This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ Log in to ask a question

Managed Browsers setup

panderson
Contributor III

‎10-20-2023 02:15 PM

So I am starting to work on setting up Managed Browsers.  I put some Windows machines into the Admin console.  I put them in the same location as my Chromebooks.  I didn't set or change any policies and the sign-in settings are like shown below. 

For the Chromebooks, I set my policies to block users from signing into another account (URL blocking) as discussed in our old group many times.  On the Windows machines that I am testing, the users can't get into Chrome because the sign-in page is blocked (I think from the URL Block?).  I am thinking I am missing a bunch of new settings both in the sign-in area and others.  Does anyone have any recommendations on things that I need to do?  Is it better to do this using the Windows AD Group Policies, I am guessing we wouldn't want to use both, but not sure on that either.  Any help, suggestions would be appreciated.

panderson_0-1697836013564.png

 

Topics:
0 Kudos
Reply
6 REPLIES 6

rdnixon
Contributor

‎10-20-2023 11:11 PM

I enroll Chrome Browsers (via the enrollment key) into the OU the users are going to be in. The policies that apply are the Chrome user settings. This has nothing to do with ChromeOS device settings - so if you are trying to deploy them they won't do anything.  

Its also important to set the precedence policy correctly. So do you want policies applied to users to trump browser policies or the other way round. 

The typical use case for managed browsers is that when someone logs into Windows/MacOS, the browser automatically has the correct user policies applied and its not dependent on the user turning on sync. 

As far as AD goes all you need to do is push the enrollment key and then set all your user policies in one place - the admin console. You can set the policy precedence to have the user policies take over if the user turned on sync if you have OUs of users within the OU where the browser is enrolled e.g. to push different custom bookmarks to the ones everyone gets perhaps.

My blog post on the subject from a while ago: https://wpsit.blogspot.com/2022/06/using-managed-browsers-with-google.html

Reply

Kim_Nilsson
Admin Moderator

‎10-20-2023 11:22 PM

You shouldn't need to use URL Blocking to block users from signing into another account.

Disabling the settings for Sign-in to secondary accounts (and Multiple Sign-in Access (cros only) should take care of that.

And you need to restrict Secondary Sign-in to your Workspace domain, like this, else it will not work on Windows.

Kim_Nilsson_0-1697869202030.png

 

--
https://wheretofind.me/@NoSubstitute
Reply

Adotzman
New Contributor II
In response to Kim_Nilsson

‎03-01-2024 12:56 PM

Is there anywhere in the Admin Console to restrict this secondary sign-in to be in effect only during school hours? 

Thanks!

0 Kudos
Reply

Kim_Nilsson
Admin Moderator
In response to Adotzman

‎03-04-2024 02:44 AM

No, not this Secondary sign-in setting,

But you can control the primary sign-in restriction on your Chromebooks here.

Here's the setting for the actual sign-in restriction.
https://admin.google.com/ac/chrome/settings/device/details/sign_in_restriction_category_item?hl=en

Here's the setting that ignores that setting for the time periods you decide.
https://admin.google.com/ac/chrome/settings/device?hl=en&table-view=false&f=POLICY_NAME.DeviceOffHou...

That setting can be controlled by time.

Do note that this, of course, doesn't work on non-Chromebooks.

--
https://wheretofind.me/@NoSubstitute
Reply

Adotzman
New Contributor II
In response to Kim_Nilsson

‎03-05-2024 05:37 AM

Thank you!

Reply

panderson
Contributor III

‎10-23-2023 07:00 AM

Thanks, this helps!!

Reply
  • © 2023 Google. All rights reserved.
  • Privacy Policy
  • Terms of Service
  • Community Guidelines