Skip to main content


Avoiding Google Captcha's on your network

Your network may generate captcha'a if Google things you are sending too many duplicate requests to them. The end result of this can be Google search stops working or if you use a cloud-based filtering service (like Securly for us) - then your ability to proxy Google searches gets revoked for a time.

There are lots of reasons this can happen - malware, use of services like vpns and the tor network. These things should be within your control to manage/block. However, it turns out that one of the key factors is what you put in the Chrome policy "Omnibox Search Provider Suggest URL". I recently got the following string from Securly who got it from Google:


Now, why didn't I think to put that in......

So out policy looks like:
If you use the setting suggested in the list of Chromium policies, this apparently generates multiple duplicate requests. Since modifying this policy we have had zero issues.
Recent posts

ChromeOS 70 - a quick look

2 Factor Authentication for all staff in the new term.

This coming September 2018 we are going to finally make 2 Factor Authentication mandatory for all staff via security key. This is now easy to do via the management console and the settings look like this:

We have a free gift for all staff at the first INSET day back:

Relatively small cost for the added security for those not already on 2FA. Lots of little green lights on the INSET day!

S/MIME email signature and encryption for G Suite for Education

S/MIME has recently become available for G Suite for education. This offers digital signage of emails and enhanced encryption where supported by the recipient. There are a few steps to setting this up.

Enable on the Admin Console for users
Generate pfx certificates for users (or get them to do it)
Upload pfx into GMail settings - either the user does this or you can do it with GAM
GAM command: gam user add smime file jim.pfx password p@ssw3rd default
The password is for the certificate - not the user's password.
Optionally force the use of S/MIME via a content compliance rule for certain recipients.

Useful links:
GM Commands
Commodo - one source of certificates
How to make a pfx

Allowing Private Accounts on Managed Chromebooks

We run a 1:1 scheme where parents have the option to buy a Chromebook. However, to make things run smoothly we have always insisted that the Chromebooks are managed and only domain accounts can be used. For some parents, this has been a barrier to buying as it prevents them from using a device they have paid for. That has now all changed with the introduction of timed access to private accounts and guest mode.
In device settings, you can now specify times that a Chromebook can have sign-in restrictions lifted. To keep things secure, you must always sign-in and out with a domain account for this to be visible. We have offered this to guardians where they have paid for a Chromebook and have had a high takeup so far. The settings we use are:
Demo of what it looks like:

Pixel from ChromeOS to Ubuntu 18 04

To install Ubuntu 18.04 I followed my own blog post (but used a Ubuntu 18.04 boot stick instead):

To set the custom resolutions I followed this guide:

My settings are:

xrandr --newmode "1280x850_60.00"   88.75  1280 1352 1480 1680  850 853 863 883 -hsync +vsync

xrandr --newmode "1536x1020_60.00"  129.75  1536 1632 1792 2048  1020 1023 1033 1058 -hsync +vsync

xrandr --addmode eDP-1 1280x850_60.00

xrandr --addmode eDP-1 1536x1020_60.00

To map the top row of keys I used these instructions:

How to beat ChromeOS EOL and carry on getting updates

ChromeOS devices are great in loads of ways, but they have built-in obsolescence. Google will stop providing updates at a predetermined time according to the schedule you can find here. So the best you will achieve is 6.5 year if you buy the device on the launch day. In reality, it will be generally much less. It's something to watch as a good deal might not be such a good deal if the device only has two years left.

Once a device reaches its "due" date, you get a red pop up telling you its time to update every time you log in. The update section tells you there are no more updates. Now the device will work fine - for a while. You might get another 6 months use out of it before core services like Gmail stop working. However, if you are prepared to do a little work, you can install the OS of your choice onto the device and carry on using the device and not accept this. If you want ChromeOS, then you can install Cloudready from Neverware. I'll outline the basic steps be…