Skip to main content

Restricting the use of consumer accounts on domain joined PC's

If you have domain joined PCs that can be managed via group policy and you use G Suite, then you might want to restrict the use of consumer accounts on your machines. If a user can use a private account, they can do a range of things that can potentially bypass content filtering and other policies you have set in the management console in G Suite.

The best way to prevent this is at the network level - see the Google help page here. This means that all devices on your network will be prevented from using consumer accounts. Many firewalls and content filter providers (e.g. Securly) have this as a setting now. However, if you are not able to use this approach, or want to set it on specific users only, then the lastest Group Policy Templates have policies to enable it.

There are two policies for this. One to block signin to Chrome from non domain accounts and the other to block non domain login to things like GMail.

Restrict who can sign into Chrome:

Restrict who can sign into G Suite tools such as GMail. Just be aware that this does not stop them using a private account to authenticate with some services - but it does effectively block the use of G Suite tools with private accounts. 

You can see the documentation for these settings (and all other ones) here. To get the latest policy settings, you do need to periodically download and update your template files on your domain controller. So if you don't have one or both of these settings, download and apply the latest admx files. 

Popular posts from this blog

How to do vertical text in Google Spreadsheet

After many years of waiting, this is now a feature of sheets - so this little hack is no longer needed. Options now are:

One limitation of Google Spreadsheets is the lack of a vertical text option - handy if you have very wordy headings to columns. This is being worked on - but a little work around for now is the use of the following formula:

=ARRAYFORMULA(CONCATENATE((MID( "English Lit"; ROW(INDIRECT("YY1:YY"&LEN( "English Lit" ))); 1)&CHAR(10))))

Don't worry how it works - just copy and paste - change both english lit's to whatever you want.

How to push bookmarks to users in Chrome via the management console

With the release of Chrome and ChomeOS 37 an update to the management console has arrived that allows you to push bookmarks to users.

Under Device Management > Chrome > User Settings > User Experience you will now find the option to add managed bookmarks.

In the example above, the bookmarks are applied to the sub-OU of 'students' - so all our students will get these bookmarks. Simply add your url and the bookmark name, click the + and save. These will appear in a folder called 'yourdomain bookmarks' - see below:

Be aware that to get these bookmarks applied on a Windows/OS-X device the user must be signed into Chrome. Update: if you install the latest group policy template you can push the bookmarks via policy on PCs - details are given here.
Video Guide: