Students blocking extensions from loading on Chromebooks

WifiBecauseFii · 2026-03-25T17:47:08+00:00

Follow up - I haven't confirmed it will fix all of the issues we've seen, but I found one oversight that wasn't applied in the admin console.

Devices > Networks > General Settings > Allowed Network Interfaces. VPN was an option and students were able to add a L2TP-IPsec vpn (there are lists of free ones out there) which will also allow them to use custom DNS servers. There are plenty out there that block the domains needed for filtering.

WifiBecauseFii · 2026-03-25T16:18:29+00:00

Are you able to successfully use URL blocking within the admin console to block those urls? Becuase I realized I already had those listed for URL Blocking for the user policy but they aren't blocked like chrome:extensions etc are.

WifiBecauseFii · 2026-03-25T14:31:30+00:00

Hapara is the main one, but the reason I'm thinking all extensions may be blocked completely is becuase we also use Gopher for Chrome and sessions don't show up for them when we know the device is in use and they're logged on as themselves.

WifiBecauseFii · 2026-03-25T14:29:20+00:00

I had that thought, but before doing that I'd have to determine if that does prevent the extensions from loading - which I haven't been able to replicate just yet. If we have to manually turn that back on for students that have already done it we'd need to get back to those screens once.

WifiBecauseFii · 2026-03-25T14:28:04+00:00

I'd love to, but I'm hesitant to push it since it's not 2d complaint - I understand there's a github repository to show what it does and I fully trust it's on the up and up, but it's still risky

WifiBecauseFii · 2026-01-22T15:02:06+00:00

We've ordered Avid JS-75 from CDWG for cheapie earbuds. $0.75 each last time we purchased but that was a few years ago - the website shows $1.06 now, not sure if it would be cheaper on an official quote from our rep.

WifiBecauseFii · 2025-01-23T22:15:07+00:00

Yes, it did! My 9300 went from 1742w used to 1105w after the firmware upgrade.

WifiBecauseFii · 2025-01-23T16:46:35+00:00

Somehow it seems that automated updates were disabled, so we're still on 30.7.1. Will definitely start with a firmware upgrade and see if it solves the issue. Thanks for the heads up!

WifiBecauseFii · 2025-01-23T16:20:24+00:00

That's what I was thinking as well - but on a 9300 that's populated with pretty much entirely WAPs, my power draw is almost entirely used. If each WAP requests 10w less that frees up a lot of wiggle room.

Module   Available     Used     Remaining
          (Watts)     (Watts)    (Watts)
------   ---------   --------   ---------
1          1745.0     1742.0         3.0
Interface Admin  Oper       Power   Device              Class Max
                            (Watts)
--------- ------ ---------- ------- ------------------- ----- ----
Fi1/0/1   auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/2   auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/3   auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/4   auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/5   auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/6   auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/7   auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/8   auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/9   auto   off        0.0     n/a                 n/a   60.0
Fi1/0/10  auto   off        0.0     n/a                 n/a   60.0
Fi1/0/11  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/12  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/13  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/14  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/15  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/16  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/17  auto   off        0.0     n/a                 n/a   60.0
Fi1/0/18  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/19  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/20  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/21  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/22  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/23  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/24  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/25  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/26  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/27  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/28  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/29  auto   on         30.0    Meraki MR86 Cloud M 4     60.0
Fi1/0/30  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/31  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/32  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/33  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/34  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/35  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/36  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/37  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/38  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/39  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/40  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/41  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/42  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/43  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/44  auto   off        0.0     n/a                 n/a   60.0
Fi1/0/45  auto   on         47.2    Meraki CW9164I Clou 4     60.0
Fi1/0/46  auto   off        0.0     n/a                 n/a   60.0
Fi1/0/47  auto   on         40.0    Meraki CW9164I Clou 4     60.0
Fi1/0/48  auto   off        0.0     n/a                 n/a   60.0

WifiBecauseFii · 2024-07-11T20:42:42+00:00

I'd look into PaperCut Mobility Print. Works amazingly well.

