1. Hapara Support
  2. For Hāpara administrators
  3. Managing Hāpara Highlights

Menu

Articles in this section

Strengthening Highlights and preventing student loopholes Follow

The Google Chrome landscape is constantly changing. This page summarizes G-Suite Policies that can be utilized to strengthen your existing Highlights installation:

 

In this article



Disallow incognito mode for students

Screen_Shot_2021-10-29_at_08.59.08.png

Hāpara Highlights functions through a Google Chrome extension. When Chrome is in incognito mode, the browser may not load extensions. We recommend disallowing students from being able to launch Chrome in Incognito Mode to ensure the Highlights extension always available.

admin.google.com > Devices > Chrome > Settings > Users & browsers > Incognito Mode

Search for Incognito Mode and select the Disallow incognito mode option. This option can be applied to only student OUs, allowing teachers to utilize incognito mode.

 



Prevent students from using Chrome task manager to end processes

Screen_Shot_2021-10-29_at_09.06.01.png

Students can use the Chrome Task Manager to end processes - including the Highlights extension. Hāpara recommends disabling this ability via:

admin.google.com > Devices > Chrome > Settings > Users & browsers > Task manager

Search for task manager and set the policy to Block users from ending processes with the Chrome task manager. This option can be applied to only student OUs, allowing teachers to utilize Chrome task manager.

This policy became available in August 2016 and applies to Chromebook devices running version 52 and above. This policy does not apply to Windows or Mac OS using a Chrome Browser.

 



Prevent students using developer tools to end processes

Screen_Shot_2021-10-29_at_09.08.57.png

Students can use the Chrome Developer Tools to inspect, break and end processes - including the Highlights extension. This policy can be valuable to enable if you have Coding or Computer science courses, so disabling it completely may not be the best option for your school, so Hāpara recommends allowing use except for force-installed extensions, at the least:

admin.google.com > Devices > Chrome > Settings > Users & browsers > Developer tools

Search for Developer tools and set the policy to Allow use of built-in developer tools except for force-installed extensions. This option can be applied to only student OUs, allowing teachers to utilize developer tools.

 



Force student Chrome Browser login by default

Screen_Shot_2020-01-31_at_16.42.28.png

By default, students are able to log into other Google Accounts within the Chrome Browser. This can enable students to avoid visibility

Using the G Suite Admin Console, an administrator can set the policy to force students to log in to their browser:

admin.google.com > Devices > Chrome > Settings > Users & browsers > Browser sign-in settings

  1. To apply the setting to all users and enrolled browsers leave the top organizational unit selected. Otherwise, select a student organizational unit.
  2. Locate Sign-in settings.
  3. For Browser sign-in settings, select Force users to sign-in to use the browser.
  4. Click Save.



Disable Browser Guest Mode

Screen_Shot_2021-10-29_at_09.19.41.png

Students can log in via Guest Mode and avoid Highlights visibility if this option is enabled. Hāpara recommends disabling Guest Mode for students via:

admin.google.com > Devices > Chrome > Settings > Users & browsers > Browser guest mode

Search for the Browser guest mode and set the policy to Prevent guest browser logins. This option can be applied to only student OUs, allowing teachers to utilize Browser guest mode.

 



Preventing students from using bookmarklets

Bookmarklets are bookmarks stored in a web browser that contain JavaScript commands that add new features to an existing browser. These can be configured to avoid Highlights extension detection.

admin.google.com > Devices > Chrome > Settings > Users & browsers > URL blocking

Screen_Shot_2019-04-09_at_12.03.42_PM.png

Google implemented this update in April 2018 for Chromebook devices running Chrome OS version 73 and above. This policy does not apply to Windows, Mac or other devices. To update a student's Chromebook, please see the instructions here.

 

 

 

Shared devices and Ephemeral mode

This policy config is really helpful if your school or district has shared devices. Ephemeral mode ensures that user data is not stored locally when the user logs out, preventing Chrome Browser caching overload, which can impact negatively on extension installation for new users logging in.

