I’ve been tasked with trying to find a way to restrict a student Chromebook to only allow it to visit first-party Google sites (Drive, Classroom, Gmail, Meet, etc.) and NOTHING else.
This student has been visiting very inappropriate sites (from home) and despite us informing the school admins and parents that they should be looking at parental controls and better supervision at home, they believe that this is something that IT can press the magic button for.
Forgive me as I am a bit new to Google Administration and have no formal training. I know that we can blacklist URLs, but is there a way to set a Chromebook (or OU for that matter) to only allow for traffic to reach whitelisted sites and nothing else? This is not an issue on-site of course but to prevent the naughty stuff at home.
We do not have any third party MDM on our Chromebooks like GoGuardian, we only manage them from the Admin Console.
Thanks in advance for any help. Normally I would do a lot more research before asking here, I am just under the gun for a quick solution. Cheers!
In the URL blocking section, put * under “URL blacklist” to block all URLs.
In the URL blacklist exceptions field add all the URLs that you want the student to be able to access. You may want to refer to this list for the URLs needed for Google Drive. Copy and paste the URLs but remove the " :443/HTTPS " at the end.
EDIT: The above steps create a USER policy. You can also do the same under Device settings to restrict access for the specific device that is assigned to that student. This way the student can’t use someone else’s account on his/her device to get around the restriction.
After you create a special OU with URL blocking set, be ready for the parents to complain that the student can’t get to some sites in order to complete his work. Have fun manually entering individual sites in the exception list.
I am in the process of setting up a “penalty box” OU for this. The in process part is getting a list of the sites that are regularly accessed in the course of the school day from the teachers. The teachers understand that there will be some growing pains as we add to the white list as needed.
We use securly free for our off site chromebook filtering and it seems to be doing the job well enough, including it seems to block VPN extensions pretty well.
Seeing as this is probably a case where the student+device will be alone in the OU one might even consider setting the restriction to only that students account. Weird solution but aren’t all penaltyboxsolutions weird one way or the other…
There are no lasting technological solutions for lax discipline and poor classroom management. You can’t win that game. Punish as best you can and move on.