Deploying the Shield Extensions

In this document we will cover the deployment steps of GAT Shield extension.

  1. To start off go to the Device section of your Google Admin console.

  2. Select Chrome Management from the left-hand-side of the screen.

  3. Select User  & Browser settings.

    To install the GAT Shield extension choose the root Org Unit or a sub-OU.

  4. Scroll down to Apps and extensionsand click on App extension page.

  5. A new window will open where you select the Yellow button on the bottom right corner, then Add the Chrome app or extension by ID.

    NOTE: A new pop up window will be displayed, select From a custom URL option.

  6. Enter the Extension ID and URL of the Open User Interface or Closed User Interface extension, only one version is necessary.
  7. Click Save.
  8. Now make sure that the extension is Forced installed.

  9. On the right-hand menu for your newly installed extension, click the drop-down menu for Permissions and URL access and select Allow all permissions.
  10. Now, make sure to Save again.

If you wish to capture webcam images when Shield rules are triggered then you will need to force install the webcam support extension using the same method as above, steps 4 to 10, the unique ID and URL of webcam extension are displayed in GAT Shield Admin Console.


Configure your Google Admin Console Settings

We recommend enabling these settings in Device ManagementChrome ManagementUser & Browser Settings. Some of these settings are mandatory.

Apps and Extension

In the Apps and Extensions area find the Task Manager setting and switch it to Block users from ending processes with the Chrome Task Manager.

Description: Task Manager can be used to tamper with the Chrome browsers normal operations.


Security

Find the setting for Incognito Mode and Disallow Incognito mode.

Description: In incognito mode extensions don’t work.

Find the setting Browser history and set it to Always save browser history.

Description: Saving browser history is recommended so when incidents occur there is an audit trail which can be investigated by staff members. 

Find the setting Clear Browser History and change it to Do not allow clearing history in settings menu.

Description: Ability to clear browser history on the Chrome Browser may allow users to tamper with GAT Shield Browser reporting features.


User Experience

Find Developer tools and set it to Never allow use of built-in developer tools

Description: Developer tools can be used to disable extensions. Google also recommends disabling these tools in most cases.


Content

Find Screenshot setting and set it to Allow users to take screenshots.

Description: Disabling screenshots will cause problems with GAT Shield Alerting functionality.

Once all of the settings are completed make sure to click on Save.

Configure Device Settings

We recommend that these options be configured on your domain for your Chrome devices. Not all of these options are mandatory.

From the Google Admin Home screen, click through
Devices > Chrome Management > Device settings
In the left sidebar, select the OU that contains your Chromebooks, then configure the following policies to match these values.

Enrollment

  1. Configure the Forced re-enrollment.
  2. Set Verified access to Enable for content protection.
  3. Set Verified mode to Require verified mode boot for verified access

Sign-in settings

  1. For Sign-in Restrictions set it to Restrict sign-in to a list of users and whitelist your own domain and sub-domains. This will prevent domains such as @gmail.com from signing into a Chromebook.
  2. Disable Guest Mode on Chromebooks. This is a required step. Under the heading Sign-in settings set this option to Disable guest mode.




Two versions of GAT Shield Extension Explained

The Open User Interface Extension allows the chrome user to see their own activity information while using the Chrome browser, including where and how they are spending their time and other useful details about their Chrome environment. This version is also a recommended way for parents to monitor their child’s online activity.

The Closed User Interface will only display a grey GAT Shield icon but the end user can’t access it.

Once the Shield extension is deployed, every user who logs into their Chrome Browser with their domain credentials will have the extension automatically synced. The Chrome user cannot override this setting.



Displaying Serial Numbers in Shield Admin Console

This feature is available only for licensed enterprise enrolled devices.

GAT Shield Extension ID and URL

The GAT Shield extension ID and URL information are displayed in the GAT Shield Admin Console.

1. Launch GAT+ on the top left click on GAT+ icon, a menu will be displayed – then select GAT Shield

2. Under the Help section, select Extensions Deployment – the details such as ID and URL for the different Shield extensions will be displayed.

Note: Depending on your Firewall setup, there might be restrictions set up and not allowing traffic to Shield.
Please check your Firewall settings and allow the following URLs:

https://alert-shield.generalaudittool.com
https://urlaccess-shield.generalaudittool.com
https://shield.generalaudittool.com

These URLs must be reachable and not blocked by your Firewall.

Note: If you install Shield on Sub-OU make sure it’s ‘Force install Inherited from the domain‘.
You can click on the extension ID, select “Force install” and save.

When it is set up as ‘Default – Inherited from Google default‘ – Shield might not be active on the selected OU.