📖 4 mins read

How to deploy and Configure GAT Shield on Your Domain 1

DEPLOYING THE SHIELD EXTENSIONS

In this document, we will cover the deployment steps of the GAT Shield extension.

  1. To start off go to the Device section of your Google Admin console.How to deploy and Configure GAT Shield on Your Domain 2
  2. Select Chrome Management from the left-hand side of the screen.How to deploy and Configure GAT Shield on Your Domain 3
  3. Select User  & Browser settings

    How to deploy and Configure GAT Shield on Your Domain 4
  4. To install the GAT Shield extension choose the root Org Unit or a sub-OU.
  5. Scroll down to Apps and extensions’ and click on the App extension page.
    How to deploy and Configure GAT Shield on Your Domain 5
  6. A new window will open where you select the Yellow button on the bottom right corner, then Add the Chrome app or extension by ID.How to deploy and Configure GAT Shield on Your Domain 6NOTE: A new pop up window will be displayed, select From a custom URL option.
  7. Enter the Extension ID and URL of the Open User Interface or Closed User Interface extension, only one version is necessary.
  8. The ID and URL  can be found in Shield under Help – Extensions deployment – see details in this page below: GAT SHIELD EXTENSION ID AND URLHow to deploy and Configure GAT Shield on Your Domain 7
  9. Click Save.
  10. On the right-hand menu for your newly installed extension, click the drop-down menu for Permissions and URL access and select Allow all permissions.How to deploy and Configure GAT Shield on Your Domain 8
  11. Now make sure that the extension is Forced installed.How to deploy and Configure GAT Shield on Your Domain 9
  12. Then click on the Save on the top right

If you wish to capture webcam images when Shield rules are triggered then you will need to force install the webcam support extension using the same method as above, steps 4 to 10, the unique ID, and URL of webcam extension are displayed in GAT Shield Console.

CONFIGURE YOUR GOOGLE ADMIN CONSOLE SETTINGS

We recommend enabling these settings in Device Management > Chrome Management > User & Browser Settings.

How to deploy and Configure GAT Shield on Your Domain 10

Some of these settings are mandatory.

User & Browser settings > Apps and Extension

In the Apps and Extensions area find the Task Manager settings and switch it to Block users from ending processes with the Chrome Task Manager.
How to deploy and Configure GAT Shield on Your Domain 11

Description: Task Manager can be used to tamper with the Chrome browser’s normal operations.

User & Browser settings > User Experience

The following settings are highly recommended for schools using enrolled Chromebooks.

These settings prevent students from bypassing the network firewall and installing Android apps like VPNs and other web browsers on their Chromebooks.

Very Important for Schools with Enrolled Chromebooks

  • Block Multiple Sign in access
  • Block access to secondary accounts on the device

How to deploy and Configure GAT Shield on Your Domain 12

User & Browser settings > Security

The following three options are recommended for schools with enrolled Chromebooks. These settings prevent students from bypassing or tampering with the GAT Shield extension.

Find the setting for Incognito Mode and Disallow Incognito modeHow to deploy and Configure GAT Shield on Your Domain 13

Description: In incognito mode extensions don’t work.

Find the setting Browser history and set it to Always save browser historyHow to deploy and Configure GAT Shield on Your Domain 14

Description: Saving browser history is recommended so when incidents occur there is an audit trail that can be investigated by staff members. 

Find the setting Clear Browser History and change it to Do not allow clearing history in settings menu.

How to deploy and Configure GAT Shield on Your Domain 15

Description: Ability to clear browser history on the Chrome Browser may allow users to tamper with GAT Shield Browser reporting features.

User & Browser settings > User Experience

Find Developer tools and set it to Never allow use of built-in developer tools.

How to deploy and Configure GAT Shield on Your Domain 16

Description: Developer tools can be used to disable extensions. Google also recommends disabling these tools in most cases.

 

User & Browser settings > Content

Find Screenshot setting and set it to Allow users to take screenshots.

How to deploy and Configure GAT Shield on Your Domain 17

Description: Disabling screenshots will cause problems with GAT Shield Alerting functionality.

Once all of the settings are completed make sure to click on Save.

 

CONFIGURE DEVICE SETTINGS

We recommend that these options be configured on your domain for your Chrome devices. Not all of these options are mandatory.

From the Google Admin Home screen, click through
Devices > Chrome Management > Device settings

How to deploy and Configure GAT Shield on Your Domain 18

In the left sidebar, select the OU that contains your Chromebooks, then configure the following policies to match these values.

Device Setting > Enrollment

  1. Configure the Forced re-enrollment.
  2. Set Verified access to Enable for content protection.How to deploy and Configure GAT Shield on Your Domain 19
  3. Set Verified mode to Require verified mode boot for verified access.

Device Settings > Sign-in settings

  1. Disable Guest Mode on Chromebooks. This is a required step. Under the heading Sign-in settings set this option to Disable guest mode.
    How to deploy and Configure GAT Shield on Your Domain 20
  2. For Sign-in Restrictions set it to Restrict sign-in to a list of users and whitelist your own domain and subdomains.
  3. This will prevent domains such as @gmail.com from signing into a Chromebook.How to deploy and Configure GAT Shield on Your Domain 21

TWO VERSIONS OF GAT SHIELD EXTENSION EXPLAINED

The Open User Interface extension allows the chrome user to see their own activity information while using the Chrome browser,

This includes: where and how they are spending their time and other useful details about their Chrome environment.

This version is also a recommended way for parents to monitor their child’s online activity.

How to deploy and Configure GAT Shield on Your Domain 22

The Closed User Interface will only display a grey GAT Shield icon but the end-user can’t access it.

How to deploy and Configure GAT Shield on Your Domain 23

Once the Shield extension is deployed, every user who logs into their Chrome Browser with their domain credentials will have the extension automatically synced. The Chrome user cannot override this setting.

Important note: Only deploy either the Open or Closed version of GAT Shield extension, do not deploy both extensions within the same Org Units as this may cause some interference with Shield Console.

 

GAT SHIELD EXTENSION ID AND URL

The GAT Shield extension ID and URL information are displayed in the GAT Shield Console that is launched from GAT+

See instructions below

1. Launch GAT+ on the top left click on GAT+ icon, a menu will be displayed – then select GAT Shield

How to deploy and Configure GAT Shield on Your Domain 24

2. Under the Help section, select Extensions Deployment – the details such as ID and URL for the different Shield extensions will be displayed.

How to deploy and Configure GAT Shield on Your Domain 25

 

Allow GAT Shield Extension via Firewall

Note: Depending on your Firewall setup, there might be restrictions set up and not allowing traffic to Shield.
Please check your Firewall settings and allow the following URLs:

https://alert-shield.generalaudittool.com
https://urlaccess-shield.generalaudittool.com
https://shield.generalaudittool.com

These URLs must be reachable and not blocked by your Firewall.

 

Force Install Extension Org Unit inheritance explained

Note: If you install Shield on Sub. OU makes sure it’s ‘Force install Inherited from the domain‘.
You can click on the extension ID, select “Force install” and save.

How to deploy and Configure GAT Shield on Your Domain 26

When it is set up as ‘Default – Inherited from Google default‘ – Shield might not be active on the selected OU.

Displaying Serial Numbers within GAT Shield Console is available only for licensed enterprise enrolled devices.

 

If you require any assistance please contact us at support@gatlabs.com 

Thanks for sharing and spreading the word!