Whitelisting Chrome Extensions/Apps in G Suite Admin Console

Recently, an incident in the school district where I work required that the district implement additional restrictions in regards to Google Chrome and Chrome devices.  After looking at options, the decision was made to switch the Student Organizational Unit over to a whitelist policy for extensions and apps.  Teachers and other faculty members would remain on a blacklist policy, and notify technology of what they would like whitelisted for student use.  I sent out a survey to collect the names of all currently used extensions, collected the results, and made a test OU to switch to whitelisting.

Part of the conversion process also involved a review of all force installed apps and extensions.  There are two ways to force install through the admin console; using App Management or User Settings in Device Management - Chrome Management.  App Management is meant for singular instances, while the User Settings method is more conducive to multiple force installs.  While both methods are accessed from Device Management, the set up screens differ and they do not appear to cross list in both directions.  Force installing from App Management does offer additional features, like the ability to upload configuration files specific to your organization.  However, force installations from App Management do not show in the User Management force installed apps list.  Force installations from User Management do show as configured in App Management.  As such, I would recommend listing the force installations from User Settings, then configuring in App Management as a second step if needed.

During the evaluation with the test OU, I noticed that the accounts still on the old policy registered several apps that were listed as "added by third party" in addition to the applications we were already set up to force install through the domain.  Digging into that a bit, I determined that these "added by third party" apps were in fact the default Chrome OS apps.  Wanting to verify my answer, I contacted G Suite technical support.  Support verified that the apps in question were default OS apps, they would need to be whitelisted, but would not require force installation.

Here's the rub: the default applications have to be whitelisted independently - there is no blanket setting to allow defaults or approve specific developers.  Additionally, support doesn't have documentation on what those apps are.  That means any Chrome OS version updates will need to be reviewed for changes or the new apps won't show up.  Here are two ways to do this: you can subscribe to the Chrome Release Google Blog or you can check the modules on an un-managed Chromebook with the current Chrome OS by opening chrome://net-internals/#modules in the browser.

The student OU conversion to whitelisting will begin it's trial by fire when school starts back up tomorrow.  Overall though, my takeaway is this: if you're in a shared admin environment like I am, evaluate the policies/procedures you have in place to make sure everyone is on the same page when it comes to force installing or allowing apps and extensions. 


  1. Gratis Casino - Mapyro
    Gratis Casino 양주 출장마사지 is located 경주 출장안마 in 창원 출장안마 Thackerville, Iowa, USA. 문경 출장마사지 The casino was opened in 1996 and 익산 출장마사지 is owned by The Millmill Farm Community in Thackerville,


Post a Comment

Popular posts from this blog

I taught myself a thing today

Synthetics monitoring with New Relic for PowerSchool products

No, You Don't Need That Highlighter App (A discourse on Google for Education and FERPA)