Skip to main content

Posts

Mobility Print by Papercut on ChromeOS

We have been using Papercut to offer managed Cloud Printing for our ChromeOS users for many years now. The most recent v17 release of Papercut introduces Mobility Print which allows direct printing to your networked devices.

From the end users point of view, it's almost the same as using Cloud Print, however, there are a few important differences.

Mobility Print does not require your print server to talk to the internet. For Cloud Printing, this can be tricky as for Cloud Print to work you really need to bypass any ssl inspection you do for that server.Its faster - doesn't need to send jobs to the cloud and back.Will work even if Google Cloud Printing has one of its moments - rare - but they do happen!You need to push the Mobility Print Chrome App.The printer is deployed to anyone with the app installed - not shared to groups or individuals as in Cloud Printing.You need to do a little DNS work for it to function across vlans.

This is what it looks like as an end user:


Recent posts

Network Wide Ad Blocking

You might want to block ads across your entire network. There are various approaches to doing this.

Ad Blocking Extensions You can push these to Chrome via Chrome Management and Group Policy. While these work well, users can configure then and they do have an impact on performance. It only applies to the browsers on managed devices and one browser. You cannot easily configure what is blocked centrally.
Content Filter Your content filter/firewall may have an option to configure this.
Manually adding to your hosts file.  This is what we do. You can download a hosts file that will block most ads here. This can be added to your gateways hosts file and this will block ads for all devices and browsers with no configuration required on client devices. This will apply to all devices and browsers. You can also manually tweak what is blocked for everyone. Video of how to do this on a Linux gateway below:


Every Circuit running on an R11 Chromebook

We have been deploying Android Apps to our managed R11 Chromebooks for a while now. Every Circuit caught my eye as we have been looking for a nice way of simulating electric circuits for a while. Seems to work rather well on a Chromebook - see video below:


New Acer R11 vs Viglen 360 Chromebook

I've just been trying out two of the latest touch/flip 11" Chromebooks - the Acer R11 (2017 model) and the Viglen 360. On paper these are very similar devices:

Processor: N3060
RAM: 4Gb
Storage: 32Gb SSD
Both touch/flip - IPS 1366x768 displays
Keyboards - identical
Both around the £200 ext VAT price range.

Features that differ:

Viglen 360
Has a removable battery - not convinced of the point of this in a Chromebook.
3 USB3 ports
Ruggedized design - built like a tank.
Heavy
Screen - slight movement when touched.

R11 (2107 model)
Has Android Apps available now on the stable channel.
Lighter
Screen - little movement when touched - feels more solid.
Only one USB3 + one USB2

Which would I buy? Well as a private buyer, the R11 without a doubt (the Viglen is Edu only...) - Android Apps and its a much nicer looking device. If I was looking for a trolley device, I might consider the Viglen for the warranty (3 years) and the tank like build (its weight does not matter if its not being lug…

Restricting the use of consumer accounts on domain joined PC's

If you have domain joined PCs that can be managed via group policy and you use G Suite, then you might want to restrict the use of consumer accounts on your machines. If a user can use a private account, they can do a range of things that can potentially bypass content filtering and other policies you have set in the management console in G Suite.

The best way to prevent this is at the network level - see the Google help page here. This means that all devices on your network will be prevented from using consumer accounts. Many firewalls and content filter providers (e.g. Securly) have this as a setting now. However, if you are not able to use this approach, or want to set it on specific users only, then the lastest Group Policy Templates have policies to enable it.

There are two policies for this. One to block signin to Chrome from non domain accounts and the other to block non domain login to things like GMail.

Restrict who can sign into Chrome:


Restrict who can sign into G Suite to…

Turn a flip chromebook into a whiteboard with Android Apps

If you install Sketch for Keep, Google Keep and Handraw on a flip Chromebook (R11 in my case), you can turn it into a whiteboard/drawing pad that saves your notes and doodles to Google Keep. If you use whiteboards in the classroom - you could use these apps if your students have R11's or similar.


Managed Android Apps on ChromeOS on an Edu G Suite Domain

Android Apps via the Play Store have been available on consumer accounts for some time on selected devices. We have 1:1 Acer R11's and have recently had the opportunity to trial them on G Suite Edu accounts.

From the point of view of the end user, they see the Play Store App appear on the shelf and have to agree to the terms and conditions. After that, force installed and pinned apps are immediately installed and they get access to the Google for Work Store. This only contains apps you have approved for that user.

For the administrator the steps are:

Enable Play Store Apps for the domainEnable access to the Play Store for specific Sub-OUs or usersAdd apps to Play for WorkSet permissions for each app - can install, force install or pin to shelf. This can be done differently for each app and each OU and is therefore very granular. 
Issues so far

Apps take a while to appear in the Play Store for users. Initially only force installed apps appear.You cannot set the permissions of multipl…