📖 4 mins read
For privacy reasons YouTube needs your permission to be loaded. For more details, please see our Security Policy Statement.

I Accept

Deploying the GAT Shield Chrome Extension

In this document, we will cover the deployment steps of the GAT Shield extension.

To start off navigate and login into Google Admin console then click on Devices

How to deploy and Configure GAT Shield on Your Domain 1

Select Chrome > Apps & extensions Apps and extensions > Users & browsers 

How to deploy and Configure GAT Shield on Your Domain 2

A new page will be displayed.

Install

To install the GAT Shield extension choose the root Org Unit or a sub-OU. On the right bottom side click on the Yellow + button

How to deploy and Configure GAT Shield on Your Domain 3

Select the Add the Chrome app or extension by ID option.

NOTE: A pop up window will be displayed, select From a custom URL option.

Enter the Extension ID and URL of the Open User Interface or Closed User Interface extension, only one version required

The ID and URL  can be found in Shield under Help – Extensions deploymentclick here to see details

How to deploy and Configure GAT Shield on Your Domain 4

Click Save.

Click on the newly installed extension. Select the installation policy to Force install. Under permissions and URL access click and select Allow all permissions.

How to deploy and Configure GAT Shield on Your Domain 5

 

Click on the Save button on the top right.

Configure your Google Admin Console Settings

We recommend enabling these settings in Devices > Chrome  > Settings Users & browsers

How to deploy and Configure GAT Shield on Your Domain 6

Some of these settings are mandatory.

In the Apps and Extensions area find the Task Manager settings and switch it to Block users from ending processes with the Chrome Task Manager.

How to deploy and Configure GAT Shield on Your Domain 7

Description: Task Manager can be used to tamper with the Chrome browser’s normal operations.

User & Browser settings > User Experience

How to deploy and Configure GAT Shield on Your Domain 8

The following settings are highly recommended for schools using enrolled Chromebooks.

These settings prevent students from bypassing the network firewall and installing Android apps like VPNs and other web browsers on their Chromebooks.

  • Block Multiple Sign in access
  • Block access to secondary accounts on the device

How to deploy and Configure GAT Shield on Your Domain 9

Scroll down to  Developer tools and set it to Never allow use of built-in developer tools.

How to deploy and Configure GAT Shield on Your Domain 10

Description: Developer tools can be used to disable extensions. Google also recommends disabling these tools in most cases.

User & Browser settings > Security

The following three options are recommended for schools with enrolled Chromebooks. These settings prevent students from bypassing or tampering with the GAT Shield extension.

How to deploy and Configure GAT Shield on Your Domain 11

 

Find the setting for Incognito Mode and Disallow Incognito mode.

Description: In incognito mode, the extensions do not work

The setting bellow is for Browser history and set it to Always save browser history.

Description: Saving browser history is recommended so when incidents occur there is an audit trail that can be investigated by staff members.

The setting below is for Clear Browser History and change it to Do not allow clearing history in the settings menu.

Description: Ability to clear browser history on the Chrome Browser may allow users to tamper with GAT Shield Browser reporting features.

User & Browser settings > Content

Find Screenshot setting and set it to Allow users to take screenshots.

How to deploy and Configure GAT Shield on Your Domain 12

Description: Disabling screenshots will cause problems with GAT Shield Alerting functionality.

When all of the settings are set up make sure they are saved by clicking on the “Save” button on the top right.

Configure Device Settings

We recommend that these options be configured on your domain for your Chrome devices. Not all are mandatory.

From Google Admin console navigate to.

Devices > Chrome > Settings > Devices

How to deploy and Configure GAT Shield on Your Domain 13

In the left sidebar, select the OU that contains your Chromebooks, then configure the following policies to match these values.

Devices > Chrome > Settings – Device settings 

  • Configure the Enrollment and access
  • Set Forced re-enrollment – automatically re-enroll after a wipe
  • Set Verified access to Enable for content protection.
  • Set Verified mode to Require verified mode boot for verified access.

How to deploy and Configure GAT Shield on Your Domain 14

On the same page scroll down to Sign-in settings

  • Guest mode – Disable guest mode
  • Sign-in restrictions – Restrict sign-in to a list of users
    • Add a whitelist

How to deploy and Configure GAT Shield on Your Domain 15

When done with the changes click on the “Save” button on the top right.

Two versions of GAT Shield Explained

The Open User Interface extension allows the chrome user to see their own activity information while using the Chrome browser,

This includes: where and how they are spending their time and other useful details about their Chrome environment.

This version is also a recommended way for Teachers to monitor their students online activity.

How to deploy and Configure GAT Shield on Your Domain 16

The Closed User Interface will only display a grey GAT Shield icon but the end-user can’t access it.

How to deploy and Configure GAT Shield on Your Domain 17

When the Shield extension is deployed, every user who logs into their Chrome Browser with their domain credentials will have the extension automatically synchronised.

The Chrome user cannot override this setting.

Important note:  Deploy only one of the Shield extensions Closed or Opened UI. Do not deploy both extensions within the same Org Units as this may cause some interferences.

WebCam capture – Extension URL

If you wish to capture webcam images when Shield rules are triggered then you will need to enable Video-input-allowed URLs and add the Shield URLs

This setting can be enabled in Devices > Chrome > Settings > Users & browsers

How to deploy and Configure GAT Shield on Your Domain 6

Then scroll down and navigate to Hardware then to Video-input-allowed URLs

How to deploy and Configure GAT Shield on Your Domain 19

Add the WebCam URL then click Save on the top right.

The unique ID and URLs are displayed in the GAT Shield Console.

Remove old WebCam extension

The old WebCam extension is no longer needed. Please remove 

lncmmomdcmcilmblgmnlinenbinjklgg

Find the extension above and remove

GAT Shield Extension ID and URL

The GAT Shield extension ID and URL information are displayed in the GAT Shield Console that is launched from GAT+

See instructions below

1. Launch GAT+ on the top left click on the GAT+ icon, a menu will be displayed – then select GAT Shield

How to deploy and Configure GAT Shield on Your Domain 20

2. Under the Help section, select Extensions Deployment – the extension ID and URL and Webcam URL will be displayed.

How to deploy and Configure GAT Shield on Your Domain 21

Allow GAT Shield Extension via Firewall

Note: Depending on your Firewall setup, there might be restrictions set up and not allowing traffic to Shield.
Please check your Firewall settings and allow the following URLs:

  • https://alert-shield.generalaudittool.com
  • https://urlaccess-shield.generalaudittool.com
  • https://shield.generalaudittool.com

These URLs must be reachable and not blocked by your Firewall.

Force Install Extension Org Unit inheritance explained

Note: If you install Shield on Sub. OU makes sure it’s ‘Force install Inherited from the domain‘.
You can click on the extension ID, select “Force install” and Save.

How to deploy and Configure GAT Shield on Your Domain 22

When it is set up as ‘Default – Inherited from Google default‘ – Shield might not be active on the selected OU.

Displaying Serial Numbers within GAT Shield Console is available only for licensed enterprise enrolled devices.

If you require any assistance please contact us at support@gatlabs.com 

 

If you would like to run a trial of our products please install GAT+ from the Google Workspace Marketplace and contact us at support@gatlabs.com with any questions you may have.

To request a demo please click here and fill the form, we will get back to you in less than 12 hours during weekdays.

If you tried GAT in the past and you would like to run a fresh trial again, please enquire through this form.

Thanks for sharing and spreading the word!