Skip to main content

Posts

Showing posts from October, 2018

Adding subdomains to G Suite

This is how I add subdomains (so basically new schools) to out G suite setup. I've got these steps documented on a scruffy set of notes that I've now got in Keep - so time to document them - for myself as much as anyone else!

Steps in order (roughly)

Add the new domainVerify the new domainAdd MX records to hostingAdd SPF record for Google to hostingTurn on email authenticationAdd DMARC record to hostingSetup custom Directory and restrict students OU to this.Create an admin quarantine for the domain.Configure SPAM setting for the domain.Turn on and off services as appropriate.Map a blank Google Site to the naked domain - if required.Setup some basic groups - allstaff, allusers (for directory) and students with appropriate permissions.Deploy custom wallpapers. So the steps in a bit of detail: Add the new domain & Verify ownership Click on Domains in the admin console:
Add/remove domains followed by "add a domain" At this point make sure you select the second option. …

Chrome GPO updates Oct 2018

I while back I published this blog post about locking down Chrome. The first two policies in that article have now been depreciated and replaced. This quick video covers what has replaced them and a couple of new policies as well.



Avoiding Google Captcha's on your network

Your network may generate captcha'a if Google things you are sending too many duplicate requests to them. The end result of this can be Google search stops working or if you use a cloud-based filtering service (like Securly for us) - then your ability to proxy Google searches gets revoked for a time.

There are lots of reasons this can happen - malware, use of services like vpns and the tor network. These things should be within your control to manage/block. However, it turns out that one of the key factors is what you put in the Chrome policy "Omnibox Search Provider Suggest URL". I recently got the following string from Securly who got it from Google:

{google:baseURL}complete/search?output=chrome&q={searchTerms}

Now, why didn't I think to put that in......

So out policy looks like:
If you use the setting suggested in the list of Chromium policies, this apparently generates multiple duplicate requests. Since modifying this policy we have had zero issues.