Deploying the GAT Shield Chrome Extension
In this document, we will cover the deployment steps of the GAT Shield extension.
To start off navigate and login into Google Admin console then click on Devices
Select Chrome > Apps & extensions > Apps and extensions > Users & browsers
A new page will be displayed.
To install the GAT Shield extension choose the root Org Unit or a sub-OU. On the right bottom side click on the Yellow + button
Select the Add the Chrome app or extension by ID option.
NOTE: A pop up window will be displayed, select From a custom URL option.
Enter the Extension ID and URL of the Open User Interface or Closed User Interface extension, only one version required
The ID and URL can be found in Shield under Help – Extensions deployment – click here to see details
Click on the newly installed extension. Select the installation policy to Force install. Under permissions and URL access click and select Allow all permissions.
Click on the Save button on the top right.
Configure your Google Admin Console Settings
We recommend enabling these settings in Devices > Chrome > Settings > Users & browsers
Some of these settings are mandatory.
In the Apps and Extensions area find the Task Manager settings and switch it to Block users from ending processes with the Chrome Task Manager.
Description: Task Manager can be used to tamper with the Chrome browser’s normal operations.
User & Browser settings > User Experience
The following settings are highly recommended for schools using enrolled Chromebooks.
These settings prevent students from bypassing the network firewall and installing Android apps like VPNs and other web browsers on their Chromebooks.
- Block Multiple Sign in access
- Block access to secondary accounts on the device
Scroll down to Developer tools and set it to Never allow use of built-in developer tools.
Description: Developer tools can be used to disable extensions. Google also recommends disabling these tools in most cases.
User & Browser settings > Security
The following three options are recommended for schools with enrolled Chromebooks. These settings prevent students from bypassing or tampering with the GAT Shield extension.
Find the setting for Incognito Mode and Disallow Incognito mode.
Description: In incognito mode, the extensions do not work
The setting bellow is for Browser history and set it to Always save browser history.
Description: Saving browser history is recommended so when incidents occur there is an audit trail that can be investigated by staff members.
The setting below is for Clear Browser History and change it to Do not allow clearing history in the settings menu.
Description: Ability to clear browser history on the Chrome Browser may allow users to tamper with GAT Shield Browser reporting features.
User & Browser settings > Content
Find Screenshot setting and set it to Allow users to take screenshots.
Description: Disabling screenshots will cause problems with GAT Shield Alerting functionality.
When all of the settings are set up make sure they are saved by clicking on the “Save” button on the top right.
Configure Device Settings
We recommend that these options be configured on your domain for your Chrome devices. Not all are mandatory.
From Google Admin console navigate to.
Devices > Chrome > Settings > Devices
In the left sidebar, select the OU that contains your Chromebooks, then configure the following policies to match these values.
Devices > Chrome > Settings – Device settings
- Configure the Enrollment and access
- Set Forced re-enrollment – automatically re-enroll after a wipe
- Set Verified access to Enable for content protection.
- Set Verified mode to Require verified mode boot for verified access.
On the same page scroll down to Sign-in settings
- Guest mode – Disable guest mode
- Sign-in restrictions – Restrict sign-in to a list of users
- Add a whitelist
When done with the changes click on the “Save” button on the top right.
Two versions of GAT Shield Explained
The Open User Interface extension allows the chrome user to see their own activity information while using the Chrome browser,
This includes: where and how they are spending their time and other useful details about their Chrome environment.
This version is also a recommended way for Teachers to monitor their students online activity.
The Closed User Interface will only display a grey GAT Shield icon but the end-user can’t access it.
When the Shield extension is deployed, every user who logs into their Chrome Browser with their domain credentials will have the extension automatically synchronised.
The Chrome user cannot override this setting.
Important note: Deploy only one of the Shield extensions Closed or Opened UI. Do not deploy both extensions within the same Org Units as this may cause some interferences.
WebCam capture – Extension URL
If you wish to capture webcam images when Shield rules are triggered then you will need to enable Video-input-allowed URLs and add the Shield URLs
This setting can be enabled in Devices > Chrome > Settings > Users & browsers
Then scroll down and navigate to Hardware then to Video-input-allowed URLs
Add the WebCam URL then click Save on the top right.
The unique ID and URLs are displayed in the GAT Shield Console.
Remove old WebCam extension
The old WebCam extension is no longer needed. Please remove
Find the extension above and remove
GAT Shield Extension ID and URL
The GAT Shield extension ID and URL information are displayed in the GAT Shield Console that is launched from GAT+
See instructions below
1. Launch GAT+ on the top left click on the GAT+ icon, a menu will be displayed – then select GAT Shield
2. Under the Help section, select Extensions Deployment – the extension ID and URL and Webcam URL will be displayed.
Allow GAT Shield Extension via Firewall
Note: Depending on your Firewall setup, there might be restrictions set up and not allowing traffic to Shield.
Please check your Firewall settings and allow the following URLs:
For UK domains
These URLs must be reachable and not blocked by the Firewall.
Force Install Extension Org Unit inheritance explained
Note: If you install Shield on Sub. OU makes sure it’s ‘Force install Inherited from the domain‘.
You can click on the extension ID, select “Force install” and Save.
When it is set up as ‘Default – Inherited from Google default‘ – Shield might not be active on the selected OU.
Displaying Serial Numbers within GAT Shield Console is available only for licensed enterprise enrolled devices.
If you require any assistance please contact us at email@example.com
To request a demo please click here and fill the form, we will get back to you in less than 12 hours during weekdays.
If you tried GAT in the past and you would like to run a fresh trial again, please enquire through this form.