Preventing Bypass on Windows
After you've connected your Windows device to your Content Policy, the next step is to enforce that connection.
To ensure the Content Policy is not intentionally or unintentionally bypassed on a Windows computer, consider combining multiple approaches.
Enforcing the App
The best way to connect a PC to your Content Policy is using the provided app. Here are some methods you can use to enforce the app.
App Preferences
You can configure a few preferences in your Tech Lockdown dashboard to lock some of the settings in the app. For example, you can lock the filter switch or prevent logout.
App Preferences
Set App Preferences on the Tech Lockdown Dashboard
Set App Preferences on the Tech Lockdown Dashboard to ensure your Content Policy is always enabled.
Prevent Uninstall
Restricting access to uninstalling programs on Windows can help enforce the program that keeps your PC connected to your Content Policy.
Bypass Prevention
How to Enforce a Program on Windows and Prevent Uninstall
Prevent a program, such as an application that blocks content, from being uninstalled and deleted by a user on Windows PCs.
Lock Task Manager
Restricting access to task manager can help you prevent bypass from ending a process.
Bypass Prevention
Block Access to Task Manager
How to restrict access to Task Manager on Windows to prevent common content filtering bypass techniques.
Backup DNS Settings
We recommend connecting to your Content Policy with multiple approaches so that if one method fails the PC falls back to the other connection method. You can use DNS settings as a fallback for if the app is bypassed.
Router DNS Settings
If you are using a PC on a home internet connection, pointing a router to your Content Policy will allow the PC to automatically connect to your content policy without any additional configuration.
Content Policy
Point a Router to your Content Policy
Point your home router to your Content Policy so that devices using your WiFi or ethernet connection use a filtered internet connection.
Windows DNS Settings
In addition to your Windows PC inheriting your router's connection to your Content Policy, you can also directly connect it by manually configuring the PCs network settings. The advantage to this approach is if the router fails to connect to the content policy, your PC will still maintain its connection.
You can change DNS settings on your windows device to still maintain a connection to your filter if the client is disabled. There are two important drawbacks to consider when using this method:
- You will have to configure DNS settings for each Wi-Fi network you want to change DNS for.
- Without the WARP client enabled, your DNS Content Policy won't be able to differentiate your windows machine by email address. Any rules that you've set to apply to a specific user on that device won't apply on that device until the WARP client is re-enabled.
To point your Windows machine's DNS to your Content Policy:
Open Settings > Network & Internet.
Click on your current network adapter. In most cases, this will be found near the top:
You should see a list of options for your device. Scroll down to the DNS server assignment item and click Edit.
You should get a pop-up window like this:
Use the dropdown to choose manual:
Copy/paste the information from your Tech Lockdown dashboard. This information can be found by going to Install > Config.
Restrict Access to Settings
The blocking application that we recommend helping achieve this is called the Cold Turkey blocker. You can use this application to block windows containing a certain title. With this approach, you can create a block that restricts access to windows with the title "Settings."