The following tips will help maximize the online safety and productivity of your students. We will demystify the Google Apps for Education Admin Console, providing you with the tools to successfully optimize your school’s 1:1 program and edtech experience. Taken from Best Practices to Shape & Secure Your 1:1 Program for Chromebooks.
The Google Apps cloud-based policy, simplified:
- Device Settings (Steps 1-3)
- User Settings (Steps 4-13)
Chrome Device Settings
1. Enroll Your Device
To enroll a Chromebook into the school policy, make sure the device is first enrolled into the enterprise policy by keeping the “Allow devices to enroll automatically” setting turned ON for organizational units requiring admin management. Students can then login without admins needing to individually login to each of these devices.
2. Deactivate Guest Mode
Restrict Guest Mode to better audit student activity. Otherwise, through a guest account, students can use the Chromebook without the district user policy in place.
3. Limit Sign-in Access
This allows students to use only their given school account for browsing the web, ensuring thorough auditing.
Chrome User Settings
4. Display Acceptable Use Policy (AUP) Upon Startup
Via “Pages to Load on Startup” in settings, schools can set their Acceptable Use Policy as the first thing students see upon opening a browser. This serves to remind students of proper online conduct, digital citizenship best practices, and any other school policies they are bound by.
5. Set Policy Refresh Rate to 30 Minutes
Select the minimum 30 minutes for time between policy refreshes to guarantee your students’ Chromebooks are updating with each new admin console change.
6. Enable Safe Browsing & Malicious Sites Protection
Choose “Always enable Safe Browsing” and “Prevent user from proceeding anyway to malicious sites” to protect your students from phishing and sites that involve platform independent vulnerabilities (identity theft, financial theft, password theft, etc).
Take Home Policy – If the Chromebooks leave school with the students, there are two ways to secure the devices: a web filter proxy or a Chromebook extension. Both solutions intercept and police network traffic to and from the devices.
7a. Change Proxy Settings for Take Home Policies
Arrange settings to point to your filter’s Proxy Autoconfiguration (PAC) file. The PAC files allow you to control what traffic should be proxied.
7b. Deploy Pre-installed Apps and Extensions
Using the “Manage pre-installed apps” wizard, search for the filtering extension of your choice on the Chrome Web Store, and deploy it to the organizational units that will take the devices home.
8. Block Apps and Extensions
Blocking all apps and extensions will prevent students from later installing games and other time-sinks.
9. Auto-authorize Plugins
Certain plugins require authorization from the students before they install or initialize. However, in accordance with the whitelisting approach of only letting admin-installed plugins run, admins can auto-authorize requests so they are never presented to students.
10. Save Browser History and Disable Incognito Mode
Keep browser history turned ON for a complete report of online student activity. Disallow incognito mode – it bypasses pre-installed security apps and can be used to evade the district filtering policy.
11. Turn Google Safe Search ON
If your district’s web filter does not support Safe Search for Google, apply this setting to enforce safe search directly via the Chrome policy. Note: this safe search setting only applies to Google. However, a variety of safe search websites are available for student use and some web filters are capable of enforcing safe search on multiple platforms.
12. Disable Developer Tools
Developer tools can be used to circumvent district policy or gain unfair advantage over other students by reverse engineering of edtech applications that transmit insecure data or have confidential information hidden away in the code.
13. Restrict Chrome:// URLs
Disable chrome://extensions and chrome://settings. Chrome://extensions allow students to start/stop extensions. Chrome://settings and other chrome://addresses provide settings or information unnecessary to students.
For more security tips and best practices, sign up below: