Hey interesting dilemma but seriously, preventing a user living at the home with access to the network, that's determined to access internet after hours is virtually impossible... 

 
 Couple items to consider though would be as follows:

> how is the user accessing the "network adapter" in the PC?

> What happens if the PC or device access the internet for presumably unapproved activity is put away at bedtime?

> If you're referring to Firewall rules, its possible to whitelist only approved devices and block others but why bother?

> Most of the time a good password prevents unauthorized access but its unclear if that's what you're referring to by "unknown" devices

> Is the gateway config settings secured by strong password, as its certainly doable to block all traffic after a certain hour as well.

 Just a couple ideas here. Good luck and thanks for posting.

As stated earlier, anyone with physical access to your network who also knows the login credentials will have access to the network.  There is no easy solution, other than making such infractions have serious enough repercussions that they will not violate the rules of when they can and cannot use the internet. 

Hello there @ospreyhawk!  I'd agree with the above comments- no easy way around this- however via the XFi App you do have the capability of pausing unknown or unassigned devices easily- in the App, hover over to the Connect Tab, then you'll see a listing of currently connected devices- these are identified by their physical name or by their MAC Address. simply click on the device and select Pause/ pause until I unpause. If he has changed the MAC address multiple times already you'll likely see duplicates.  The article below goes over all of our Xfi customization rules also. 

https://www.xfinity.com/support/articles/personalize-customize-hnetwork-xfi