How to Bulk Create, Export and Update Google Classrooms

With the powerful auditing functionalities of GAT+, G Suite Super Admins can create and update their Google Classrooms across their school district without difficulty. Before we start make sure you have enabled Classroom APIs.

Steps to create new Classrooms

1. Enter the Course Audit area.

2. Click on the Export data button which on the right-hand side of the page to export a Google Spreadsheet of all of the existing classrooms or you can use the Apply custom filter (funnel icon) button to filter for specific classrooms.

3. When the exported Spreadsheet appears, enter it, find an empty row at the bottom of the existing data and then fill in the following fields:

  • Name (Name of Google Classroom) – Mandatory Field
  • Created By (Usually email of teacher) – Mandatory Field
    • You must enter only one email address in the Created By field.

Optional Fields:

  • Description
  • Join Code
  • Section
  • Room
  • Aliases
  • Teachers (separate emails with a comma)
  • Students (separate emails with a comma)
  • State (ACTIVE, ARCHIVED)

DO NOT modify any of these fields in the spreadsheet.

  • ID (when creating new classrooms, keep ID blank, if a classroom already has an ID do not modify it.) This field is handled automatically by GAT+.
  • It’s not necessary to create or modify the Created (date field). This field is handled automatically by GAT+.

4. Once you have finished filling in the information for the new classroom close the Spreadsheet tab.

5. Now import the spreadsheet by clicking the Import data button.

6. Once you have selected the correct Google Spreadsheet from the list, it will show you a preview of what actions will be performed. In the below example you can see the type of import is a CREATE action which means a new classroom will be created.

7. After you are happy with these details click on the Accept button. Once the operation is carried out you should see a message stating whether the operation was successful. The dialog box will appear at the top right corner of the screen.

Steps to update existing Classrooms

1. Apply a custom filter (funnel icon) and search for the classrooms you want to take action on.

2. Use the Search Operators provided to narrow down or limit the classrooms returned. In the below screenshot I’m searching for ARCHIVED classrooms created after May 1st.

3. After applying the filter, export the results to the Google Spreadsheet:

4. When the Spreadsheet is produced, click to view it.

5.  In the below example, I edited the NAME of a classroom, I made it ACTIVE.

DO NOT modify or edit the following fields:

  • ID (when updating a classroom, keep the ID as it is) This field is handled automatically by GAT+.
  • Created (date field). This field is handled automatically by GAT+.
  • Created By – Usually, this is an email address of the teacher or super admin who created the Google Classroom.

6. Once you have made the desired changes, close the spreadsheet tab and click on the Import data button.

7. Select the spreadsheet you were working on.

8. Confirm the before and after changes. Then click on the Accept button. It will take 60 seconds for the changes to be carried out.

Reasons to update Google Classrooms

  • At the end of the school year, you can ARCHIVE classrooms which are not going to be in use next year so to avoid confusing students.
  • Maybe the Description, Room, Enrolment Code, Student email addresses have to be modified because they were set up incorrectly by the teacher or classroom creator.
  • A teacher is out sick or on temporary leave and you need to add the new teacher to the Google Classroom.

Steps to delete existing Classrooms

1.The steps to deleting a classroom are very similar to updating classrooms. The only change you need to make is with the STATE field. Change the STATE field from ACTIVE/ARCHIVED to DELETED.

2. Make sure to close the spreadsheet down and then click on the Import data button.

3. Select the Spreadsheet you were working on and confirm the changes by click on the Accept button.

Important Information about the Google Classroom States

When a classroom is Archived it is still available in a specific section of the Google Classroom website.

An archived classroom can be always restored. But if you delete a classroom it will be permanently removed.

Chrome ‘Device Usage’ Alerts in GAT Shield

Do you want to track down a missing device? Do you know the serial number? Or know the last person using it? If yes, you can use GAT Shield Device Usage alert to get notified.

How to Configure this Alert.

1.Launch the GAT Shield tool.

2.Enter the Alert Rules section.

3.Select Device Usage from the ‘Add a rule’ drop-down menu.

4.Give the rule a meaningful name. Check the box to activate the rule. Now, enter the user’s email address and/or serial number. If both are entered one of them will take precedence if detected first when the rule is triggered on the device.

5.Check the box Report Screen Capture to take a screenshot of the page they were browsing at the time the rule is fired.

6.Optionally you can take a webcam picture of the person behind the device.

7.There is an option to display a message to the user if you turn ON End user action.

Once the alert is triggered an email is sent to the G Suite Super Admin.


