Skip to main content

Google Safe Search in Schools

There has been quite a bit of talk about safesearch recently as its moved to https which has caused issues for some with filtering explicit content. Google provide online documentation of how to do this here. I thought it might be useful to illustrate what each approach involves.

Via Chrome Management Policy

If a user is signed into a device using their Google Apps account, you can force SafeSearch using policy. So this works on ChromeOS devices and where users are signed into Chrome on a PC. It also applies anywhere.

So set this in Chrome User Settings in the management console:

While this policy applies offsite - it does not apply if a user in not signed into Chrome on a PC or signed into their own device with a non-domain account. Which brings on the next option for PC's.

Via Chrome Group Policy

If you use Chrome on PC's, you should manage it with the Chrome Group Policy adm. Once added to your domain controller, you can control the behaviour of Chrome, including forcing SafeSearch.

So this will force SafeSearch on for users of PCs on your domain for those who have the policy applied to them. This takes effect irrespective of whether they are signed into Chrome. This, however, does not apply to other browsers (IE for example) or BYOD devices. To catch those, you can go to the final method - enforcing at the network level.

Network level enforcement

If, like us, you use a squid based transparent proxy, you can enforce SafeSearch on any device that connects to your network in a few seconds. 

So log into your server running squid and dnsmasq and create the file + contents indicated in the lines above. Restart dnsmasq and thats it. Once done, users get a notification that SafeSearch is enabled and cannot turn it off - even on their own devices while on your network.

So this is what it looks like for the end user:

How you do the last step varies a little bit depending on how you run your gateway and dns - but it simply amounts to a dns reroute. Everything here should be viewed alongside how you do content filtering as this may include the option out of the box.

Popular posts from this blog

Delete a specific email using GAM

If a user send an inappropriate email to a loads of people or get stung by some sort of email exploit you can quickly delete the email from all of the recipients using a GAM command.
Step 1 - get the email header Go into Google Vault and search for the offending user or someone known to have got the message.
Click show details and grab the email ID. This will be a long string of characters followed by
Step 2 - find out who has the email Go into Google Vault and find the original message sent by the offending user. Look at the details to see who got it. Copy the list and dump it into a spreadsheet. Clean up to just a list of emails with a column header 'mail'. Save as a csv file.
Step 3 - delete messages with GAM Put your CSV file in your GAM folder - this e.g. assumes its called mail.csv
gam csv mail.csv gam user ~mail delete messages query rfc822msgid:MESSAGEIDHERE doit

The alternative nuke option is:
gam all users delete messages query rfc822msgid:MESSAGEI…

My favorite GAM commands - well a few of them at least!

Where would be without GAM? Paying for expensive syncing tools or doing tedious manual tasks in the admin console. GAM can automate most things you might want to do in G Suite. So these are a few of my favourite commands - one I use either as part of a batch file - or just standalone. There are loads more - but these are ones that are used daily.
Classroom Create a spreadsheet of all your domains classes - gam print courses todrive

Create a spreadsheet of a teacher's classes: gam print courses teacher todrive

Bulk create classes:
gam csv classes.csv gam create course alias ~alias name ~alias section ~subject teacher ~teacher status ACTIVE

where classes.csv is a list of classes you want to make.

Add teachers:
gam csv teachers.csv gam course ~alias add teacher ~teacher

Add students:
gam csv students.csv gam course ~alias add teacher ~student

Sync Students (in this example to a group - but could be an ou/csv file)
gam csv groups.csv gam course ~groupmail sync students g…

How to push bookmarks to users in Chrome via the management console

With the release of Chrome and ChomeOS 37 an update to the management console has arrived that allows you to push bookmarks to users.

Under Device Management > Chrome > User Settings > User Experience you will now find the option to add managed bookmarks.

In the example above, the bookmarks are applied to the sub-OU of 'students' - so all our students will get these bookmarks. Simply add your url and the bookmark name, click the + and save. These will appear in a folder called 'yourdomain bookmarks' - see below:

Be aware that to get these bookmarks applied on a Windows/OS-X device the user must be signed into Chrome. Update: if you install the latest group policy template you can push the bookmarks via policy on PCs - details are given here.
Video Guide: