Setting G Suite for Education Policies: Step 3 (Best practices) Follow

 

Block interfering URLs

Some URLs can be used to stop Highlights and other extensions from working properly. Hāpara highly recommends blocking these URLs via:

admin.google.com > Devices > Chrome Management > User & browser settings > Content > URL blocking > URL blacklist

Screen_Shot_2019-09-24_at_2.02.39_PM.png

 

 

URL Reason to blacklist

*/html/crosh.html

Chrome Shell Terminal lets the user manipulate Chrome

chrome://settings
chrome://os-settings
chrome://settings-frame

Lets user change Chrome settings
   

Be sure to SAVE CHANGES in the top right corner.

 

Prevent Students Using Task Manager to End Processes

Students can use the Chrome Task Manager to end processes - including the Highlights extension. Hāpara recommends disabling this ability via:

admin.google.com > Devices > Chrome Management > User & browser settings

Search for "Task manager" and set the policy to disable the ending of processes. This policy does not apply to Windows or Mac devices using a Chrome Browser.

Turning on this setting for student domains will increase the robustness of the Highlights product in the face of student interventions. 

 

Prevent Students Using Developer Tools to End Processes

Students can use the Chrome Developer Tools to inspect, break and end processes - including the Highlights extension. Hāpara recommends disabling this ability via:

admin.google.com > Devices > Chrome Management > User & browser settings

Search for "Developer tools" and set the policy to "Never allow use of built-in developer tools". 

Turning on this setting for student domains will increase the robustness of the Highlights product in the face of student interventions. 

 

Prevent Students Using ChromeVox to access Incognito Mode

A weakness in ChromeVox allows students to access Incognito Mode even if this mode has been disabled. Hāpara recommends blocking this weakness via:

admin.google.com > Device Management > Chrome Management > Device Settings

Search for "Turn off accessibility settings on sign-in screen upon logout" and enable this setting.

Enabling this setting for student domains will increase the robustness of Highlights in the face of student interventions. 

 

Preventing Students from using Bookmarklets

Google has recently released a change in which will allow domain administrators to be able to block users from being able to use Bookmarklets in order to get around Hapara Highlights. Bookmarklets are bookmarks stored in a web browser that contains JavaScript commands that add new features to an existing browser.

admin.google.com > Device Management > Chrome Management > URL Blacklist > Add 

Screen_Shot_2019-04-09_at_12.03.42_PM.png

Google implemented this update in April 2018 for Chromebook devices running Chrome OS version 73 and above. This policy does not apply to Windows, Mac or other devices. To update a student's Chromebook, please see the instructions here.

 

Prevent students from using multiple Google accounts

To provide a consistent and positive Hapara experience, it's important that policies set in the Google Admin Console apply to all students. Preventing students from signing into multiple Google accounts at once on their Chromebook will decrease avoidance of these set policies.

See the full article detailing how to prevent students from using multiple Google accounts here.

 

Force student Chrome Browser login by default

By default, students are able to log into other Google Accounts within the Chrome Browser. This can enable students to avoid visibility

Using the G-Suite Admin Console, and Administrator can set policy to force students to log in to their browser:

 admin.google.com > Devices > Chrome Management > User & browser Settings

  1. Search for the Browser sign-in settings
  2. Select Force users to sign-in to use the browser:

    Screen_Shot_2020-01-31_at_16.42.28.png

 

Prevent students connecting to non-school networks

Hapara recommends IP restrictions when using Highlights, this allows visibility of student devices only while they're connected to the specified school networks.

However, if students connect to another network outside the specified IP ranges, like a guest network or personal Wi-Fi hotspot, they may bypass Highlights visibility.

In the G-Suite Admin console, you can configure your device policies to restrict network connectivity under Device Management > Network > General Settings.

See the full Google Restrict networks and network interfaces Support Article here

Screen_Shot_2018-09-25_at_11.50.23_AM.png

 

 

 

◀ Step 2  ◉      Next 

 

Highlights Installation Guide
1. Setting G Suite for Education Policies (Viewing) 6. Shared Device Best Practices (Optional) 
2. Pushing Out the Student Extension  7. Privacy: Time/IP Restrictions 
3. Verifying Student Extension Connectivity  8. Enabling Highlights 
4. Network Access/Whitelisting  9. Highlights Browser Compatibility  
5. G Suite for Education Device Settings (Option)   

 

Have more questions? Submit a request