GAT Shield’s Recursive User OU Search

GAT Shield now has recursive user ou search in shield browsing summary and URL access rules settings. This is a much-requested feature.
recursive user ou search

[New Feature] Automatically Block and Approve URL Sets with GAT Shield

Automatically block certain URLs during specific times of the day. For example, block Facebook between the hours of 9 AM and 6 PM Monday through Friday. This feature is very flexible. It allows you to curate a list of URLs that automatically become blocked at certain times. You can also choose to block all sites apart from ones in an ‘approved’ list.

time restriction url access control

See Who Violated Your Domain’s Usage Rules with GAT Shield

In the Shield Alerts section of GAT Shield, you can view all the instances where your users have violated any Alert Rules.

You can see the video instead of reading the post.

 

To know how to create an Alert Rule you can watch our video covering the topic.

In the Alerts Explorer, you can view a list of all the times a rule was violated.

You can see data such as the Rule name, The Rule type, Page info if it was a URL visit, how long ago the Rule was violated, the User who violated the rule and whether the Status of the alert was still open or acknowledged by an Admin.

See when rules were violated

Clicking the check mark will change the status indicator to a green Acknowledged status.

This is so you can let other Administrators on your domain know the alert was investigated.

By clicking the eye Icon you can get all the details of that alert, as well as the admin who acknowledged it.

Device information such as the rule violators Shield UUID, OS, IP details and location information is also available in this area.

Device information such as the rule violators Shield UUID, OS, IP details and location information can be seen with GAT Shield

Track Your Users’ Online Activities with GAT Shield

Using GAT Shield you can track your user’s browser activity throughout the day.

Below is a short tutorial explaining the feature. You can watch it instead of reading this post.

 

You can view what sites they spend most of their time on as well as their active time spent there.

 To start off we’re going to go to the User Activity section of GAT Shield.

Here we can see the timeline of any user.

Sites are ordered by the total duration of time spent, this will help you to quickly spot where the bulk of the time is spent by a user.

At the top left of this section, you can select the User you wish to view.

To the right, you can select the date you wish to investigate.

And in the top right you can choose to either view the data by Active time spent or view their activity in a 24-hour window.

user activity report in GAT Shield

The total chrome browser activity shows you a summary of the users total active time spent using their browser. Each colour represents a website, hovering over a colour will reveal it’s URL

See the sites visited while hovering over the report

Under this window, you can search for any specific website to see if your user is spending any of their time on that site. For example, you can see if your users are spending too much time on youtube.com

To the right, you can select the number of displayed sites.

See the amount of displayed sites in GAT Shield

Below you can view your users’ activity for every site they have visited. You can also see what percentage of the user’s day is spent on that site.

View a user's activity for every site they have visited

How to Locate and Track Devices with GAT shield

In this post, we’ll be covering User/Device Geolocation in GAT Shield.

You can view the video tutorial instead:

This feature will allow an Admin to track and locate all devices using advanced filters.

Start off by navigating to the User/Device Geo Reporting section in GAT Shield.

In this area you will have access to the Geolocation window, here you’ll see all devices currently enrolled on your domain being viewed by Shield UUID or you can also choose to view devices by IP.

See your enrolled devices

You’ll notice these numbers around the map, these are devices that are close to each other and have been grouped up together.

Clicking on the value will zoom in and spread the devices out more accurately.

After zooming in we can now see these computer icons, these are our devices.

If you click a device you will be shown it’s Shield UUID, OS, Public IP, City, Country, User and Last activity. You can also click to show the coordinates on Google Maps.

See the location of devices more accuratly

Scrolling down you will see a detailed list of all the devices connected to your domain.

You can view their Shield UUID, which is a universal unique ID given to every user per device, their Shield version, The serial number of the device, the OS, their public & private IP, location details as well as the user’s email and activity.

Further information on your selected device

Clicking the marker button will locate this user on the map.

The eye icon will give you more information about that user’s device, as well as details of their device such as CPU and memory usage.

In this example we’re going to search for any Windows devices that have more than one user logged into them, we’ll start off by clicking the filters button.

We’ll select OS and type the name of the operating system, in this example it’s Windows, we’ll then add another rule and select Other users, we’ll pick ‘is not empty’ and apply the filter.

Set instance filters

We now have my result, to see the other user who has logged into this device we’ll select the eye icon. I can now see that another user from a different domain has logged onto the same device as our user.

In our next example, we’ll look for how many devices a user has logged into, we’ll delete our filter and apply a new one, then we’ll select User and enter the email of the user we’re looking for.

We can see that this user has logged into five different devices. If we would like I can click the export data button and select between a direct CSV download or one to Google drive.

Select how you want to download the data

We’ll select Google Drive, a small window should appear. Simply click to view and download.

We can now see all the data from our search in the spreadsheet.

How to Install and Configure GAT Shield on Your Domain

In this how-to, we will be covering how to install and configure GAT Shield. Below is the video tutorial about the same topic:

To start off, go to the device management section of your admin console. Once here, select Chrome Management on the left side of the screen.

Next, select ‘user settings’. Now choose the route OU to install GAT Shield domain-wide. Alternatively, you can choose a sub OU and install it to that separately. Once you have that selected, scroll down to ‘force-installed apps and extensions’. Select ‘manage force installed apps’.

Select force installed apps

Now select ‘specify a custom app’. There are two versions of GAT Shield which are available. One open version and one closed. The open version allows the end user to see all the environment information from their Chrome browser, including where and how they are spending their time and other useful details about their Chrome environment. This version is also a recommended way for parents to monitor their child’s online activity.

Data seen in the GAT Shield 'open' and free version

 

The closed version will only display an icon but the end user can’t access it.

