The management of Google Chromebooks uses a set of URL's that block traffic to four sets of resources.
The content is always updating as new resources emerge but the list below is commonly used for education.
chrome://settings-frame
chrome://settings
chrome://history
chrome://history-frame
chrome://settings/clearBrowserData-frame
chrome://plugins
chrome://flags
*/html/crosh.html
chrome-extension://pnhechapfaindjhompbnflcldabbghjo/html/crosh.html
accounts.youtube.com/accounts/Logout2
accounts.google.com/ServiceLogin?elo=1
accounts.google.com/Logout
accounts.google.com/ServiceLoginAuth
accounts.google.com/SignOutOptions
accounts.google.com/SignUp
accounts.google.com/AddSession
accounts.google.com/AccountChooser
myaccount.google.com/security#signin
accounts.google.com/ManageAccount
photos.google.com/login
plus.google.com/u/0/?referer=gplus
aboutme.google.com/u/0/?referer=gplus
search.yahoo.com
www.bing.com/search
duckduckgo.com
dogpile.com/search
ixquick.com
The restriction to external search engines is not to protect Google's business model but to ensure that 'safe search' is not easily bypassed.
A second approach blocks all chrome://* targets and then operates a whitelist as required.
chrome://*
*/html/crosh.html
.... as above
Whitelist:
chrome://history
chrome://history-frame
chrome://chrome
chrome://print
Other Information.
If you are blocking all chrome extensions except the ones you allow you might like to add the Google Docs Office facility which can be found here.
- Internal Chrome Dialogs
- External Search Engines
- Local Development extensions
- Google Sign-in sites. *** See May 2018 update section below.
The content is always updating as new resources emerge but the list below is commonly used for education.
chrome://settings-frame
chrome://settings
chrome://history
chrome://history-frame
chrome://settings/clearBrowserData-frame
chrome://plugins
chrome://flags
*/html/crosh.html
chrome-extension://pnhechapfaindjhompbnflcldabbghjo/html/crosh.html
accounts.youtube.com/accounts/Logout2
accounts.google.com/ServiceLogin?elo=1
accounts.google.com/Logout
accounts.google.com/ServiceLoginAuth
accounts.google.com/SignOutOptions
accounts.google.com/SignUp
accounts.google.com/AddSession
accounts.google.com/AccountChooser
myaccount.google.com/security#signin
accounts.google.com/ManageAccount
photos.google.com/login
plus.google.com/u/0/?referer=gplus
aboutme.google.com/u/0/?referer=gplus
search.yahoo.com
www.bing.com/search
duckduckgo.com
dogpile.com/search
ixquick.com
The restriction to external search engines is not to protect Google's business model but to ensure that 'safe search' is not easily bypassed.
A second approach blocks all chrome://* targets and then operates a whitelist as required.
chrome://*
*/html/crosh.html
.... as above
Whitelist:
chrome://history
chrome://history-frame
chrome://chrome
chrome://print
chrome://net-internals/#chromeos
chrome://net-export/
chrome://net-export/
Other Information.
If you are blocking all chrome extensions except the ones you allow you might like to add the Google Docs Office facility which can be found here.
https://chrome.google.com/webstore/detail/google-docs-offline/ghbmnnjooekpmoecnnnilnnbdlolhkhi
Update May 2018:
With ChromeOS V68 a new policy can be set from the admin console from within Chrome/ User Policy (Sign-In Within the Browser).
Admins can now explicitly restrict users who are signed in to the Chrome Browser from adding additional Google Accounts in the browser.
This single policy replaces all the site specific URLs's that needed to be added to the block list to achieve the same effect (below). Thanks Google !
accounts.youtube.com/accounts/Logout2
accounts.google.com/ServiceLogin?elo=1
accounts.google.com/Logout
accounts.google.com/ServiceLoginAuth
accounts.google.com/SignOutOptions
accounts.google.com/SignUp
accounts.google.com/AddSession
accounts.google.com/AccountChooser
myaccount.google.com/security#signin
accounts.google.com/ManageAccount
Update May 2018:
With ChromeOS V68 a new policy can be set from the admin console from within Chrome/ User Policy (Sign-In Within the Browser).
Admins can now explicitly restrict users who are signed in to the Chrome Browser from adding additional Google Accounts in the browser.
This single policy replaces all the site specific URLs's that needed to be added to the block list to achieve the same effect (below). Thanks Google !
accounts.youtube.com/accounts/Logout2
accounts.google.com/ServiceLogin?elo=1
accounts.google.com/Logout
accounts.google.com/ServiceLoginAuth
accounts.google.com/SignOutOptions
accounts.google.com/SignUp
accounts.google.com/AddSession
accounts.google.com/AccountChooser
myaccount.google.com/security#signin
accounts.google.com/ManageAccount
No comments:
Post a Comment