1. Hapara Support
  2. For Hāpara administrators
  3. Managing Hāpara Highlights

Menu

Articles in this section

Strengthening Highlights and preventing student loopholes Follow

Hapara Support
  • Updated

The Google Chrome landscape is constantly changing. This page summarizes G-Suite Policies that can be utilized to strengthen your existing Highlights installation:

 

In this article

 

Disallow incognito mode for students

Screen_Shot_2021-10-29_at_08.59.08.png

When Chrome is in Incognito mode, the browser may not load Chrome extensions or student student may be able to avoid signing in to their school Google account.

admin.google.com > Devices > Chrome > Settings > User & browser settings > Incognito Mode

Search for Incognito Mode and select the Disallow incognito mode option.

This option can be isolated to student OUs, allowing staff to use incognito mode.

 

 

Prevent students from using Chrome task manager to end processes

Screen_Shot_2021-10-29_at_09.06.01.png

The Chrome Task Manager can be users to end Chrome processes, including the Highlights extension.

admin.google.com > Devices > Chrome > Settings > User & browser settings > Task manager

Search for task manager and set the policy to Block users from ending processes with the Chrome task manager.

This option can be isolated to student OUs, allowing staff to use Chrome task manager.

Note: This Chrome policy does not apply to Windows or Mac OS using a Chrome Browser.

 

 

Prevent students from using developer tools to end processes

Screen_Shot_2021-10-29_at_09.08.57.png

Chrome Developer Tools can be used to modify, break and end processes, including the Highlights extension. This policy can be valuable to enable if you have Coding or Computer science courses and disabling it completely may not be the best option for your school. Hāpara recommends allowing use except for force-installed extensions, at the least:

admin.google.com > Devices > Chrome > Settings > User & browser settings > Developer tools

Search for Developer tools and set the policy to Allow use of built-in developer tools except for force-installed extensions

This option can be isolated to student OUs, allowing staff to use developer tools.

 

 

Force Chrome Browser login and restrict sign-in pattern

Untitled drawing.jpg

By default, students can log in to other Google Accounts within the Chrome Browser. We recommend forcing users to sign-in to the browser, and your Google Admin can restrict sign-ins to school email addresses if required also.

admin.google.com > Devices > Chrome > Settings > User & browser settings > Browser sign-in settings

  1. To apply the setting to all users and enrolled browsers leave the top organizational unit selected. Otherwise, select a student organizational unit.
  2. Locate Sign-in settings.
  3. For Browser sign-in settings, select Force users to sign-in to use the browser.
  4. Click Save.

    Optional:     Specify config for Restrict sign-in to pattern to restrict logins further.
    For example, the value .*@hapara\.com restricts sign in to accounts in the hapara.com domain.

    Google Chrome sync should also be configured as 'On for everyone'.

 

 

Disable Browser Guest Mode

Screen_Shot_2021-10-29_at_09.19.41.png

Guest Mode can be used like Incognito Mode to avoid logging into a school account. Hāpara recommends disabling Guest Mode for students via:

admin.google.com > Devices > Chrome > Settings > User & browser settings > Browser guest mode

Search for the Browser guest mode and set the policy to Prevent guest browser logins.

This option can be isolated to student OUs, allowing staff to use Browser guest mode.

 

 

Preventing students from using bookmarklets

Bookmarklets are bookmarks stored in a web browser that contain JavaScript commands to modify or inject snippets of code into the Browser.

admin.google.com > Devices > Chrome > Settings > User & browser settings > URL blocking

Screen_Shot_2019-04-09_at_12.03.42_PM.png

Search for the URL Blocking and add javascript://* as a blocked URL.

Google implemented this update in April 2018 for Chromebook devices running Chrome OS version 73 and above. This policy does not apply to Windows, Mac or other devices. To update a student's Chromebook, please see the instructions here.

 

 

Block interfering URLs

Some URLs can be used to stop Highlights and other extensions from working properly. Hāpara highly recommends blocking these URLs via:

admin.google.com > Devices > Chrome > Settings > User & browser settings > URL blocking

Screen_Shot_2021-01-20_at_9.09.18_AM.png

URL Reason to consider blocking

*/html/crosh.html

Crosh is a Chrome Command Shell environment which allows the user to execute commands directly from ChromeOS.

Similar to Windows Command Prompt (CMD) and Mac OS Terminal.

chrome://extensions*
chrome://settings*
chrome://os-settings*
chrome://settings-frame*
chrome://flags*
chrome://file-manager*
chrome://network*
chrome://net-internals*
chrome://process-internals*
chrome://serviceworker-internals*
chrome://kill*
chrome://hang*
chrome://restart*

Allows the user to change or modify Chrome browser config, including settings that can disable extensions and functionality.

NOTE - blocking these URLs may impact on Chrome functionality, so if unsure, please reach out to our support team for clarification.

javascript:*
data://text/html*
devtools://

 Allows bookmarklets or other code injections that contain JavaScript commands to manipulate Chrome Browser
www.holyubofficial.net

Example of an in-browser proxy, which students can utilize to bypass Chrome browser config
Be sure to click SAVE in the top right corner after making any changes.

 

 

Shared devices and Ephemeral mode

This policy config is really helpful if your school or district has shared devices. Ephemeral mode ensures that user data is not stored locally when the user logs out, preventing Chrome Browser caching overload, which can impact negatively on extension installation for new users logging in.

Screen_Shot_2021-10-29_at_11.30.03.png

admin.google.com > Devices > Chrome > Settings > User & browser settings > Force ephemeral mode

Search for the Force ephemeral mode and set the policy to Erase all local user data.

This option can be isolated to student OUs, ensuring staff browser data remains stored upon logout.

 

 

How to prevent students from using multiple Google accounts

To provide a consistent and positive Hāpara experience, it's important that policies set in the Google Admin Console apply to all students. Preventing students from signing in to multiple Google accounts at once on their Chromebook will decrease avoidance of these set policies.

These Google policies are configured at an Administrator level, if you are a teacher and you have found multiple users logged into same device, please see this support article.

admin.google.com > Devices > Chrome > Settings > User & browser settings > Multiple sign-in access

Select the Block multiple sign-in access for users in this organization option and click Save.

Screen_Shot_2020-01-31_at_16.28.35.png

 

 

Prevent spamming of Bookmark links

We are aware of scenarios where students can spam a Bookmark link by clicking it repeatedly in quick succession, which may break out of a Highlights Guided Session. It is possible to disable the Bookmark bar which prevents students from exploiting this workaround, but still allows bookmarks to be opened from the Top menu.

admin.google.com > Devices > Chrome > Settings > Users & browsers > Bookmark bar
Recommended: Search for the Bookmark Bar and set the policy to Disable Bookmark bar.

Optional: A Google Admin can also specify a list of bookmarks to further Manage Bookmarks.

admin.google.com > Devices > Chrome > Settings > Users & browsers > Bookmark bar
Configure a specific list of bookmarks to push out for students.

admin.google.com > Devices > Chrome > Settings > Users & browsers > Bookmark editing
Disable Bookmark Editing prevents students from editing saved bookmarks.

Note: These options can be isolated to student OUs, allowing staff access to the Bookmark bar.

Related articles