The Google for Education Community Platform

ddelboccio · ‎02-13-2025

I have a student somehow launching a downloaded HTML file on his chromebook to open up some sort of Minecraft game type of environment.

I am not even sure how this thing loads and works, but more importantly, how to prevent something like this.

I wish I could attach the HTML file in question, but it does not look like this forum has the capability.

Anyone care to assist me with THIS fun one?? Or offer suggestions?

panderson · ‎02-18-2025

From my understanding, all the "File://*" does is block local files. We have had it in place for quite a while with no issues.

View solution in original post

ddelboccio · ‎02-13-2025

Part 2...........

How can I search all of my students Google Drive for HTML files, and DELETE THEM?

How can I PREVENT students from SAVING a file type of HTML?

MarkLoundy · ‎02-13-2025

If this is a local file, you'll never stop it. If you block *.html files, you will also block many many legitimate websites. Students could also share them as *.txt files and then change the extension manually.

Mark Loundy (He, Him, His)

Instructional Technology Specialist
De Vargas Elementary School
Ignited Fellow
Google Certified Educator

panderson · ‎02-13-2025

can you copy the html file into a Google Doc file and share that doc?

ddelboccio · ‎02-13-2025

Good idea, but the HTML file literally has 18 million characters in it, and Google is not liking my copy and paste into a google doc at the moment........I'll keep trying

ddelboccio · ‎02-13-2025

LOL..............copying and pasting into a Word document produced a 4,935 page document. WTH.

SteveHarmon · ‎02-13-2025

It sounds like you are trying to copy and paste the HTML file that actually runs the Eaglercraft program, and yes, that is mostly Javascript to run a scaled down Minecraft version, looking at the HTML of that will not be helpful (at least it wasn't to me!).

ddelboccio · ‎02-13-2025

Do we not have the ability to block this type of Javascript package?

SteveHarmon · ‎02-13-2025

I don't think we can for local files unless you completely disable Javascript, which would probably adversely affect some of your online curriculum.

don_b_nashville · ‎02-13-2025

That html file should list the link and the address where the student lands. If you block that address, you stop the activity for today, at least, or until the student finds another site offering access.

It then becomes a Whac-a-mole game keeping up with the latest gateway URL.

This would be a great AI application - scan logs for game sites, output adds/moves/changes for the blocks you want to set.

The nuclear option is to block all and allow specific sites. This leads to a different kind of madness. And it becomes "pick your poison."

I will say that on cutting off access to one of our prime offenders in the going off task on games arena, the student, deprived of the dopamine hits, showed a marked worsening of behavior, all happening in the midst of a medication change. You have to see this to believe it, but it's the direct result of reality mediated by screens. It's in the long term best interest of Google and other providers to offer better tools for managing its "workspace" that reset the priorities so that educators have control, rather than advertisers.

don_b_nashville · ‎02-13-2025

Red pill for today:

The New Colonialism: Power, Data, and the Transformation of Human Experience

https://processthis.substack.com/p/the-new-colonialism-power-data-and-468?utm_source=substack&utm_co...

SteveHarmon · ‎02-13-2025

Here are the three files that I have found: https://docs.google.com/document/d/1EiL3juURpGXOhbcQG-JKM6jJhr5Nk3khisGi_C-QXOs/edit?usp=sharing. Hopefully someone who understands this better than me can find a solution!

I will leave this document open to the world for a week or so - I don't want it to become a source for others to use to program more stuff like this! If you come across this in the future and it is not open, just ask me in this forum and I'll give you access.

A couple of my attempts to mitigate this issue:

I have a GAM script that runs twice a day that scans the Google Drive of all of the students and finds any files that end with HTML or ZIP and then purges them (bypassing the trash can). I have thought of increasing the frequency as twice a day may not be enough as I haven't found a way to block them from downloading the files.
We have also forced downloading to Google Drive instead of being able to choose local storage. This is not entirely effective, as once it is in Google Drive, they can easily just move it from their Drive to local storage.
I looked at the links in the HTML files and added them to the block list in Google Admin Console - I'm not completely certain that it has been effective though, and all it takes is for someone to change some of the URLs and my block is no longer effective.

A couple ideas I have mentally played with is building an extension that would prevent students from downloading HTML files or that changes certain HTML files with different code - I'm not even sure if this would be possible, and I haven't had time to look into it, so it is still a mental exercise.

ddelboccio · ‎02-13-2025

Why did I think I had the ability in the admin console (investigation tool?) to search for and delete files from student's (or anyone's) Google Drive?