When GAT  Shield receives a signal that the device is active, the admin will receive an email with a screenshot of the page opened, and location on a map where the device is located.
The Device Usage rule will be switched to disabled once the rule is fired to prevent getting multiple alerts for the same user or device.

GAT+ Gmail Audit Tables Explained

This post will explain the meaning of title headings and details within the tables in different areas of Email audit.

When you enter the Email auditing area of GAT+, on the Emails tab you will notice a summary table at the top of the page. The table will summaries the total number of emails sent out or sent into your domain with files attached or with no files attached. Clicking on any one of these categories in the table will apply a filter focusing only on those emails.

Clicking on any one of these categories in the table will apply a filter focusing only on those emails.

The date range (Emails from) at the top of the table indicates the period under audit.

The Last Scan Date informs you when an email scan last ran to update the metadata you are viewing.

Some notable categories:

Emails sent in – Emails were the sender is an external user

Emails sent out – Emails to external domains where the sender is from your own domain.

Emails sent internal – Emails sent only to users within your own domain. The email thread may include users who are external.

Bounced – When an email message cannot be delivered to an email address.

Files sent in – Emails sent into your domain from an external user which contained a file attachment.

Files sent out – Emails sent to external domains with a file attachment.

User Statistics Table

If you wish to get a better understanding of email activity for each user on your domain and the alias they may use click on User Statistics.

If you wish to get a better understanding of email activity for each user on your domain and the alias they may use click on User Statistics.

Heading of the Table

Date From and Date To – These fields over a date range. If you clicked on the Daily Statistics button this will show you email data of each previous day. If you can Summary Statistics button then you can see several months back for each user.  

Date From and Date To - These fields over a date range. If you clicked on the Daily Statistics button this will show you email data of each previous day. If you can Summary Statistics button then you can see several months back for each user.

User – The user who sent/received the email.

Email – This is the email address a user used to send or receive the emails. This is usually an alias or an account they’ve been delegated access to or their own email address. In the screenshot below in the green box, it shows that User:ferdows@generalaudittool.com sent/received emails from Email:ferdows@generalaudittool.com which is his own account.

Email - This is the email address a user used to send or receive the emails. This is usually an alias or an account they’ve been delegated access to or their own email address. In the screenshot below in the green box, it shows that User:ferdows@generalaudittool.com sent/received emails from Email:ferdows@generalaudittool.com which is his own account.

Emails recv. (ext) – Emails received where the sender is an external email address.

Emails recv. (int) – Emails received where the sender is from your own domain.

Emails sent (ext) – Emails sent outside of your own domain to other domains.

Emails sent (int) – Emails sent internally to users on your own domain.

Files recv. (ext) – Emails received from external users which contains a file attachment.

Files recv. (int) – Emails received by internal users from your own domain which contained a file attachment.

Files sent (ext) – Emails sent outside of your own domain to other domains which contained a file attachment.

Files sent (int) – Emails sent internally to users on your own domain which contained a file attachment.

Email columns

GAT Removes Your Pain Points

Google Drive

1) “What files on my google domain can everyone on the internet find or see?”

In the GAT+ Drive Audit one click on the number ‘Open to full public’ shows you all the public files on your domain’s Google Drive. You can see those that are available to all with the link or ‘Open to public with link’ both reports just a click away).

2) “We have files that are shared to lots of other domains, how can I see which ones?”

Within the Google Drive Audit and with the press of one button ‘Domain Connections’, we draw a map of your entire set of Drive shares into and out of your domain.

Domain connection graph

Select each ‘dot’ and it will lead you to those files, from there you can select the number of shared files, and be directed to them

Select each ‘dot’ and it will lead you to those files, from there you can select the number of shared files, and be directed to them

3) “I need to see a list of all the external people that have explicit access to files on your Domain drive?”

In the Drive Audit, one press of the button ‘External Users’ will produce a table that you can sort by the desired column.

In the Drive Audit, one press of the button ‘External Users’ will produce a table that you can sort by the desired column.

Gmail

4) Need to find and remove an email in a hurry? (even from hundreds of accounts!)

In the Email Audit using the ‘Domain Gmail Search’ you can do a live search of every folder in every account on your domain for an email containing text in any location (subject, body, attachment) or any other identifier and have a list of those emails found.

Once you find the emails you need (using Unlock) you can view, download or remove these emails in bulk for one or all accounts.

5) Need to see the top sender or receiver of emails?

