This disclosure relates to enforcing resource restrictions in an environment.
Users may often have associated resource restrictions on a computer device, such as a personal computer or other computing device. Typically these resource restrictions are associated with a user identifier. For example, a parent may limit the availability of applications, such as an e-mail client and web browser, on a home computer for a child by associating resource restrictions with the child's user identifier. When the child logs onto the computer with his or her user identifier, the web browser and e-mail client is not available. Likewise, a workgroup administrator may limit the availability of resources on a business computer for certain employees. For example, a software development company may limit file sharing and/or access to particular development tools for employees according to the employees' user profiles.
Restrictions may be circumvented if the restriction is predicated on preventing the generation of a system call for the resource. Thus, if a user determines how to generate the system call for a restricted resource, the user can have access to the resource. For example, a browser application can be restricted for a user by a restriction program that inhibits the generation of menu items, desktop icons and dock icons for launching the browser application. However, if the user clicks on a web address in an HTML enabled document in a word processing program, the word processing program can generate a system call to launch the browser application, thus circumventing the restriction.