I cannot figure out how to do it via the investigation tool.

Is this only a GAM feature? Can you share the GAM command for deleting HTML files?

SteveHarmon · ‎02-13-2025

There are two GAM commands to run. The first scans the Drives and puts the data into a Google Sheet. I create a tab for each school site in case I need to narrow down where the file is coming from and so I don't run into issues with API limits with Google.

gam ou_and_children "/Students/<school site>" show filelist query "mimeType contains 'html'" fields id,name,createdDate,lastViewedByUser,explicitlyTrashed,fullFileExtension,lastviewedbyuser,filesize,size,alternatelink todrive tdfileid <Sheet file ID> tdsheet id:<Sheet tab ID> tdretaintitle true tdupdatesheet true tdnobrowser true

Then the Sheet uses some formulas to combine and filter the data and preps it for the second GAM command. Make sure the columns are titled with the ~'ed names below. Also, the purge command deletes the file immediately and forever, there is not a way to recover it using that command.

gam csv gsheet <Sheet owner account> <Sheet file ID> <Sheet tab name> gam user ~Owner purge drivefile ~id

don_b_nashville · ‎02-13-2025

Tangentially related, please consider upvoting this initiative if you approve building a "disable" feature into Admin console to turn off the ability of students to hide what they're doing on a hidden desk/desktop:

https://www.googlecloudcommunity.com/gc/Feature-Ideas/Managed-Chromebooks-block-multiple-desks/idi-p...

panderson · ‎02-13-2025

We have a filter policy that blocks all URLs except those that we specifically approve. We add URLs based on teachers' requests and will very seldom add a whole domain. They can even watch a YouTube video if the teacher sends us the URL. These are the types of students that vice principals/principals ask us to add to that list. We have had students in the group for almost the entire year. In fact, some even start the next year in the group until they ask us to remove them.

kcalderw · ‎02-14-2025

That sounds like a nightmare to manage....

panderson · ‎02-18-2025

Actually, it isn't bad at all; the first year of getting the majority of the ULRs in was about the worst, and now we only get a few sites a year. We have a group that we add the students to, and if a time is set by the administrator, we add their removal date to Google Calendar. It has to be a pretty important YT video for us to add it, as that could turn into a nightmare.

ddelboccio · ‎02-13-2025

OK, we'll see what kind of dent I just made by doing this:

Using the investigation tool, I created a new investigation of "drive log events", with two conditions, document type is HTML and Title contains text "eagler" (this matched the file students were sharing around).

When results came up, I selected all results, chose the action option of "change owner" and changed ownership to ME!

After that finished, I ran the same search and this time after selecting all results I chose the "audit file permissions" option, on the files tab I made sure I selected all files, went to the actions menu and chose "set access" then chose "remove access".

Hopefully I just scared some students.

tneuser · ‎02-13-2025

Thank you for this. I just did it on my students and found that 9 students had the file as well. I have removed their access to the document.

kcalderw · ‎02-14-2025

You should put the following in your URL block list.

file://*
javascript&colon;//*

(I have no idea why it keeps autocorrecting to that. The bottom one should be the same as the first line just swapping the word file for javascript.)

ddelboccio · ‎02-18-2025

Already have the javascript example as a blocked URL

file://* seems like it might be too destructive??

panderson · ‎02-18-2025

From my understanding, all the "File://*" does is block local files. We have had it in place for quite a while with no issues.

ddelboccio · ‎02-18-2025

I'll give this a try, thanks!

Kim_Nilsson · ‎02-18-2025

Using Investigation Tool to create rules for notification is quite nice.

--
https://wheretofind.me/@NoSubstitute

MattDPenn · ‎02-19-2025

Is there a way to view who the owner is/was in Investigation view? I'm seeing some oddball title names but they almost make me wonder if students are saving image results from Google.

Kim_Nilsson · ‎05-07-2025

Yes, you can add more columns in Investigation Tool, one is Owner.

Do note that there is a clear difference in what you see and can do in Investigation Tool depending on whether you as superadmin have an Education Plus licence or not. These are just a very small number of the available columns.

Note the very small scroll bar to the right, indicating that I have many attributes active.

--
https://wheretofind.me/@NoSubstitute

dodge · ‎02-13-2025

have you tried placing a block for:

file:///*html

ddelboccio · ‎02-18-2025

Admin console will not accept this. Give error "Field is not a valid URL"

The Google for Education Community Platform

Student using an HTML file to play Minecraft/Eaglercraft