The Google Chrome landscape is constantly changing. This page summarizes recent changes to the Highlights installation guide that can be used to strengthen your existing Highlights installation:
- Disable Incognito Mode For Students
- Restrict third party Apps or Extensions
- Chrome Task Manager
- Chrome Developer Tools
- Prevent students from using multiple Google accounts on their Chrome Device
- Prevent students from using multiple Google accounts within a Chrome Browser session
- Disable Guest Mode
- Prevent students connecting through non-school networks
- Preventing Students from using Bookmarklets
- Deploying Highlights Extension to Managed PCs
Disable Incognito Mode for Students
Hapara Highlights functions through a Google Chrome extension. When Chrome is in Incognito Mode, the browser does not load any extensions. We recommend preventing students from being able to launch Chrome in Incognito Mode to ensure the Highlights extension is always loaded:
admin.google.com > Device Management > Chrome Management > User Settings
Search for the Incognito Mode drop-down menu and select the Disallow incognito mode option. This option can be applied to only student OUs, allowing teachers to utilize Incognito Mode.
Some apps and extensions can be used to stop Highlights and other extensions from working correctly. Such apps and extensions need to be blocked. Hapara strongly recommends blocking the following extensions:
The instructions on how to do this are here.
Prevent students using Task Manager to end processes
Students can use the Chrome Task Manager to end processes - including the Highlights extension. Hapara recommends disabling this ability via:
admin.google.com > Device Management > Chrome Management > User Settings
Search for Task Manager and set the policy to disable the ending of processes.
Turning on this setting for student domains will increase the robustness of Highlights in the face of student interventions.
This policy became available in August 2016 and applies to Chromebook devices running version 52 and above. This policy does not apply to Windows, Mac devices using a Chrome Browser.
Prevent students using developer tools to end processes
Students can use the Chrome Developer Tools to inspect, break and end processes - including the Highlights extension. Hapara recommends disabling this ability via:
admin.google.com > Device Management > Chrome Management > User Settings
Search for Developer tools and set the policy to Never allow the use of built-in developer tools.
Turning on this setting for student domains will increase the robustness of Highlights in the face of student interventions.
Prevent students from using multiple Google accounts on their Chrome Device
Please see the full Support Article here detailing how to prevent students from signing into other Google Accounts whilst signed into their School Google account.
Prevent Students from logging into multiple users within a Chrome Browser session
By default, students are able to log into other Google Accounts within the Chrome Browser. This can enable students to avoid visibility
Using the G-Suite Admin Console, and Administrator can set policy to restrict which domain accounts a student can log in with:
admin.google.com > Device Management > Chrome Management > User Settings
- Search for the Sign-in Within the Browser heading
- Select Allow users to sign-in only to the G Suite domains set below
- Only specify the student domain if you would like students to only be allowed to login to School Accounts via the Chrome Browser
Note: You may also want to Prevent students from using multiple Google accounts on their Chrome Device
Students can log in via Guest Mode and avoid Highlights visibility if this option is enabled. Hapara recommends disabling Guest Mode for students via:
admin.google.com > Device Management > Chrome Management > Device Settings
Search for the Sign-in Settings heading, and under the Allow Guest Mode drop-down menu, select Do not allow guest mode.
Prevent students connecting to non-school networks
Hapara recommends IP restrictions when using Highlights, this allows visibility of student devices only while they're connected to the specified school networks.
However, if students connect to another network outside the specified IP ranges, like a guest network or personal Wi-Fi hotspot, they may bypass Highlights visibility.
In the G-Suite Admin console, you can configure your device policies to restrict network connectivity under Device Management > Network > General Settings.
See the full Google Restrict networks and network interfaces Support Article here
Preventing Students from using Bookmarklets
Google has recently released a change in which will allow domain administrators to be able to block users from being able to use Bookmarklets in order to get around Hapara Highlights. Bookmarklets are bookmarks stored in a web browser that contains JavaScript commands that add new features to an existing browser.
admin.google.com > Device Management > Chrome Management > URL Blacklist > Add
Google implemented this update in April 2018 for Chromebook devices running Chrome OS version 73 and above. This policy does not apply to Windows, Mac or other devices. To update a student's Chromebook, please see the instructions here.