Screen_Shot_2021-10-29_at_11.30.03.png

admin.google.com > Devices > Chrome > Settings > Users & browsers > Force ephemeral mode

Search for the Force ephemeral mode and set the policy to Erase all local user data. This option can be applied to only student OUs, ensuring teacher's local browser data remains stored upon logout.

 

Block interfering URLs

Some URLs can be used to stop Highlights and other extensions from working properly. Hāpara highly recommends blocking these URLs via:

admin.google.com > Devices > Chrome > User & browser settings > Content > URL blocking > Blocked URLs

Screen_Shot_2021-01-20_at_9.09.18_AM.png

 

 

URL Reason to block

*/html/crosh.html

 Crosh is a Chrome Command Shell environment similar to Command Prompt on Windows or Terminal in macOS devices, which allows the user to execute commands directly from ChromeOS.

chrome://settings
chrome://os-settings
chrome://settings-frame
chrome://extensions

chrome://file-manager

chrome://camera-app

 Allows the user to change or modify Chrome browser and extension config

javascript://*

 Allows bookmarklets that contain JavaScript commands to manipulate Chrome Browser
www.holyubofficial.net

Example of an in-browser proxy, which students can utilize to bypass Chrome browser config

 

Be sure to click SAVE in the top right corner.

 

How to prevent students from using multiple Google accounts

To provide a consistent and positive Hāpara experience, it's important that policies set in the Google Admin Console apply to all students. Preventing students from signing into multiple Google accounts at once on their Chromebook will decrease avoidance of these set policies.
These Google policies are configured at an Administrator level, if you are a teacher and you have found multiple users logged into same device, please see this support article.
  1. Log into the G Suite Admin Console at admin.google.com
  2. From the Home page, click on Devices
  3. Click on Chrome Management
  4. Click on User & browser settings
  5. Select an OU containing your students
  6. Scroll to the User Experience heading
  7. Using the Multiple sign-in access drop-down menu, select the Block multiple sign-in access for users in this organization option

    Screen_Shot_2020-01-31_at_16.28.35.png
  8. At the top of the screen, click Save

It is also possible to restrict users from logging in to non school related Google accounts on school-owned Chromebooks. Personal Gmail IDs can lead to evasion of filtering and auditing of the Chromebook.

  1. Log into the G Suite Admin Console at admin.google.com
  2. Navigate to Devices > Chrome > Settings 
  3. Scroll down to Sign-in Settings > Restrict sign-in to pattern
  4. In the text box enter the domain you want to allow sign-ins from.

    For example, *@school.hapara.com will restrict logins to only school.hapara.org and prevent users from signing into accounts outside of this configuration.

Screen_Shot_2021-10-06_at_12.02.30.png

 

Additional Google device policies to consider

As an administrator, you also may want to prevent users from signing in to Google services using any accounts other than those you have provided them with (i.e. gmail.com). Please see the full Google article for more details, or read below:

To only allow users from specific domains to access Google services on devices running Chrome OS:

  1. Log into the G Suite Admin Console at admin.google.com
  2. From the Admin Console home page, go to Devices > Chrome management.
    If you don't see Devices on the Home page, click More controls at the bottom.
  3. Click User & browser settings.
  4. Select a student organizational unit.
  5. Go to User experience  > Sign-in to secondary accounts.
  6. Click the link to revert to the classic version of the Admin console.
  7. Go to User experience > Sign-in to secondary accounts.
  8. Select Block users from signing in to or out of secondary Google Accounts if you wish to restrict logins to the school email only.

    Screen_Shot_2020-01-31_at_16.32.40.png

  9. Otherwise, select Allow users to sign-in only to the G Suite domains set below if you would like to specify multiple domains students can log in to.
    (Optional) To see a list of your domains, click organization’s domains under the domain list box.
  10. Enter the list of all of your organization’s domains. If you don’t, your users might not have access to Google services.
    (Optional) To include other types of accounts, enter the following text in the list:
    • For consumer Google Accounts, such as @gmail.com and @googlemail.com, add consumer_accounts.
    • For authenticated service accounts, add gserviceaccounts.com.
  11. Click Save.

Also, consider setting additional device policies:

You may also want to Force students to login to their Chrome Browser session

 

 

 

 

Related articles