Skip to main content

Blocksi Portal

Windows GPO Deployment

The following procedures outline the configuration steps needed for the Group Policy Object to deploy Blocksi for Windows in your environment.

Prerequisites

The following are required before you can begin setting up Blocksi.

  • Windows Server with the following roles created:

    • Active Directory domain services

    • DNS

    • File and storage services

  • Chrome browser installed on client devices.

  • A file share that is accessible by all Windows users that you want to filter. We recommend that this share is on another partition rather than the server's C drive.

  • Proper organization of your Active Directory environment (users, computers, OUs, etc.).

  • Username prefixes in Active Directory must match the email account prefixes. For instance, an administrator used Google Admin Console to create the email address John.Doe@example-school.com for a student. At a minimum, the username entered into Active Directory must match the prefix John.Doe or Blocksi will not filter the student's account.

  • Devices running Windows 7 and later.

  • Blocksi Application(s) MSI files, which can be found by signing in to your Admin Dashboard and accessing the Downloads window from the User icon on the Action Bar. Please contact support with questions regarding the necessary files.

  • On the Settings menu, under Domains, please include all domain names, sub-domains, and aliases that your district has in use.

Windows Defender Firewall Rule

This procedure describes the steps required to create Windows Defender Firewall Rules for the Blocksi Classroom application using Microsoft Endpoint Manager.

To create the rules

  1. Navigate to https://endpoint.microsoft.com and sign-in to Microsoft Endpoint Manager.

  2. Select Endpoint Security from the left-hand navigation pane.

  3. Select Firewall from the Endpoint Security left-hand navigation pane.

  4. Click + Create Policy at the top of the page.

  5. Select Windows 10 and later under Platform in the Create a profile blade that appears on the right hand side.

  6. Select Microsoft Defender firewall rules under Profile.

  7. Click the Create button.

From the Create Profile Wizard

On the Basics tab:

  1. Give your new profile a name. For example, Blocksi Allow Policy.

  2. Add a description of your choice.

  3. Click Next.

On the Configuration Settings tab:

  1. Select the downward facing caret next to Firewall Rules 0 items.

    Create Profile for Defender Firewall Rules

  2. Click + Add. The Windows Firewall Rules blade appears to the right.

  3. Type a name for your policy under Name; for example, Allow Blocksi application.

  4. Select Out for Direction.

  5. Select Allowed for Action.

  6. Select all that apply (at least Public and Private) for Network types.

  7. Type C:\Program Files (x86)\Blocksi 2.4\blocksi2.4.exe for File Path.

  8. Select Any for Protocol.

  9. Select Wireless and LAN (this covers both WiFi and wired networks) for Interface types.

  10. Select Yes for Any local address.

  11. Select Yes for Any remote address.

  12. Click the Save button.

  13. Click + Add to add another rule for the inbound traffic.

  14. Type a name for the new inbound policy; for example, Allow port 9432 inbound to Blocksi.

  15. Select In for Direction.

  16. Select Allowed for Action.

  17. Select all that apply (at least Public and Private) for Network types.

  18. Type C:\Program Files (x86)\Blocksi 2.4\blocksi2.4.exe for File Path.

  19. Select TCP for Protocol.

  20. Select Add and then type 9432 in the field under Local port ranges. You do not need to configure remote port ranges.

  21. Select Wireless and LAN (this covers both WiFi and wired networks) for Interface types.

  22. Select Yes for Any local address.

  23. Select Yes for Any remote address.

  24. Click the Save button.

On the Configuration Settings tab:

Click Next.

On the Scopes tab:

Click Next.

On the Assignments tab:

  1. Assign either Policy to All users or choose the default Selected Groups. To select a group, click Add and select a group to include; for example, Students.

  2. Click Next.

On the Review + Create tab:

Check the settings and click the Create button.

The policy now applies to the assigned users and devices to be applied.

Configuring the GPO

To configure the GPO

  1. Open Group Policy Manager on your Windows Server.

    Group Policy Management Window

  2. Navigate to the organizational unit(s) where you will deploy Blocksi, right-click the Organizational Unit Name, and select Create a GPO on this domain, and Link it here…. The New GPO window opens.

    New GPO Window

    Note

    In most cases, this Group Policy should be linked and enforced to an Organizational Unit that contains user accounts that will be filtered or monitored with Blocksi.

  3. Type a name for the GPO deployment, such as Blocksi GPO app deployment in the Name text field and click OK.

  4. Right-click the newly created GPO and select Edit from the drop-down menu.

    New GPO Window Edit
Adding Application Files to a Shared Folder

When installing Blocksi software with GPO, all required MSI files must reside in a shared folder accessible by all users subject to the GPO with Read access. This article outlines steps to create a shared folder and add the necessary applications.

To add application files to a shared folder

  1. Select a shared folder on your network. If a shared folder doesn’t exist yet, create it under the file path C:/.

  2. Upload the required MSI files to the shared folder. These can include the following:

    • BlocksiWebFilter.msi and/or BlocksiClassroom.msi

      OR

    • BlocksiEnterprise.msi

    Note

    If installing BlocksiEnterprise.msi, no other application files are required.

