Skip to main content


MTA-STS for Google Workspace

 Brief guide to MTA-STS setup on Google Workspace
Recent posts

Using Managed Browsers with Google Advanced Desktop Security

The Managed Browser feature in the Google Admin console allows you to apply Chrome policies to the Chrome browser on a variety of platforms - Windows, MacOS and Linux. The application of these policies is done via OU and apply without the user having to turn on "Sync". I'll go through the specific steps to enrol browsers using Google Advanced Desktop Security as the Group Policy method is well documented elsewhere. Deploy the Chrome ADMX template file Down load the Chrome management files from here . Unzip the package and open up the chrome.admx file with notepad. Create a new custom OMA-URI Policy in the admin console and apply the following settings: OMA-URI  ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx Type = String Value = copy the entire content of the chrome.admx file into the value field.  Apply to the root of your domain. Set a policy to enrol a browser into a specific OU Create a new custom OMA-URI Policy in the admin console

Screencast App running on ChromeOS 103+

 If your ChromeOS device is on 103 or higher you can now access the new Screencast app. Quick demo below:  

An updated look at Google Advanced Desktop Security

 A few people asked me to do a practical run through of what this looks like - so here goes:

ChromeOS 99 - a quick preview

5G Broadband - is it the future?

 I've spend the last year upgrading our Trust schools to dedicated leased line ethernet circuits. This process is still ongoing and and at some sites painfully slow - a bit like their current VDSL connections. However, 5G broadband is now starting to be offered on unlimited data tariffs and its starting to become an attractive option if you live in the right area. I've just switched from my BT VDSL connection to EE's 5G unlimited broadband. Below is the before, BT speedtest: Our home broadband speeds have not changed at all in the last decade since VDSL became a thing. No sign of fibre to premises here - at least not in the short term. Back then we went from about 2Mbps - so going to 20ish was great.  However, after setting up the new 5G router (and to be fair I have 5G on my phone - so knew what to expect), we now get: The download speeds we get exceed those of some of our schools on 200Mbps ethernet circuits for about a sixth of the price. However, upload is somewhat slow

Google Login and Single Sign-on to Google Services in Chrome in an AD environment

I've previously posted about the ability to manage Windows PCs in the Google Admin Console. However, what if you are still managing your PCs via local active directory, but use Google Workspace for most things? Well you can have your cake and eat it - you just need to use  Google Credential Provider for Windows  and do a few configurations. Step 1 - update your users on the Google Admin Console You need to add a custom attribute to all of your users (at least those who use PCs) on the Google Admin console to link them with their local AD account. So you need to create a custom attribute in the Google admin console and populate this with the AD windows user details: The custom attribute you need is Enhanced_desktop_security and the field is AD_accounts. Detailed instructions can be found here . You can auto populate this field using GADS (Google Apps Directory Sync) if you use this to auto provision your accounts in Google from AD. Alternatively, you can populate them in bulk with a