Skip to main content

Recommended Google Admin policies for schools using the Connect for Chrome extension

Updated

This article is for IT Support. 

You can implement Google Admin Console policies to prevent students from modifying the settings of the Connect for Chrome extension.

Note

Leave the Top Organizational Unit selected to apply the setting to all users and enrolled browsers. Otherwise, select a Child Organizational Unit. For example, you can select the students OU to ensure that these policies only apply to students rather than teachers.

Allow only specific Chrome extensions

By default, students can install any extensions onto their browsers. This means they can download VPN extensions that allow access to blocked content. We recommend allowing specific apps and extensions while blocking all others.

  1. Go to admin.google.com >  Devices > Chrome > Apps and Extensions > User app settings
  2. Find Allow/block mode.
  3. Select Edit in legacy view.
  4. Under Chrome Web Store, select Edit > Block all apps, admin manages allowlist.
  5. Select Save.

Disallow incognito mode

By default, students can use incognito mode. The browser may not load all the extensions, including Connect for Chrome. We recommend that you turn off incognito mode.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings 
  2. Find Security > Incognito mode.
  3. Select Disallow incognito mode.
  4. Select Save.

Prevent Chrome task manager from ending processes

Students can use the Chrome Task Manager to end processes, including the Connect for Chrome extension. We recommend that you block the ability to end processes.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find Apps and extensions > Task manager.
  3. Set the policy to Block users from ending processes with the Chrome task manager.
  4. Select Save.

Prevent developer tools from ending processes

Students can use the Developer Tools to inspect and end processes, including the Connect for Chrome extension. We recommend that you turn off the use of Developer Tools for force-installed extensions, and you may want to consider never allowing the use of Developer Tools if this tool is not used in Coding or Computer Science classes.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find User experience > Developer tools.
  3. Set the policy to Allow use of built-in developer tools except for forced-installed extensions and component extensions.
  4. Select Save.

Force users to log in to the Chrome Browser by default

By default, students don’t have to log in to use the Chrome browser, which may bypass the monitoring of their internet use. We recommend that you force users to log in.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find Sign-in settings > Browser sign-in settings
  3. Select Force users to sign-in to use the browser.
  4. Select Save.

Turn off multiple sign-in access

By default, students can log in to the Chrome Browser using multiple accounts without needing to sign out and sign back in. This can prevent the Connect from Chrome extension from syncing correctly. We recommend that you block the ability to sign in to multiple accounts.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find User experience > Multiple sign-in access.
  3. Select Block multiple sign-in access for users in this organization.
  4. Select Save.

Restrict users from logging in to non-school-related Google accounts on school-owned devices

Allowing student access to their personal email addresses can lead to possible misuse or may allow them to bypass the monitoring of their internet use. We recommend that you restrict users from logging in to non-school-related Google accounts on school-owned devices.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find Sign-in settings > Restrict sign-in to pattern.
  3. In the Pattern text field, enter the domains you want to allow sign-ins from. For example, *@your.school.com will restrict logins to only your.school.com and prevent users from signing into accounts outside of this configuration.
  4. Select Save.

Turn off Browser Guest Mode

Students can log in via Guest Mode, which may bypass the monitoring of their internet use. We recommend that you turn off the ability to use Guest Mode.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find User experience > Browser guest mode.
  3. Set the policy to Prevent guest browser logins.
  4. Select Save.

Block sensitive internal Chrome URLs and prevent the use of bookmarklets

Students may attempt to bypass filtering or interfere with the Connect for Chrome extension by:

  • Accessing internal Chrome pages like chrome://flags, chrome://crash, or chrome-untrusted://terminal
  • Running bookmarklets

These behaviours can disrupt monitoring, filtering, or screen visibility. To help protect devices, you should block both sensitive internal Chrome URLs and bookmarklets.

Use the "Block sensitive internal Chrome URLs" policy

To reduce the risk of students exploiting system vulnerabilities, Google recommends using the Block sensitive internal Chrome URLs policy instead of manually adding internal Chrome URLs to the Blocked URLs list.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find URL blocking.
  3. Select Block senstiive internal Chrome URLs.
  4. Select Save.

Block bookmarklets using URL Blocking

You can block bookmarklets by adding the following entry in the Blocked URLs list.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find URL blocking.
  3. Add these to the Blocked URLs:
    • chrome://extensions
    • chrome://media-app
    • devtools://*
    • javascript://*
  4. Select Save.

Preventing the use of bookmarklets and URLs

Bookmarklets are bookmarks stored in a web browser that contain JavaScript commands, adding new features to an existing browser. Students can configure the Bookmarklets to hinder the proper functioning of the Connect for Chrome extension. Students can also use URLs such as chrome://kill, chrome://hang and chrome://serviceworker-internals/ to quit or hang the Connect for Chrome extension. We recommend that you block students from using the bookmarklets and URLs.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Find URL blocking.
  3. Add these to the Blocked URLs:
    • javascript://*
    • chrome://kill
    • chrome://hang
    • chrome://serviceworker-internals/
  4. Select Save.

Use Ephemeral Mode for Shared Devices

Ephemeral mode ensures that user data is not stored locally when the user logs out. This prevents Chrome caching overload, which can negatively impact extension installation for new users logging in. We recommend that you erase all local user data if your school has shared devices.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings 
  2. Find Security > Force Ephemeral mode.
  3. Set the policy to Erase all local user data.
  4. Select Save.

Remove Connect for Chrome from Suspended Google Users

Users and groups synced from Google have only two states visible to the Linewize Filter: Active or Archived. When a user is marked Suspended in Google Admin, Linewize Filter will show them as Active and you may receive data from their Chrome profile since the extension is still active. To prevent this, you will need to mark users as archived.

Note

You need a Google Workspace subscription with an Archived User (AU) license to archive users.

If your school does not have the AU license, we recommend creating a suspended user group (Option 1) or deleting the user (Option 2).

Option 1: Create a Suspended Users Group and Block Extension

  1. Go to admin.google.com, create a new group named Suspended Users and add all suspended users to this group.
  2. Go to Devices > Chrome > Apps & extensions > Users & browsers
    1. Select Groups.
    2. Select the Suspended Users group to which you want to apply the setting.
  3. Find the Connect for Chrome extension you want to configure policies for.
  4. Under Installation policy, choose Block.
  5. Select Save.

Option 2: Delete the user from Google Workspace

Removing the user from Google Workspace will prevent them from being synced back into Linewize Filter.

Classwize Features

Allow Screenshots

If you want teachers to view a student’s screen during class or take screenshots for reporting purposes, you must turn on Screenshots for student devices.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Select the Organizational Units for students.
  3. Find Content > Screenshot
  4. Select Allow users to take screenshots and video recordings.
  5. Select Save.

Turn on Screen Video Capture

If you want teachers to use Classwize Screen Share, you must turn on the Screen Video Capture setting.

  1. Go to admin.google.com > Devices > Chrome > Settings > Users & browsers settings
  2. Select the Organizational Units that include your Classwize teachers.
  3. Find Content > Screen video capture
  4. Select Allow sites to prompt the user to share a video stream of their screen.
  5. Select Save.