Strengthening Highlights and preventing student loopholes Follow

The Google Chrome landscape is constantly changing. This page summarizes recent changes to the Highlights installation guide that can be used to strengthen your existing Highlights installation.

In this article

• Important links
• Disable Incognito Mode For Students
• Restrict third party Apps or Extensions
• Prevent students from using Chrome Task Manager
• Prevent access to Chrome Developer Tools
• Prevent students from using multiple Google accounts 
• Force students to login to their Chrome Browser session
• Disable Guest Mode
• Prevent students connecting through non-school networks
• Prevent students from using bookmarklets

Important links

• Block interfering URLs
• Deploy the Highlights extension to managed PCs

Disable incognito mode for students

Hāpara Highlights functions through a Google Chrome extension. When Chrome is in incognito mode, the browser does not load any extensions. We recommend preventing students from being able to launch Chrome in Incognito Mode to ensure the Highlights extension is always loaded:

admin.google.com > Devices > Chrome Management > User & browser Settings

Search for the Incognito Mode drop-down menu and select the Disallow incognito mode option. This option can be applied to only student OUs, allowing teachers to utilize incognito mode.

Restrict third party apps or extensions

Some apps and extensions can be used to stop Highlights and other extensions from working correctly. Such apps and extensions need to be blocked. Hāpara strongly recommends blocking the following extensions:

• Chrome Apps and Extensions Developer Tool
• iChrome
• iChrome Tab
• Chromeo

The instructions on how to do this are here.

Prevent students from using Task Manager to end processes

Students can use the Chrome Task Manager to end processes - including the Highlights extension. Hāpara recommends disabling this ability via:

admin.google.com > Devices > Chrome management > User & browser settings

Search for Task Manager and set the policy to disable the ending of processes.

Turning on this setting for student domains will increase the robustness of Highlights in the face of student interventions.

This policy became available in August 2016 and applies to Chromebook devices running version 52 and above. This policy does not apply to Windows, Mac devices using a Chrome Browser.

Prevent students using developer tools to end processes

Students can use the Chrome Developer Tools to inspect, break and end processes - including the Highlights extension. Hāpara recommends disabling this ability via:

admin.google.com > Devices > Chrome Management > User & browser Settings

Search for Developer tools and set the policy to Never allow the use of built-in developer tools.

Turning on this setting for student domains will increase the robustness of Highlights in the face of student interventions.

Prevent students from using multiple Google accounts

To provide a consistent and positive Hāpara experience, it's important that policies set in the Google Admin Console apply to all students. Preventing students from signing into multiple Google accounts at once on their Chromebook will decrease avoidance of these set policies.

See the full article detailing how to prevent students from using multiple Google accounts here.

Force student Chrome Browser login by default

By default, students are able to log into other Google Accounts within the Chrome Browser. This can enable students to avoid visibility

Using the G Suite Admin Console, an administrator can set the policy to force students to log in to their browser:

 admin.google.com > Devices > Chrome Management > User & browser Settings

1. From the Admin console Home page, go to DevicesChrome.
2. Click SettingsUsers & browsers.
3. To apply the setting to all users and enrolled browsers, leave the top organizational unit selected. Otherwise, select a child organizational unit.
4. Go to Sign-in settings.
5. For Browser sign-in settings, select Force users to sign-in to use the browser.
6. Click Save.
   
   
   
   

Disable Guest Mode

Students can log in via Guest Mode and avoid Highlights visibility if this option is enabled. Hāpara recommends disabling Guest Mode for students via:

admin.google.com > Devices > Chrome Management > Device Settings

Search for the Sign-in Settings heading, and under the Guest Mode drop-down menu, select Disable guest mode.

Prevent students from connecting to non-school networks

Hāpara recommends IP restrictions when using Highlights, this allows visibility of student devices only while they're connected to the specified school networks.

However, if students connect to another network outside the specified IP ranges, like a guest network or personal WiFi hotspot, they may bypass Highlights visibility.

In the G Suite Admin console, you can configure your device policies to restrict network connectivity under Device Management > Network > General Settings.

See the full Google Restrict networks and network interfaces support article here

Preventing students from using bookmarklets

Google has recently released a change which will allow domain administrators to block users from using Bookmarklets in order to get around Hāpara Highlights. Bookmarklets are bookmarks stored in a web browser that contains JavaScript commands that add new features to an existing browser.

admin.google.com > Device Management > Chrome Management > URL Blacklist > Add 

Google implemented this update in April 2018 for Chromebook devices running Chrome OS version 73 and above. This policy does not apply to Windows, Mac or other devices. To update a student's Chromebook, please see the instructions here.