  3. Right click the shared folder and select Properties from the list. The Properties window opens.

  4. Click the Sharing tab, then click Share… under the Network File and Folder Sharing section. The File Sharing window opens.

  5. Click Add from the File Sharing window, and enter the appropriate Users or Groups. (This includes all users subject to the GPO created for Blocksi.)

  6. Go back to the drop-down list and select the Find people… option. The Select Users and Groups window opens.

    Select Users or Groups Window

  7. Type Administrator in the Enter the object names to select text box and click the Check Names button. A new window opens.

  8. Select the Admin account that controls the Windows server and click OK. You are returned to the Select Users and Groups window.

  9. Click OK. After these steps, the table in the File Sharing window should have the next accounts inside: Administrator, Administrators, and Everyone.

  10. Add permissions for the accounts. Administrators need Read/Write and Owner permissions, and Everyone needs to have Read permission.

    Permissions Window

  11. Click the Share button to complete the sharing process.

  12. Verify that the sharing process was successful, go to File Explorer, click the search field at the top, and type \\SERVERNAME\SHARED_FOLDER_NAME. See the following example.

    Windows Server

    Note

    If you don’t know the name of your Windows server you can find it in the Server Manager. If the shared apps are listed at this location, then you have successfully configured the folder sharing.

Adding the Blocksi Applications to the GPO

To add the Blocksi applications to the GPO

  1. In the GPO Management Editor, navigate to User Configuration > Policies > Software Settings and click Software installation.

    Software Installation Window

  2. Right-click Software Installation and select New > Package. The Open window opens.

  3. Navigate to the shared folder you created in the Adding Application Files to a Shared Folder section of this article. Do this by searching for it with the string: \\SERVERNAME\SHARED_FOLDER_NAME. See example below.

    Shared Folder Example

  4. Select the Blocksi installation file from the folder and add it to the list.

Configuring the Application Settings

To configure the application settings

  1. In the GPO Management Editor, navigate to User Configuration > Policies > Administrative Templates > All Settings.

  2. Configure/Set the following for the app.

  3. Enable Always install with elevated privileges.

  4. To enable this setting, do the following:

    1. Right-click the setting and select Edit from the drop-down menu.

    2. Click Enabled.

    3. Click Apply. The BlocksiClassroom Properties window opens.

  5. Select Assigned under Deployment type.

  6. Select the Install this application at logon checkbox under Deployment options.

    Blocksi Classroom Properties

  7. Click the Advanced… button. The Advanced Deployment Options window opens.

  8. Select the Ignore language when deploying this package and Make this 32-bit X86 application available to Win64 machines checkboxes.

    Advanced Deployment Options
Configuring the Chrome Browser Policy

If you do not see Class Administrative Templates, you may need to download and unzip the GoogleChromeEnterpriseBundle64.zip file found here: https://dl.google.com/tag/s/appguid%253D%257B8A69D345-D564-463C-AFF1-A69D9E530F96%257D%2526iid%253D%257BBEF3DB5A-5C0B-4098-B932-87EC614379B7%257D%2526lang%253Den%2526browser%253D4%2526usagestats%253D1%2526appname%253DGoogle%252520Chrome%2526needsadmin%253Dtrue%2526ap%253Dx64-stable-statsdef_1%2526brand%253DGCEB/dl/chrome/install/GoogleChromeEnterpriseBundle64.zip?_ga%3D2.8891187.708273100.1528207374-1188218225.1527264447.

To configure the Chrome browser policy

  1. Ensure that you are on User Configuration > Policies > Administrative Templates In your Group Policy Management Editor.

  2. Select the Action tab and click Add/Remove Templates.

  3. Click Add in the new window.

  4. Locate the GoogleChromeEnterpriseBundle64 folder you’ve unzipped at Configuration > adm > en-US, select Chrome.adm, and click Open.

    Add Remove Current Policy Templates

  5. Close the window and go to User Configuration > Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome.

  6. Double-click Continue running background apps when Google Chrome is closed.

  7. Go to User Configuration > Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome > Extensions.

  8. Double-click Configure the list of force-installed apps and extensions.

  9. Select Enabled and click Show.

  10. Return to the Blocksi Admin Dashboard Downloads window and copy the Blocksi Enterprise Edition Windows ID.

  11. Paste the ID (fcclfaoepaibnkmpcnknicjhpnbbbnom) into the Value field and click OK.

  12. Click OK in the next window.

    Show Contents Window
Updating the Configured Group Policies

To update the configured group policies

  1. Open the PowerShell or Command Prompt.

  2. Run the following command in the prompt: gpupdate /force. This updates the company GPOs.

When the users sign in to their accounts the next time, all the configured apps are installed.

Important Information

  • Place every new version of the app in the shared folder.

  • Delete the previous (older) version from the shared folder.

  • Re-add the new version of the app to the GPO configuration.