Skip to main content

Posts

Fast, Cheap Chromebox on a budget

We have some ageing Haswell based Chromeboxes from HP, Asus and Acer. These boxes go end of life in terms of ChromeOS updates in less than a years time and while we can keep them going for a while - they will rapidly age after support ends. So our options are as follows:
Buy new Chromeboxes - the basic ones are around £200. They have the advantage they run Android apps. However, the base model is only slightly faster than our current models. To get better performance you need to get the i3 model at >£300.Hack Cloudready onto the old Chromeboxes. We have done this to some older Samsung Chromeboxes and it works really well - but its a lot of effort!Buy refurb ultra small form factor PCs and install Cloudready.  So we tried the third option. The device we went for was the HP 8200 Elite Ultra Slim - i5 2400S, 8Gb DDR3 for £90 on eBay. We added a 60Gb SSD (had some spares) and installed Cloudready and enrolled on the domain.

The result is a very quiet, fast Chromebox that seems to work r…
Recent posts

Acer Spin 13 Chromebook - a quick look.

A few days ago I got to try an Acer Spin 13 Chromebook. This is a high-end device - in the same price bracket as the Pixelbook. The one I looked was going to be priced around the £800. For this you get:

8th Gen i3 8100 processor16 Gb RAM64Gb SSD13" touchscreen 2256x1504 and touch flip format 
I ran a quick Octane benchmark and it scored a decent 33000 (my Pixel 2013 does around 21000).

To use its similar to the Pixel 2013/15 - same aluminum case and quality finish. The Pixelbook is a much more luggable device if that's what you are after. So it's basically a fast, touchscreen, high-resolution Chromebook with a price to match. It feels well built and the keyboard was responsive - a nice machine.

Would I buy one? Probably not. For school, the price is way too high and I manage just fine on a regular 11" Spin. As a private buyer, I currently have an Acer R13 Chromebook that does everything I need (not as fast) and cost less than half the price. I also have a Pixel 2013 r…

Adding subdomains to G Suite

This is how I add subdomains (so basically new schools) to out G suite setup. I've got these steps documented on a scruffy set of notes that I've now got in Keep - so time to document them - for myself as much as anyone else!

Steps in order (roughly)

Add the new domainVerify the new domainAdd MX records to hostingAdd SPF record for Google to hostingTurn on email authenticationAdd DMARC record to hostingSetup custom Directory and restrict students OU to this.Create an admin quarantine for the domain.Configure SPAM setting for the domain.Turn on and off services as appropriate.Map a blank Google Site to the naked domain - if required.Setup some basic groups - allstaff, allusers (for directory) and students with appropriate permissions.Deploy custom wallpapers. So the steps in a bit of detail: Add the new domain & Verify ownership Click on Domains in the admin console:
Add/remove domains followed by "add a domain" At this point make sure you select the second option. …

Chrome GPO updates Oct 2018

I while back I published this blog post about locking down Chrome. The first two policies in that article have now been depreciated and replaced. This quick video covers what has replaced them and a couple of new policies as well.



Avoiding Google Captcha's on your network

Your network may generate captcha'a if Google things you are sending too many duplicate requests to them. The end result of this can be Google search stops working or if you use a cloud-based filtering service (like Securly for us) - then your ability to proxy Google searches gets revoked for a time.

There are lots of reasons this can happen - malware, use of services like vpns and the tor network. These things should be within your control to manage/block. However, it turns out that one of the key factors is what you put in the Chrome policy "Omnibox Search Provider Suggest URL". I recently got the following string from Securly who got it from Google:

{google:baseURL}complete/search?output=chrome&q={searchTerms}

Now, why didn't I think to put that in......

So out policy looks like:
If you use the setting suggested in the list of Chromium policies, this apparently generates multiple duplicate requests. Since modifying this policy we have had zero issues.

ChromeOS 70 - a quick look

2 Factor Authentication for all staff in the new term.

This coming September 2018 we are going to finally make 2 Factor Authentication mandatory for all staff via security key. This is now easy to do via the management console and the settings look like this:












We have a free gift for all staff at the first INSET day back:


Relatively small cost for the added security for those not already on 2FA. Lots of little green lights on the INSET day!