Skip to main content

Admin Dashboard

Windows GPO Deployment

The following procedures outline the configuration steps needed for the Group Policy Object to deploy Blocksi for Windows in your environment.

Set up the following before setting up Blocksi:

  • Windows Server with the following roles created:

    • Active Directory domain services

    • DNS

    • File and storage services

  • Chrome browser installed on client devices.

  • A file share that is accessible by all Windows users that you want to filter. We recommend that this share is on another partition rather than the server's C drive.

  • Proper organization of your Active Directory environment (users, computers, OUs, etc.).

  • Username prefixes in Active Directory must match the email account prefixes. For instance, an administrator used Google Admin Console to create the email address John.Doe@example-school.com for a student. At a minimum, the username entered into Active Directory must match the prefix John.Doe or Blocksi will not filter the student's account.

  • Devices running Windows 7 and later.

  • Blocksi Application(s) MSI files, which you can find when you sign in to your Admin Dashboard and access the Downloads window from the User icon on the Action Bar. Please contact support with questions regarding the necessary files.

  • On the Settings menu, under Domains, please include all domain names, sub-domains, and aliases that your district has in use.

To configure the GPO

  1. Open Group Policy Manager on your Windows Server.

    Group Policy Management Window
  2. Navigate to the organizational unit(s) where you will deploy Blocksi, right-click the Organizational Unit Name, and select Create a GPO on this domain, and Link it here…. The New GPO window opens.

    New GPO Window

    Note

    In most cases, this Group Policy should be linked and enforced to an Organizational Unit that contains user accounts that will be filtered or monitored with Blocksi.

  3. Type a name for the GPO deployment, such as Blocksi GPO app deployment in the Name text field and click OK.

  4. Right-click the newly created GPO and select Edit from the drop-down menu.

    New GPO Window Edit

When installing Blocksi software with GPO, all required MSI files must reside in a shared folder accessible by all users subject to the GPO with Read access. This article outlines steps to create a shared folder and add the necessary applications.

To add application files to a shared folder

  1. Select a shared folder on your network. If a shared folder does not exist yet, create it under the file path C:/.

  2. Upload the required MSI files to the shared folder. These can include the following:

    • BlocksiWebFilter.msi and/or BlocksiClassroom.msi

      OR

    • BlocksiEnterprise.msi

    Note

    If installing BlocksiEnterprise.msi, no other application files are required.

  3. Right click the shared folder and select Properties from the list. The Properties window opens.

  4. Click the Sharing tab, then click Share… under the Network File and Folder Sharing section. The File Sharing window opens.

  5. Click Add from the File Sharing window, and enter the appropriate Users or Groups. (This includes all users subject to the GPO created for Blocksi.)

  6. Go back to the drop-down list and select the Find people… option. The Select Users and Groups window opens.

    Select Users or Groups Window
  7. Type Administrator in the Enter the object names to select text box and click the Check Names button. A new window opens.

  8. Select the Admin account that controls the Windows server and click OK. You are returned to the Select Users and Groups window.

  9. Click OK. After these steps, the table in the File Sharing window should have the next accounts inside: Administrator, Administrators, and Everyone.

  10. Add permissions for the accounts. Administrators need Read/Write and Owner permissions, and Everyone needs to have Read permission.

    Permissions Window
  11. Click the Share button to complete the sharing process.

  12. Verify that the sharing process was successful, go to File Explorer, click the search field at the top, and type \\SERVERNAME\SHARED_FOLDER_NAME. See the following example.

    Windows Server

    Note

    If you don’t know the name of your Windows server, find it in the Server Manager. If the shared apps are listed at this location, then you have successfully configured the folder sharing.

To add the Blocksi applications to the GPO

  1. In the GPO Management Editor, navigate to User Configuration > Policies > Software Settings and click Software installation.

    Software Installation Window
  2. Right-click Software Installation and select New > Package. The Open window opens.

  3. Navigate to the shared folder you created in the Adding Application Files to a Shared Folder section of this article. Do this by searching for it with the string: \\SERVERNAME\SHARED_FOLDER_NAME. See example below.

    Shared Folder Example
  4. Select the Blocksi installation file from the folder and add it to the list.

To configure the application settings

  1. In the GPO Management Editor, navigate to User Configuration > Policies > Administrative Templates > All Settings.

  2. Configure/Set the following for the app.

  3. Enable Always install with elevated privileges.

  4. To enable this setting, do the following:

    1. Right-click the setting and select Edit from the drop-down menu.

    2. Click Enabled.

    3. Click Apply. The BlocksiClassroom Properties window opens.

  5. Select Assigned under Deployment type.

  6. Select the Install this application at logon checkbox under Deployment options.

    Blocksi Classroom Properties
  7. Click the Advanced… button. The Advanced Deployment Options window opens.

  8. Select the Ignore language when deploying this package and Make this 32-bit X86 application available to Win64 machines checkboxes.

    Advanced Deployment Options

If you do not see Class Administrative Templates, you may need to download and unzip the GoogleChromeEnterpriseBundle64.zip file found here: https://dl.google.com/tag/s/appguid%253D%257B8A69D345-D564-463C-AFF1-A69D9E530F96%257D%2526iid%253D%257BBEF3DB5A-5C0B-4098-B932-87EC614379B7%257D%2526lang%253Den%2526browser%253D4%2526usagestats%253D1%2526appname%253DGoogle%252520Chrome%2526needsadmin%253Dtrue%2526ap%253Dx64-stable-statsdef_1%2526brand%253DGCEB/dl/chrome/install/GoogleChromeEnterpriseBundle64.zip?_ga%3D2.8891187.708273100.1528207374-1188218225.1527264447.

To configure the Chrome browser policy

  1. Ensure that you are on User Configuration > Policies > Administrative Templates In your Group Policy Management Editor.

  2. Select the Action tab and click Add/Remove Templates.

  3. Click Add in the new window.

  4. Locate the GoogleChromeEnterpriseBundle64 folder you’ve unzipped at Configuration > adm > en-US, select Chrome.adm, and click Open.

    Add Remove Current Policy Templates
  5. Close the window and go to User Configuration > Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome.

  6. Double-click Continue running background apps when Google Chrome is closed.

  7. Go to User Configuration > Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome > Extensions.

  8. Double-click Configure the list of force-installed apps and extensions.

  9. Select Enabled and click Show.

  10. Return to the Blocksi Admin Dashboard Downloads window and copy the Blocksi Enterprise Edition Windows ID.

  11. Paste the ID (fcclfaoepaibnkmpcnknicjhpnbbbnom) into the Value field and click OK.

  12. Click OK in the next window.

    Show Contents Window

To update the configured group policies

  1. Open the PowerShell or Command Prompt.

  2. Run the following command in the prompt: gpupdate /force. This updates the company GPOs.

When the users sign in to their accounts the next time, all the configured apps are installed.

  • Place every new version of the app in the shared folder.

  • Delete the previous (older) version from the shared folder.

  • Re-add the new version of the app to the GPO configuration.