GAT Shield Extension - How to Deploy

Deploying the GAT Shield Chrome Extension #

In this document, we will cover the deployment steps of the GAT Shield extension.

To start off navigate and login into the Google Admin console

In the Admin Console click on Devices

From the menu on the left navigate down to Devices >Chrome >Apps & extensions > click on Users & browsers

A new page will be displayed.

Install #

To install the GAT Shield extension choose the root Org Unit or a sub-OU where you want to deploy Shield into.

On the bottom right side click on the Yellow + button

Select the Add the Chrome app or extension by ID option.

NOTE: A pop-up window will be displayed, select From a custom URL option.

Enter the Extension ID and URL of the Open User Interface or Closed User Interface extension, only one version required

NOTE: The ID and URL can be found in Shield under Help – Extensions deployment

Click Save.

The Shield Extension is now installed.

On the newly installed Extension hoover over the “Installation policy,” click on and select “Force install“

Click on the Extension again and a pop-up window will be shown on the right side.

Under the “Permissions and URL access” field click on and select “Allow all permissions”.

Click on the Save button on the top right.

Data Regions #

GATLabs uses the Google Cloud Platform (GCP) to store data and metadata. The primary default data region is the USA but if you wish to store your data in another region of GCP like the United Kingdom or EU (European Union) you will have to take additional steps in the deployment process for the GAT Shield extension.

Important: IF YOU WANT TO RUN GAT SHIELD IN UK or EU ENVIRONMENT PLEASE CONTACT US AT SUPPORT@GATLABS.COM BEFOREHAND

Available data regions

USA – United States
UK – United Kingdom
EU – European Union

Under the heading Policy for Extension.

Enter the code below for the UK data region

{"region":{"Value":"UK"}}

Enter the code below for the EU data region

{"region":{"Value":"EU"}}

Managed Guest Sessions and Data Region #

If you are planning to use the GAT Shield extension on Managed Guest Session (MGS) and you wish to send data to the GCP region in the UK or EU.

You need to enter the following code:

Under the heading Policy for Extension.

Enter the code below for the UK data region

{"domain":{"Value":"my_own_domain_name.xyz"},"region":{"Value":"UK"}}

Enter the code below for the EU data region

{"domain":{"Value":"my_own_domain_name.xyz"},"region":{"Value":"EU"}}

Replace “my_own_domain_name.xyz” with your domain name “domain.com” for example

Deploying the GAT Shield Chrome Extension on Managed Guest Sessions (MGS) #

If you have Google Chromebooks that allow for guests to log in and Managed Guest Session is enabled. You can capture activity by these anonymous users and you can keep them safe from inappropriate content as they browse.

To learn more about deploying GAT Shield on Google Workspace Manage Guest Sessions please click on this post.

Deploying GAT Shield Extension using Microsoft Group Policy Objects (GPO) #

Apply the Chrome ADMX Group Policy: https://support.google.com/chrome/a/answer/187202?hl=en#zippy=%2Cwindows

Then in the rules on chrome it is forced to add additives in principle:

Computer Configuration> Policies> Extension> Configure the list of force-installed apps and Extension

You then need to add the data you provided for the plugin to install. This can be either the Open or Closed extension.

See the ‘Two versions of GAT Shield Explained’ info below > on your GAT Shield Admin console for the details of the “extension id” and “URL”.

Choose the Open UI or Closed version (but not both).

You can then share it on a group of computers or users on which it is to be applied.

User & browsers settings #

We recommend enabling some settings on the domain to prevent Users (students) from interfering with Shield and any extensions

Enable these settings in Devices > Chrome > Settings > Users & browsers

Some of these settings are mandatory.

Apps and Extensions #

On the above-selected page scroll down and navigate to the Apps and Extensions area find the Task Manager settings and switch it to Block users from ending processes with the Chrome Task Manager.

Description: Task Manager can be used to tamper with the Chrome browser’s normal operations.

User experience #

On the same page scroll down to User Experience

User & Browser settings > User Experience

The following settings are highly recommended for schools using enrolled Chromebooks.

These settings prevent students from bypassing the network firewall and installing Android apps like VPNs and other web browsers on their Chromebooks.

Multiple Sign in access – Block multiple sign-in access for users in this organization
Sign in to secondary accounts – Block users from signing in to or out of secondary Google accounts

In User experience scroll also to Developer tools and set it to “Never allow use of built-in developer tools”

Description: Developer tools can be used to disable extensions. Google also recommends disabling these tools in most cases.

Security #

The following three options are recommended for schools with enrolled Chromebooks. These settings prevent students from bypassing or tampering with the GAT Shield extension.

Scroll down to the Security tab

Find and apply the settings

Incognito Mode – Disallow Incognito mode.
- Description: In incognito mode, the extensions do not work
Browser history – Always save browser history.
- Description: Saving browser history is recommended so when incidents occur there is an audit trail that can be investigated by staff members.
Clear Browser History – Do not allow clearing history in the settings menu.
- Description: The ability to clear browser history on the Chrome Browser may allow users to tamper with GAT Shield Browser reporting features.

Content #

Scroll down further to the Content tab

Screenshot – set it to Allow users to take screenshots.

Description: Disabling screenshots will cause problems with GAT Shield Alerting functionality.

