Strengthening Highlights and preventing student loopholes Follow
The Google Chrome landscape is constantly changing. This page summarizes G-Suite Policies that can be utilized to strengthen your existing Highlights installation:
In this article
- Incognito mode
- Chrome task manager
- Chrome developer tools
- Force Chrome Browser login and restrict sign-in pattern
- Multiple Google accounts
- Browser Guest Mode
- Prevent bookmarklets
- Block interfering URLs
- Shared Devices and Ephemeral Mode
- Prevent spamming of Bookmark links
- Chrome multiple desktops
Disallow incognito mode for students
When Chrome is in Incognito mode, the browser may not load Chrome extensions or student student may be able to avoid signing in to their school Google account.
admin.google.com > Devices > Chrome > Settings > User & browser settings > Incognito Mode
Search for Incognito Mode and select the Disallow incognito mode option.
This option can be isolated to student OUs, allowing staff to use incognito mode.
Prevent students from using Chrome task manager to end processes
The Chrome Task Manager can be users to end Chrome processes, including the Highlights extension.
admin.google.com > Devices > Chrome > Settings > User & browser settings > Task manager
Search for task manager and set the policy to Block users from ending processes with the Chrome task manager.
This option can be isolated to student OUs, allowing staff to use Chrome task manager.
Note: This Chrome policy does not apply to Windows or Mac OS using a Chrome Browser.
Prevent students from using developer tools to end processes
Chrome Developer Tools can be used to modify, break and end processes, including the Highlights extension. This policy can be valuable to enable if you have Coding or Computer science courses and disabling it completely may not be the best option for your school. Hāpara recommends allowing use except for force-installed extensions, at the least:
admin.google.com > Devices > Chrome > Settings > User & browser settings > Developer tools
Search for Developer tools and set the policy to Allow use of built-in developer tools except for force-installed extensions
This option can be isolated to student OUs, allowing staff to use developer tools.
Force Chrome Browser login and restrict sign-in pattern
By default, students can log in to other Google Accounts within the Chrome Browser. We recommend forcing users to sign-in to the browser, and your Google Admin can restrict sign-ins to school email addresses if required also.
admin.google.com > Devices > Chrome > Settings > User & browser settings > Browser sign-in settings
-
To apply the setting to all users and enrolled browsers leave the top organizational unit selected. Otherwise, select a student organizational unit.
-
Locate Sign-in settings.
-
For Browser sign-in settings, select Force users to sign-in to use the browser.
-
Click Save.
Optional: Specify config for Restrict sign-in to pattern to restrict logins further.
For example, the value .*@hapara\.com restricts sign in to accounts in the hapara.com domain.
Disable Browser Guest Mode
Guest Mode can be used like Incognito Mode to avoid logging into a school account. Hāpara recommends disabling Guest Mode for students via:
admin.google.com > Devices > Chrome > Settings > User & browser settings > Browser guest mode
Search for the Browser guest mode and set the policy to Prevent guest browser logins.
This option can be isolated to student OUs, allowing staff to use Browser guest mode.
Preventing students from using bookmarklets
Bookmarklets are bookmarks stored in a web browser that contain JavaScript commands to modify or inject snippets of code into the Browser.
admin.google.com > Devices > Chrome > Settings > User & browser settings > URL blocking
Search for the URL Blocking and add javascript://* as a blocked URL.
Google implemented this update in April 2018 for Chromebook devices running Chrome OS version 73 and above. This policy does not apply to Windows, Mac or other devices. To update a student's Chromebook, please see the instructions here.
Block interfering URLs
Some URLs can be used to stop Highlights and other extensions from working properly. Hāpara highly recommends blocking these URLs via:
admin.google.com > Devices > Chrome > Settings > User & browser settings > URL blocking
URL | Reason to consider blocking |
*/html/crosh.html |
Crosh is a Chrome Command Shell environment which allows the user to execute commands directly from ChromeOS. Similar to Windows Command Prompt (CMD) and Mac OS Terminal. |
chrome://extensions |
Allows the user to change or modify Chrome browser config, including settings that can disable extensions and functionality. NOTE - blocking these URLs may impact on Chrome functionality, so if unsure, please reach out to our support team for clarification. |
javascript://* |
Allows bookmarklets that contain JavaScript commands to manipulate Chrome Browser |
www.holyubofficial.net |
Example of an in-browser proxy, which students can utilize to bypass Chrome browser config |
Shared devices and Ephemeral mode
This policy config is really helpful if your school or district has shared devices. Ephemeral mode ensures that user data is not stored locally when the user logs out, preventing Chrome Browser caching overload, which can impact negatively on extension installation for new users logging in.
admin.google.com > Devices > Chrome > Settings > User & browser settings > Force ephemeral mode
Search for the Force ephemeral mode and set the policy to Erase all local user data.
This option can be isolated to student OUs, ensuring staff browser data remains stored upon logout.
How to prevent students from using multiple Google accounts
These Google policies are configured at an Administrator level, if you are a teacher and you have found multiple users logged into same device, please see this support article.
admin.google.com > Devices > Chrome > Settings > User & browser settings > Multiple sign-in access
Select the Block multiple sign-in access for users in this organization option and click Save.
Prevent spamming of Bookmark links
admin.google.com > Devices > Chrome > Settings > Users & browsers > Bookmark bar
Optional: A Google Admin can also specify a list of bookmarks to further Manage Bookmarks.
admin.google.com > Devices > Chrome > Settings > Users & browsers > Bookmark bar
admin.google.com > Devices > Chrome > Settings > Users & browsers > Bookmark editing
Note: These options can be isolated to student OUs, allowing staff access to the Bookmark bar.