Hi
My GF life abroad and I cant manange her Device in Person after shipping to her. In Windows it is possible with an separate Account and (at least in W7 back then) I could lock Windows that much down to avoid that a User (back then my Parents for example) even see Settings or even open anything who is not "permit" by me. Sure inside the Software like Open Office the could do manythings bad.
In Win there are many Software who could allow me to remote Monitor a Device if something bad happen. Even behind a Firewall, Router,... in a Hotel for example. Yes I try to get into Raspberry Pi OS but its not that User friendly.
My GF should use the Notebook only for Study and not to install any crap like my mom install every sht to here Smartphone and wonder why its run so slow.
My W7 boot faster than her Smartphone... ...
So which OS can I lock down very easy to avoid that my GF do something bad?
Are there something like the Reg in an Linux OS? I am know a little about Linux but not such detail thinks.
Thanks!

Set a root password, and don't give it to her. Then she will have access only to her home/user directory. She will not be able to install anything to the root of the system or edit files in the root of the system.

You can modinfy sudo to prevent her from sdding software if you choose a distro using sudo.

Thanks for replay.
How about:
- an Update do the need Root Access?
- an Update for a 3rd Party Software like Skype, Open Office, Firefox?
Is there an Software who allow me to connect remote without an VPN Client to install Software for example?

(Sorry everyone I dont want to be rude but I will try if I can run W10. For me who is not familiar with an Linux Distro Its a littlebit difficult help her remotly.)

Yes, and yes, you need root access or sudo to install and update software.

Although, to clarify: you should ensure that she is not an "administrative" user – that is to say, in Linux parlance, "a member of the 'wheel' group.'" Such a user could gain "root privileges" using her own login password. Via, e.g., sudo su.

Basically – just be sure that the user is capable of doing whatever she needs to do with the computer, and isn't capable of "gaining 'root' privileges," whether or not(!) she intended to do so. As long as the user isn't a member of "wheel" (as in: "big wheel" ...), you're all set.

Maintain for yourself a separate userid from which you can conveniently maintain the system for her.

- - -

P.S.: In all of the systems that I maintain – "Linux or otherwise" – there is always only one obscurely-named userid which has "godly privileges," and I never use it on a daily basis. Instead, I rigorously practice the "principle of least privilege." "My everyday user accounts can't do sh&t ..."

You've been a member here for *SEVEN YEARS*, and you're saying that you "know a little about Linux"?? What do you need to manage on your girlfriends laptop that she can't do for herself?? Teamviewer works just fine for such things, but if you are claiming to not know Linux, then why don't you just use Windows to do what you're comfortable with??

"Especially when it comes to girlfriends" ... ... "just get it done."

Bonus points (ahem ...) for "making it look easy ..."

I have created a mngr account on my Linux systems (with a mngr group).
It has the ability to manage some of the software because it owns them as (mngr:mngr).
The mngr cannot change the root install.

Packages that I add are compiled using mngr, such that the binaries are owned by mngr.
If you are installing a created package to system directories, then that must be done
by root, but the files remain owned by mngr. This allows mngr to manage them, but users cannot
change them.

A user on this system cannot change the mngr installed files, nor the root installed files.

The system does not care who owns files in the system directories.

You can also install program files into other directories, or even a user bin directory.
The directory just has to be in the search path set up by profile (see .profile and /etc/profile).
Such as: PATH="~/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
At one time, there was an /opt directory, and some optional packages were installed there.
The search PATH included "/opt".

Note: that the user can also install some software in their home directory, and the system
will use it in preference to the root install. It checks the home directory first.

If you have a Linux distribution that uses a management system, then that usually requires root privilege
to manage. I cannot speak for all of those, as they may have any option they wish.
Library packages, I suspect, must be installed using root, due to the way they are found.

Linux also comes with SSH, which allows remote management of the system.
Both the target system and the host system must be setup with the same
port address, target identification, and permissions, for it to work.
I move the default SSH port to something different just to make it more secure.

I have used it to manage another computer, but sometimes I find it easier to
just go up there and have direct access, such as when installing off of a portable hard drive.

Otherwise you move files around using pro-ftp, then apply them using a SSH login.
The pro-ftp must be setup with permissions and port too.

The ssh daemons must be running on the target machine, and it needs to be started by the boot,
because an unpriv user cannot make it useful. On Slackware, this is in
"/etc/rc.d/rc.sshd".

The target machine will run the sshd daemon.
The user will run "ssh".
There is also ssh-agent running, for holding keys, but you should not need to bother with that.

SSH is a command line utility. There is a way to extend that to have a remote-desktop, but I have not bothered with that.

Login to root (or a sufficiently priv mngr) using ssh can start the proftp daemon when necessary.

I have also created a special user for remote managing, just so I do not have
to login to root on the target machine. I only switch to root after I figure out what
I need to do. This also allows me to leave management files around in its home directory.


See:
>> man ssh
>> man sshd
>> man ssh-agent
>> man proftpd

There does not seem to be a SSH howto. However, there are several HOWTO
that use SSH to do something.
>> ls /usr/doc/Linux-HOWTOs

Why do you want to do this ? Did GF ask for help ? If not, doing that will cause you a whole lot of pain.

If you want to do something, I would teach GF how to create regular backups and reset the system.