Just a press of the ‘Sender/Receiver’ button will tabulate the top senders and receivers of email for your domain or for whatever search you used to narrow the data.

6) Need to delegate access to another user’s email account?

In the “User audit” select the “Email info” button and select the account you want to add delegated auditor to and add. After its approved by security officer, the user will have delegated access the person’s email.

7) Need to get a daily/weekly/monthly report of emails per user, sent and received?

On the GAT+ Email audit select “User Statistics” presenting different options  “Daily Statistics” and “Summary statistics”

Once you select the Daily Statistics, you can just apply filter to schedule daily reports for all emails coming and going out from all your user accounts you can also select to cover user/group/OU.

G Suite Users

8) Need to save on license costs then you need to know which accounts were not used in the last 6 months.

On the GAT+ select ‘Users Audit’ and select ‘Last Login’ and it will be filtered based on Last login.

You can apply filter to search by ‘Last login’ or ‘Last negative login’ searching for users whose last login to your G Suite domain was 6 months ago.



9) Need to easily bulk add or remove users or simply add/remove/change them between groups and OUs?

In the new GAT+ select the Users report. Filter for the set of users you are interested in working with. Export that selection of users, change the spreadsheet as described here. You can add the users to one or more groups or change their group mix completely. When finished with the changes, just import the spreadsheet to perform all the changes at once.

10) Need to be warned when some critical event has happened on your domain?

Under Configurations section in GAT+ select ‘Alarms’ and configure for the alerts you need. Alarms can be configured and saved on a per OU basis.

Daily User Activity Gmail Report

G Suite super admins regularly are tasked with generating daily user statistics for emails sent or received by each user taking into consideration emails sent by users using account aliases.

GAT+ makes this possible by reporting on this activity and allowing admins to configure a daily report.

On the right hand side click on the ‘Apply custom filter’ button to define the scheduled report.

Select ‘Stats By Date Range and Users’, select the current day and the next day. You can narrow down the scope by selecting a group or user Org unit.

Once you select the Scheduled box additional options will appear. Make the occurrence ‘Every day – after midnight’. Check the Enabled checkbox and send the report to multiple super admins or users if you wish. Finally, click the ‘Apply and Schedule’

The scheduled report will generate a Google Spreadsheet every day after midnight showing you all of the email activity since the previous day.

Sharing exposure and file types within Google Drive Audit

GAT+ can present G Suite Super Admins with a lot of useful summaries relating to sharing permissions in Google Drive, this document will explain each category.

Drive Audit One click table

Total

This is the total number of files and folders owned by users within your domain or files shared into your domain by external users.

Open to full public

Files publicly shared with the world, anyone who comes across it can see the contents of it, users are not required to authenticate themselves or be signed into a Google account. Additionally, the Google search engine can find and index these files. This category includes full public files shared into your own domain by external users.

Open to Public with link

Files publicly shared to anyone with a link. The Google search engine cannot find or index it. Anyone who has been given the URL link to these files can view the contents. This category includes public documents shared via link into your domain by external users.

Open to external users

Any file shared to an external domain such as external editors, readers. Team Drive files with Managers or Content Managers who are from an external domain will have this classification as well.

Open to internal users

This category includes any file which is shared internally to anyone within your own domain. This includes internal editors or readers and our domain (with link). Nevertheless, these files are not shared externally to anyone outside your organization.

Team Drive files

These are Team Drive files.

Team Drive Files with extra shares

When Team Drives are created, they will have Managers, Content Managers, Contributors, Viewers, and Commenters, therefore any Team Drive file which has permission shares anyone outside of the defined scope will fall into this category.

Private

Files are not shared with anyone, period. Only the owner can see it.

Trashed

Files that are moved to the Trash/Bin folder on the users myDrive.

Orphaned

Here’s how a file can become orphaned:

    • You create a file in someone else’s folder. Then they delete the folder. Your file isn’t deleted because only you can do that. But it’s no longer in a folder.

  • Or, you share a folder with someone who removes your file from the folder. Again, the file isn’t deleted, but it’s no longer in a folder.

This category will show you those orphaned files.

Auth errors

Indicates the number of users GAT+ can not scan properly. If this shows any value, check if GAT+ is turned ON for everyone within the G Suite Admin Console.

File Types

In Drive Audit, we make it easy for G Suite super admins to view the number of files across users myDrives. These are the most common file types. The values in the table include files shared into your domain by external owners.

Sites

The value for sites will show you all of the Google sites created by your domain or shared into your domain by external users.

Forms

These are Google survey forms created by your domain or shared into your domain by external users.