GAT Shield 'closed' version will only show an icon to the end user

Both versions IDs and URLs are available at the end of this post. Once the app is installed, every user who logs into their Chrome environment with zero domain credentials will have the app automatically installed. The end user cannot override this setting. Make sure to save changes. Next, we’ll get the GAT Shield companion app which allows Shield to capture a snapshot from the user’s webcam should they violate an alert rule. The ID and URL for this app is also available at the end of this post. Please follow the same installation procedure for GAT Shield for this companion app. Now we must scroll down to the task manager setting and select ‘block users from ending processes’ with the chrome task manager. Be sure to save your changes.

Select "block users from ending processes with Chrome task manager"

The next step, we’ll cover enabling serial number collection for Chrome devices. Please note this step requires the purchase of Google device manager. You can find out more information at the end of this post. GAT Shield can collect the serial numbers from the Chrome OS based device it is deployed to. This can be useful for asset tracking and ‘proof of use’ tracking. To enable this feature, we need to configure some additional settings in the G suite chrome management console. First, ensure all devices are enrolled on your domain. This will not work for any device that isn’t. Also, make sure that GAT Shield is deployed. Secondly, navigate to the Chrome management window then select Device Settings. Again you’ll have the choice to select either to route OU or a sub OU. Now for verified access, set it to enable for enterprise extensions and
enable for content protection and in addition at the following as the verified service account. This will also be at the end of this post to copy and paste over.

Remember to save when configured. Next, navigate to the chrome management section and select app management. Once there, search for the following app. You can find this code at the end of this post. Add it to your list of apps. Save when done.

search for the following app. You can find this code in the description of this video. Add it to your list of apps. Save when done.

Once the app is installed. Double click on the listing for the new app GAT Shield verifier. Select the user settings and set the switches as shown in the below image.

Adjust settings for GAT Shield

GAT Shield will now start reporting to device serial number in the Shield User device geo reporting section of the GAT shield tool. Now you should have GAT Shield fully deployed.

 

Further Information and code:

Closed version ID/URL

Open version ID/URL

Shield Companion App(webcam support) ID/URL

Google Chrome device management is required for serial number collection with GAT Shield.

For the verified service account please paste:

verified-access-api@gat-shield-va.iam.gserviceaccount.com

Shield Verifier ID –  ceiljdpelbjifndpnihkmhpebidiklnm

What Are My Users Searching on Gmail, Google, Youtube and Other Search Engines

In GAT Shield a word cloud is displayed to show queries being searched by your users, this helps to highlight what students and staff are searching for across different search engines.

Like GAT+, GAT Shield allows you to refine your search by selecting a User, Group, OU or domain and then selecting which search engine you are interested in. To do this click on the ‘Apply custom filter’ button on the top right corner of the page.

Apply custom filter

Select the search parameters that you are interested in viewing, for this example I’ve selected an OU structure, the Google search engine and searches after July 1st 2018.

Select the search parameters you are interested in viewing

Now, I will see all of the queries being entered into Google for the Marketing user OU.

export this information to a CSV file

I can then export this information to a CSV file.

export this information to a CSV file.

See All Searches Happening on Your Organisation’s Chrome Devices and Chrome Browsers

In this how-to, we’ll be covering GAT Shield searches. we will show you how you can see all the searches happening on your organisation’s Chrome devices and Chrome browsers.

You can see the short video tutorial below:

In GAT Shield Searches, you’ll be able to see all the searches happening across your Chrome devices on your Chrome browsers. Here, you can see the query the user inputted and the search engine they used. How long ago they did the search and who it was. Clicking the ‘eye’ icon will allow you to see the details of that search in the GAT Shield instance details. You can get the shield UUID. This is a unique ID that can be used in the user device geo reporting section to find a device the search was performed on.

the 'search details' tab within the 'searches' audit in GAT Shield

In this example, we’ll use a filter to see if any searches from our domain contained a words ‘GitHub’. We’ll also name the filter ‘GitHub’ query. Now if we apply and save this filter, it will be applied and can be used again from the ‘save’ tab.

the 'search filters' in GAT Shield

Using the alert rules configuration section, you can add a rule that can detect searches and report them should they violate the rule. Here you can add a rule for searches. In this example, we’re using a regular expression to detect if a user types wolf or snake into a search engine. We’ve set it so that the rule will only be active for these two users. You can choose whether to only show a warning or also close their web page. With these buttons, you can report the site name take a screen shot and/or a snapshot from their webcam at the time of the search.

the 'edit alert rule' option in GAT Shield

We hope you found this post hopeful and if you have any questions, please don’t hesitate to reach out to us via email (support@generalaudittool.com) or live chat.

How to Report and Remove Files Downloaded by Users Using GAT Shield

GAT Shield’s Alert Rules allows admins to stop and report unsafe downloads by users on your domain.

Here’s the video how-to:

To do this, select the ‘Alert Rules’ section. First, we’ll add a rule for downloads. Then, we’ll name the rule EXE and PNG blocked. In the file extension box, we’ll put EXE and PNG separated with a semicolon. Checking to cancel ‘delete/download’ box will prevent a download from happening. And if it’s already downloaded, it will be deleted. We can then apply these rules to a User, Group, or OU. You can also exclude a User, Group or OU from this rule. In the end user action, you can pick what will happen if a user violates this rule. You can check report file name screen capture and webcam captured to see who downloaded the file and what their screen and webcam were capturing at the time of the download. You can also whitelist certain web pages whitelist rule will not apply.

how to set up downloads alert rules with GAT Shield for S Suite

If you unchecked the ‘cancel/delete download’ button, but have any reports checked, you will only receive a report instead of interrupting to download.

That concludes this GAT Shield how-to. Thanks for watching.

Protected: How to Refresh Alert Rules in GAT Shield

This content is password protected. To view it please enter your password below: