanted content.

Web Content Filtering

Tech Lockdown users are familiar with using a Content Policy to block millions of websites based on rules that specify categories or keywords. This blocking approach works on the network of the device via DNS or VPN connection. 

Our new Device Config Generator adds in an additional level of blocking that works alongside the content policy and will make your blocking system even more effective.

This is a website blocking method that works even while using a VPN . If a user is able to get around the connection to your content policy, the blocking layer should still work.

Auto Filter Adult Content

Apple devices have a built-in adult content filter that examines page content to determine if it has adult content. The Device Config Generator locks this on and prevents the user from disabling it from the device.

URL Filtering

You can specify a website blocklist that includes full page URLs. This lets you precisely target what you want to block, allowing you to access some pages on a website but not others. 

If you specify a website domain, like facebook.com, then this will completely block facebook .

URL filtering works in all browsers on iOS:

And across all supported browsers on Mac.

Locking on SafeSearch Browser Settings

Search engines like Google and Bing can be used to discover content that you'd likely want to restrict. For example, the image and video search feature can be problematic.

Most search engines provide a SafeSearch feature that filters out explicit content. By default, SafeSearch preferences can be toggled freely:

You can use the device config generator to force on the safesearch setting .

This protects the SafeSearch setting at the browser-level so that it is locked on.

SafeSearch is being set with the browser settings, not using DNS safesearch enforcement

Protecting DNS Settings

A common way to get around content filtering is to configure the DNS settings on the device or browser to point to a service that doesn't block content. Fortunately, you can use the Device Config Generator to reliably enforce the use of specific DNS settings.

For both Mac and iOS, you can force the device to use the DNS settings that connect to your Content Policy  by enabling the option in the device config editor.

Once protected DNS settings are added to the device, it's not possible to switch to different DNS settings from the device itself. 

DNS settings are locked to the ones you specified in the device config editor

The managed DNS settings will apply on both Wi-Fi and cellular networks, and can only be disabled by removing the config file.

Restricting Built-in Browser DNS Settings

On Mac computers, DNS settings can also be specified in the browser. Even if your computer's DNS settings are pointed to your content policy , a user could customize built-in DNS settings within the web browser to point away from content filtering.

Fortunately, you can use the device config generator to disable the built-in DNS settings in web browsers so that your preferred DNS settings are enforced.

These settings can now be disabled across multiple browsers at once:

This setting cannot be changed because it is restricted by the device config generator

Restricting Browser Extensions

On Mac computers, browser extensions (sometimes called plugins or add-ons) can be added to web browsers like Google Chrome, Brave Browser, Microsoft Edge, and Mozilla Firefox to add new functionality or integrations with popular services. For example, a password manager is a common browser extension.

The downside of extensions is that they might open up loopholes in your content blocking system. As a result, you need to prevent unauthorized browser extensions from being installed.

There are two approaches that we provide:

1. Block specific browser extensions
2. Only allow approved browser extensions

The most comprehensive approach is to only allow approved browser extensions. With this method, you can block all extensions by default but whitelist specific extensions.

If an extension isn't added to this list, it will be blocked entirely and can't be added or enabled in the web browser.

However, approved browser extensions can still be added and used normally.

Comprehensive App Restrictions for iPhone

If you want to effectively block apps on an iPhone , our device config generator provides the most reliable approach.

There are two approaches to app blocking:

1. Blocklist approach: specify a list of disallowed apps while allowing all other apps to be downloaded.
2. Allowlist approach: specify a list of approved apps while blocking any apps that aren't on the list. This is the most comprehensive app blocking approach.

With the blocklist approach, you can now specify a maximum app age rating to quickly block thousands of apps. This approach is almost as comprehensive as the allowlist approach, while giving you the flexibility to freely add apps as needed.

Our max app age rating selector shows examples of apps that would be blocked based on selected age rating

In addition, you can create your own blocklist or allowlist of apps by using our app search to create your own list:

You can even block the app store while still allowing apps to automatically update.

Facilitating Transparent Web Browsing

If you're trying to block porn  or deal with other addictive behaviors involving the internet, it can be helpful to prevent users from hiding how they are using the internet. 

Disable Deleting Browser History

For example, browsing history can be deleted fairly easily on most browsers:

You can prevent deleting browser history with the device config generator:

This removes the option to clear browsing history:

<br>

Disabling adding new profiles and the guest profile

Web browsers allow you to switch between profiles or start a guest browsing session (which doesn't save browsing history). 

You can remove the ability to add new profiles and browsing as a guest entirely. 

Disable Private Browsing, Incognito Mode

Incognito mode or private browsing could be used to introduce new weaknesses in a blocking system. 

We recommend disabling "Allow Browser Private Windows" in the device config editor:

This prevents incognito/private windows in supported web browsers.

This applies to Google Chrome, Microsoft Edge, and Brave Browser.

Disabling VPNs, Proxies, and Tor Browsing on Mac

Many browsers could change VPN, Proxy, or DNS settings that bypass filtering. Many of these features can be disabled with the device config generator.

For example, in the Brave Browsers, it's normally possible to both Browse with Tor and use the Brave VPN:

You can comprehensively disable these VPN, Proxy, and tor browsing features with a single toggle in the device config generator:

<br>

Remove web results from Spotlight Search

If you use the search feature on macOS and iOS, images are often included in the results.

Web results might not be filtered in spotlight, or could provide other loopholes.

You can use our config generator to toggle off Allow Spotlight to show results from the internet:

This will remove the embedded results from Spotlight and also prevent this setting from being re-enabled by the user.

It also works on iPhone:

Prevent a Factory Reset

A Factory Reset will clear all settings on a device.

However, you can restrict this option and prevent it from being used and return an error instead:

If you want to ensure that your device can't be reset, then make sure to toggle off the Erase Content and Settings option.

You can also apply this same restriction to your supervised iPhone:

Disable a web browser on Mac

You might want to ensure that a specific browser can't be used on a Mac computer and have trouble blocking it properly.

It's possible to instead disable the browser.

Disabled web browsers can still be opened on your Mac, but they are impossible to use:

<br>

Restrict User Creation and Guest Mode on Mac

Typically, Admin accounts have full control over users and groups, including permission to add new users.

However, it is possible to remove the option to add new users...

...or log in as a guest user on the Mac entirely.

The guest user toggle cannot be clicked

Ensure that you've toggled off Creating New Users and Mac Guest Account:

Protect Login and Background Items on Mac

Some enforcement tools work in the background and need to be enabled at startup on a Mac. 

Login items are typically used to run background tasks, like a content filter.

Login items can now be completely protected in the System Settings application:

login items can't be accessed and disabled.

Restrict Access to Screen Time on Mac

Changing screen time features could cause some interference with other policy settings.

It's possible to completely hide the Screen Time panel on the System Settings application:

Ensure that Screen Time is disabled in the device config editor to hide Screen Time.