When all of the settings are set up make sure they are saved by clicking on the “Save” button on the top right.

Configure Device Settings #

We recommend that these options be configured on your domain for your Chrome devices. Not all are mandatory.

From Google Admin console navigate to.

Devices > Chrome > Settings > Devices

In the left sidebar, select the OU that contains your Chromebooks, then configure the following policies to match these values.

Enrollment and access #

Configure the Enrollment and access
Set Forced re-enrollment – automatically re-enroll after a wipe
Set Verified access to Enable for content protection.
Set Verified mode to Require verified mode boot for verified access.

Sign-in settings #

On the same page scroll down to Sign-in settings

Guest mode – Disable guest mode
Sign-in restrictions – Restrict sign-in to a list of users
- Add an allowed list

When done with the changes click on the “Save” button on the top right.

Two versions of GAT Shield Explained #

The Open User Interface extension allows the chrome user to see their own activity information while using the Chrome browser,

This includes: where and how they are spending their time and other useful details about their Chrome environment.

This version is also a recommended way for Teachers to monitor their student’s online activity.

The Closed User Interface will only display a grey GAT Shield icon but the end-user can’t access it.

When the Shield extension is deployed, every user who logs into their Chrome Browser with their domain credentials will have the extension automatically synchronized.

The Chrome user cannot override this setting.

Important note: Deploy only one of the Shield extensions Closed or Opened UI. Do not deploy both extensions within the same Org Units as this may cause some interferences.

WebCam capture – Extension URL #

If you wish to capture webcam images when Shield rules are triggered then you will need to enable Video-input-allowed URLs and add the Shield URLs

This setting can be enabled in Devices > Chrome > Settings > Users & browsers

Then scroll down and navigate to Hardware then to Video-input-allowed URLs

Add the WebCam URL then click Save on the top right.

The unique ID and URLs are displayed in the GAT Shield Console – see below (GAT Shield extension ID and URL)

Remove old WebCam extension #

The old WebCam extension is no longer needed. Please remove

webcamID: lncmmomdcmcilmblgmnlinenbinjklgg

Find the extension above and remove

GAT Shield Extension ID and URL #

The GAT Shield extension ID and URL information are displayed in the GAT Shield Console that is launched from GAT+

See instructions below

Launch GAT+ on the top left click on the GAT+ icon, a menu will be displayed – then select GAT Shield

Under the Help section, select Extensions Deployment – the extension ID and URL and Webcam URL will be displayed.

Allow GAT Shield Extension via Firewall #

Note: Depending on your Firewall setup, there might be restrictions set up and not allowing traffic to Shield.
Please check your Firewall settings and allow the following URLs:

For US (Global) domains (no prefix) – US (default) environment

For EU domains (eu- prefix) – EU environment

For UK domains (uk- prefix) – UK environment

These URLs must be reachable and not blocked by the Firewall.

Force Install Extension Org Unit inheritance explained #

Note: If you install Shield on “sub. ou” make sure it is – ‘Force install Inherited from the domain‘.
You can click on the extension ID, select “Force install” and Save.

When it is set up as ‘Default – Inherited from Google default‘ – Shield might not be active on the selected OU.

Displaying Serial Numbers within GAT Shield Console is available only for licensed enterprise enrolled devices.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Getting Started

Products Overview

Delegated Access

Users Audit & Management

Drive Audit & Management

Classroom Audit & Management

Email Audit & Management

DLP (Data Loss Prevention)

Calendar Audit & Management

URL Filtering

Chrome Audit & Management

On-boarding, Off-boarding & Modifying

GAT Shield Extension – How to Deploy

Deploying the GAT Shield Chrome Extension #

Install #

Data Regions #

Managed Guest Sessions and Data Region #

Deploying the GAT Shield Chrome Extension on Managed Guest Sessions (MGS) #

Deploying GAT Shield Extension using Microsoft Group Policy Objects (GPO) #

User & browsers settings #

Apps and Extensions #

User experience #

Security #

Content #

Configure Device Settings #

Enrollment and access #

Sign-in settings #

Two versions of GAT Shield Explained #

WebCam capture – Extension URL #

Remove old WebCam extension #

GAT Shield Extension ID and URL #

Allow GAT Shield Extension via Firewall #

Force Install Extension Org Unit inheritance explained #

What are your Feelings

Audit. Manage. Protect.

USE CASES

COMPANY

This website uses cookies to ensure you get the best experience on our website

Deploying the GAT Shield Chrome Extension #

Install #

Data Regions #

Managed Guest Sessions and Data Region #

Deploying the GAT Shield Chrome Extension on Managed Guest Sessions (MGS) #

Deploying GAT Shield Extension using Microsoft Group Policy Objects (GPO) #

User & browsers settings #

Apps and Extensions #

User experience #

Security #

Content #

Configure Device Settings #

Enrollment and access #

Sign-in settings #

Two versions of GAT Shield Explained #

WebCam capture – Extension URL #

Remove old WebCam extension #

GAT Shield Extension ID and URL #

Allow GAT Shield Extension via Firewall #

Force Install Extension Org Unit inheritance explained #

What are your Feelings

Share This Article :

How can we help?

Audit. Manage. Protect.

USE CASES

COMPANY

This website uses cookies to ensure you get the best experience on our website