How can I prevent student logins to Google from overriding the Library's public PC restrictions?
-
Public library computers have Windows local group policy restrictions including Chrome Policy Templates. When students login to school accounts their enterprise policies apparently override our local policies and allow apps we don't want. A further complication is they don't log out and the next public user who wants to log in sees the previous user and is confused requiring intervention by library staff. We need a way to prevent this or at least a log on script to sign them out or delete something in the registry or whatever will work. Thanks on behalf of public libraries everywhere.
-
Can you not use the local GPO preferences to log out an idle user after X minutes?
-
Wouldn't this do what you want?
-
You'd also likely want to set the "Interactive logon: Don't display last signed-in" as an additional privacy option / simplicity for your library guests.
I assume they login to a local account that's on the pc so something like
.\libcomp1with some or no password. -
Also I'm assuming you're using Windows 10 Pro, if something else the exact option may not be there.
-
Thanks for replying. there is only one public user. It is the same on all the computers. Logging off and back on doesn't solve the problem. To clarify it is when they are already logged on to the computer and login to their school managed gmail account that causes the problems. It seems that once they log in to Google suite it syncs and loads a bunch of apps and also apparently overrides my local Chrome policies. For instance I have a blacklist of all (*) for Chrome extensions that can be installed but when they sign in we are left with lots of extensions. That is one example.
-
Oh so they aren't signing into the computer with their g-suite account, but are signing into chrome while on the local pc user account.
-
I am assuming that just as Domain policies override local policies in Windows that Google Suite?, enterprise? or what ever it is overrides our local chrome polices that are added to our local group policy with the chrome.adm template.
-
@DustinB3403 Yes. Thanks.
-
I dont know if there is anything that can be set in google to disable the sync, as it's per account as far as I know.
-
You can use Group Policies to disable users from logging into Chrome. I've pushed it out in the past and it works very well. There are a ton of settings you can use to lock down Chrome as well.
-
@coliver yes but this is a public library system. We have to assume that they are logging in to do school work or view assignments etc.
-
@coliver I use a ton of settings to lock down Chrome and they have been working great until this school year started. Evidently several of the local school districts are using some sort of Chrome administration and assigning students gmail accounts associated with the school.
-
@LJ said in How can I prevent student logins to Google from overriding the Library's public PC restrictions?:
@coliver yes but this is a public library system. We have to assume that they are logging in to do school work or view assignments etc.
They can still do that. But this will prevent them from logging into the "Google Account" feature that Chrome has, not the G Suite websites themselves. You can also set it to remove browsing history when they close the window which will remove the tokens that hold the login.
-
@LJ said in How can I prevent student logins to Google from overriding the Library's public PC restrictions?:
@coliver I use a ton of settings to lock down Chrome and they have been working great until this school year started. Evidently several of the local school districts are using some sort of Chrome administration and assigning students gmail accounts associated with the school.
G Suite for Education. It's really common.
-
@LJ said in How can I prevent student logins to Google from overriding the Library's public PC restrictions?:
When students login to school accounts their enterprise policies apparently override our local policies and allow apps we don't want.
Apps inside of Chrome?
-
@coliver That sounds like what I need to do. What version of the template are you using? I have tried the one from chromium project and the one from Google enterprise. Please explain exactly how to do this. I must have missed it. To restate you can prevent logging into chrome but allow gmail and Gsuite? That would be perfect.
-
@scottalanmiller Yes apparently. This was just brought to my attention yesterday but the PC I brought to the back had a search bar across the top of the desktop even with Chrome browser closed. I can't remember the name of the search bar now.
-
-
@LJ I was able to get the user signed out and get everything straight after a few minutes but I am not always at this branch. It has very limited staff and is literally a hundred feet away from a high school campus.