Identify All Externally Owned Files with GAT+

G Suite Admins can now Identify externally owned Google Drive files and which folders they reside in in your G Suite domain.

An admin can click on “One Click Report” – External users – Docs

This will show us all external users who have ‘shared in’ Google Drive files into your domain.

By clicking on each of the numbers under the column ‘Owns (not ours)’, the admin will be taken to Drive Audit Files tab where you can examine these Google Drive files in greater detail.

Another way to find all external owned Google documents within your G Suite domain is to open Drive audit and apply a custom filter – show the files which have been shared in. (we excluded deleted/trashed Google docs in this example) because they are included by default.

The result will show all Google docs “Shared in” to your domain and you will be able to view their paths. Since these files are externally owned, you as a G Suite Super admin, your only course of action is to remove and cut the ties to those users they’ve been shared with.

Note: To remove editors and readers from shared in files, there has to be at least one local editor from your Google domain on each of those files.

For each file, you can see the folder or folders that each particular file resides in.

Many files may not have a folder path because they haven’t been added to the local user’s myDrive.

The G Suite Admin can export a Google spreadsheet or a CSV of all shared in file paths by selecting the option ‘with path flattened’. With paths flattened each unique path will be displayed.

Find Internally Shared Google Documents

In Drive audit, we can see a nice overview of all drive files of your entire G Suite domain.

overview of all drive files in GAT+

An admin can select each of the categories and it will lead them to all the files from which the category was created from.
In this case will display all Google Drive files which are Open to internal users.
Sharing flags is set ‘Open to internal’, the users are in grey background color, which also indicates that the user are local and not from an outside domain.

Sharing flags tab in GAT+

How to Change Ownership of an Entire Folder Tree on Google Drive

In Google Drive audit in GAT+, you can use the features of File Management to change ownership of an entire folder tree using the recursive option.

You may want to change ownership of a root folder such as a myDrive or other folders within a users account.

Follow these steps, in Drive audit, use the funnel icon “Apply custom filters” button to find the folder.

“Apply custom filters” button.

Now select the following parameters. Since in this example I’m searching for a root folder (myDrive of a user) I selected these parameters.

Owner equals userY@generalaudittool.com

AND

Flags contains Root folder

selected parameters and apply them

This returned the following search once applied.

gat+ features

Now click on the drop-down next to the folder name. Select the option “Apply permission change to this folder (recursive)”.

Select the option “Apply permission change to this folder.

The recursive option will take our action and apply it through all of the subfolders as well. Now enter the new owner of the file. Also, make sure to remove the previous owner from the editor privilege access.

file management tab within gat+

Note: When changing ownership in GAT+ the previous owner is added as an editor of his files so when changing ownership and you don’t want this to happen, make sure to remove them.

Once you have filled in the appropriate fields, send the request of, your security officer will then get an email to approve or revoke your permission change.

You can change the Admin logs for the stats of the ownership change.

select the "admin log"

The folder will appear on the new owners myDrive with the following format:

In the myDrive of the new Owner, you will see a folder containing multiple subfolders appear.

(Root Folder) with the name: File_Transfer_reference_number

(Subfolder) From_UserX@myOrganisation.com (previous owners email address)

The above structure accounts for files which were created by other owners which happen to be inside the folder which was transferred by the super admin. This is the most optimal way to retain a folder and subfolders structure taking into consideration that the folders may be owned by multiple users.


Additional 1 Click Reports

GAT+ has added 4 new ‘1 Click’ reports to make life easier for Admins. These are designed to surface suspicious behaviour from suspicious locations even faster and and in a clear manner. The reports are:

  1. ‘Top Downloaded or Printed or Printed Files’ in the last 24 hours
  2. ‘Top Downloaded or Printed or Printed Files’ in the last 7 days
  3. ‘Geolocations of Drive Activity in the last 7 days’
  4. Geolocations of App activity in the last 7 days’.
GAT's "one click reports"

Top downloaded or printed files in the last 24 hours or 7 days.
Show a list of those files within your domain. An admin can export this data into a spreadsheet, or set up a scheduled report to run on a time frame.

GAT's "files filters"

Geolocations of all Drive and App activity in the last 7 days is using a visual representation on a Map where activity was recorded. An admin can choose date and type of event and see: Unique locations for users, Last users locations and Unique locations choose the date.
This feature is very useful to spot suspicious behaviour from some unexpected location in a much clear way.

see "geolocations of all Drive activity in the last 7 days"