This guide explains key configuration settings for cloud-based policies and Chrome Apps, and how to deploy Chrome devices for specific uses. You'll also learn how to set up and deploy device and user policies across your organization, as well as remotely manage Chrome devices using the Admin console.
In fact, if your school or business adopts and deploys Chromebooks, the settings for managing devices can be more complex than you might think.
By default, there are the recommended settings that should be set when deploying Chromebooks to students or business users. Please note. See the white paper in this guide for details.
Recommended settings
In the Admin console under Device management > Chrome management, you can access many settings under User settings and Device settings. Although most organizations go with the defaults, below are popular settings some organizations customize.
Allow users that are signed-in to the device to change accounts in their browser window
|
You can decide to allow or block, users from signing in or out of Google Accounts within the browser. Or, you can allow users to sign in only to specific G Suite domains. Learn more about Sign-in Within the Browser.
|
Forced re-enrollment
|
Google recommends that you don’t turn this setting off. This setting forces a wiped device to re-enroll into your domain. If you don't want a Chrome device to re-enroll in your domain, you should deprovision the device. Learn more about forced re-enrollment.
|
Screen Lock
|
Select Always automatically lock screen on idle to increase security and reduce likelihood of someone using your users’ computers while they’re away.
|
Pre-installed Apps
and Extensions |
Choose the web apps that pertain to your users, such as Gmail Offline or Google Drive. You can also blacklist and whitelist apps if you need more control over which apps can be installed by users from the Chrome Web Store.
|
Pinned Apps
|
Select which apps to hide or show on the system taskbar. Note: This setting only allows administrator-specified apps, and users will no longer have their own custom set of apps visible on the system taskbar.
|
Pages to Load on Startup
|
This is commonly set to an intranet portal or homepage. The downside is that once set, Chrome devices no longer restore the tabs from the most recent browsing session upon restart.
|
Restrict sign-in to list of users
|
Restricting sign-ins to *@yourdomain.com prevents users from signing in with a consumer Gmail account or another non-domain account. You can control who is allowed to sign in to a managed (enrolled) Chrome device.
|
Erase all local user info, settings, and state after each sign-out
|
Don’t enable this; it causes users’ policies to re-download upon each sign-in session, unless you need to have the Chrome device wiped of all user states in between user sessions.
|
Auto-update settings
|
Leave the auto-update settings to their defaults. Chrome devices self-update every 6 to 8 weeks, bringing new features, bug fixes, and security vulnerability patches. We also recommend you keep 5% of your organization on the Beta or Dev channels to test how future Chrome OS releases work in your organization. See a full list of recommendations in Deploy auto-updates for Chrome devices.
Note: To stop background downloading of updates before the device is enrolled and rebooted, press Ctrl+alt+E on the End User License Agreement screen. Otherwise, downloaded updates that should have been blocked by policy might be applied when the user reboots the device.
|
Single Sign-On
|
For organizations using Single Sign-On (SSO), test to make sure a small number of your users can sign in to their Chrome devices before rolling this out to your whole organization. If you use SSO for G Suite sign in on your existing devices, you can consider using G Suite Password Sync.
|
Readiness checklist for deployment
▢
|
Network infrastructure
|
Do you have the Wi-Fi infrastructure in place and bandwidth for all of your devices to connect to the Internet at the same time?
|
▢
|
Legacy vs. web application inventory
|
How many of your users require legacy apps vs. web apps? Are you looking to move toward a wider adoption of web apps and online resources for your users? If so, what’s your timeline?
|
▢
|
Plug-in usage
|
Do you know what plugins are required to access the sites your users need to use? Do you need to set up a remoting solution to do this? Learn more
|
▢
|
Printers
|
Have you configured your printers for for native printing (CUPS)? Will you allow all or some of your users to print?
|
▢
|
Peripherals
|
Have you verified that peripherals your users need work with your Chrome devices? For example, test your headsets, barcode scanners, and the other peripherals you need to deploy before rolling them out to these users.
|
▢
|
Authentication scheme
|
How will users sign in to their computers? How will you manage Wi-Fi passwords and access to your Wi-Fi network? Are you relying on SSO for Chrome device authentication? Are you also using G Suite Password Sync (GSPS)? Are you using Cloud Identity?
|
▢
|
Project milestone dates
|
Do you have a timeline for your roll-out? Do you have a way for users to give feedback on their experience with Chrome devices? How long will your evaluation period be, what types of surveys will you give users, and how often will you gather usage data and user feedback?
|
▢
|
User training
|
If you’re moving from another platform to Chromebooks, are you conducting user training? If you have a training department, you can create the training in-house. If you don’t, some Google Cloud Premier Partners offer Chromebook training.
|
▢
|
Help desk readiness
|
Is your help desk familiar with the Chrome Enterprise Help Center? Reading the resources listed on the following page and attending trainings can help your help desk and IT staff get up to speed speed with Chromebook-related questions.
|
No comments:
Post a Comment