Restrict Managed Chromebook Login to One User Account and Admin Accounts
Reported by
forest.c...@dyc.k12.co.us,
May 18 2016
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 Platform: 7978.66.0 (Official Build) stable-channel candy Steps to reproduce the problem: We would like to be able to assign one Managed Chromebook to one user, in such a way that only the assigned user or an administrator is able to log into the Chromebook. We envision an option in the Device Management>Chrome>Device Settings>Sign-in Restrictions>Restrict Sign-in field to allow chrome://settings/accounts on the Managed Chromebooks. Or we would like the ability to allow a user to be assigned to a Chromebook via the Management Console. What is the expected behavior? Allow an admin to enter a user account into chrome://settings/accounts on a managed Chromebook, or allow an admin to assign a user to a Chromebook via the Chrome Management Console, so that only one user + any admin is able to sign into the assigned managed Chromebook. What went wrong? N/A Did this work before? No Chrome version: 50.0.2661.91 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: 21.0.0.216-r2
,
Jun 6 2016
I don't understand the request - you can use the "Sign-In Restriction" on cpanel to restrict who can sign in to a given chromebook. You can provide the address of a user, and any admins you'd like to be able to use the device. Can you clarify why this doesn't address the requirement?
,
Jun 7 2016
Please prioritize and assign.
,
Jun 17 2016
Apologies for the late reply. We have 500 Managed Chromebooks and 500 students (and we are expanding) in a highly-secured K12 youth corrections school environment, with high student turnover. We would like each student to be able to log into only the Chromebook that they are assigned. "Sign-in Restriction" is a device setting, so in order to set 10 Chromebooks to one specific student each, 10 sub organizations need to be created, and then one Chromebook needs to be placed within each sub organization. Then you would add an address of a student to each of the sub organizations. Due to the high student turnover, teachers would need access to the Chrome Management Console in order to switch out student addresses when a Chromebook changes hands. It currently is not possible to create a custom admin role with privilege restrictions that would be acceptable -- the 'Manage Device Settings' privilege appears to be as granular as it gets, and this is not restrictive enough for the environment. We were hoping that you might be able to work out a way to allow a teacher to be able to log into a Managed Chromebook and set a student address in a way similar to a Supervised User in a non-Managed Chromebook. The thought of making User Role Privileges more granular comes to mind, though that doesn't resolve the issue of having to create one sub org for each Chromebook.
,
Nov 10 2016
,
Mar 22 2017
Our school district is a 1:1 model and we have the same request to have a single user log into a single device. We see many accounts on devices and find students are using other account to mask activity and cheat. I was wondering if the Device custom field for the user name could be the key to restricting the logon on that device to only the user(s) listed in this custom field. Blank would be anyone, or entries to restrict it to.
,
Mar 23 2017
+max, please assign and prioritize
,
Mar 23 2017
,
Today
(17 hours ago)
Hi, We would like to know if there's any progress on this Feature Request? There's a School Organization who would like to have this same functionality. We have suggested the workaround to create sub-organizational units and put one student in that sub-OU where sign-in restriction is only for that user and one admin however, if we are talking about thousands of users, this workaround is not recommended. Any thoughts/updates on this will be appreciated. Though, we have set customer's expectations that we don't have any ETAs for Feature Requests. Thank you. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by dchan@google.com
, Jun 3 2016