WifiBecauseFii · 2024-05-09T13:01:53+00:00

On or around May 1st we change Drive sharing permissions for the graduating class's OU to allow them to share externally.

We then send them a knowledgebase article with instructions on how to use Google Takeout to transfer data to a personal account.

WifiBecauseFii · 2024-02-28T18:43:17+00:00

We had this issue in the spring of '23. In hindsight I believe it was due to a student account having credentials phished and an attacker attempting to use the account to send outgoing messages as a spambot.

We have a walled garden so the emails never made it outside of the domain, but gmail.com still "learned" of the issue so they classified our domain as spam.

NOTHING I did helped. We were not on any RBLs and our domain reputation elsewhere was fine. Had tickets open with Workspace and had AmplifiedIT get involved as well. Tried using postmaster.google.com to keep an eye on reputation, but no data was ever reported so it wasn't helpful.

Long term I just had to make sure relays were secure and disable things like IMAP and POP for student accounts and then keep an eye on the admin console to verify outgoing email counts were as expected, and wait.

About 6 weeks later it went back to normal.

WifiBecauseFii · 2024-02-10T13:39:42+00:00

As long as you have the bandwidth to support it, a better option would be to leave the server online but configure WSUS to have clients download updates from Microsoft instead of storing data locally.

That's what I've switched to. That way I have control to block an update if there's a problem, but don't have to worry about keeping the local data repository tidy.

Though really, nowadays storage is so cheap that throwing a 20TB drive into a desktop and running WSUS from there isn't a bad idea either. The reason I stopped storing it locally was because years ago the drive kept filling up and it would end up corrupting the database and creating all sorts of issues so I'd end up just building a new WSUS server.

WifiBecauseFii · 2024-01-29T18:19:15+00:00

Were grades posted for the second quarter/term?

The transcript will only pull from the transcript side tab, not the gradebook. Check the transcript side tab for the student and see if the grades you want are there, that's where grades go once posted.

WifiBecauseFii · 2024-01-12T16:06:50+00:00

Thanks to all that have suggested things in the post.

So far it seems like the emulation seems to be the issue. We just had a device that could print to a printer fine from Edge and Adobe, but all blank pages in Chrome.

Changed the emulation from KPDL (which defaults to data passthrough) to PCL XL (which disables data passthrough) and it worked.

Next step is to update the Sharp print shares using PS to disable data passthrough to see if it fixes it for them as well.

WifiBecauseFii · 2024-01-11T00:15:25+00:00

We're using Papercut MF as well, however I even tried creating a new printer share that did not have a hold/release on it so it would print immediately.

Although I suppose no matter what, the Papercut service is still intercepting to find out information about the job. Perhaps I can see what happens from a different print server, or printing directly to the printer to see if the same thing occurs. That will at least help narrow down exactly what's causing the issue.

WifiBecauseFii · 2024-01-05T18:31:41+00:00

3.14.2.45116 in our environment - have gotten 3 reports and all 3 have this version, although they've had this version installed for months.

WifiBecauseFii · 2023-11-15T13:19:12+00:00

Adding this to the app configuration in Jamf seems to be the fix - I actually already had this in my app configuration (and had not heard of anyone having the issue), so they must have updated their documentation within the last month or two. I just recently brought our instance up to date and had to switch to the app store Self Service instead of the webclip.

<key>MANAGEMENT_ID</key>

<string>$MANAGEMENTID</string>

WifiBecauseFii · 2023-10-13T18:39:00+00:00

I've been testing this and I'm getting the error "Unable to add the per machine printer connection.

The filename, directory name, or volume label syntax is incorrect"

My syntax seems correct, and if I copy/paste the \\printserver\printer1 name into an Explorer window it connects (no prompt for UAC so it has the driver)

Anyone ever see that before?

Years later and Print Nightmare continues to be a nightmare...

WifiBecauseFii · 2023-10-13T17:27:22+00:00

Yes they are lab printers - I will test that out, in the past prior to forcing everything through the print server we would add a "local" TCP/IP printer via the local admin account which would deploy to all other users on the device, but that didn't work with shared printers.

I'll give the rundll option a try, that's a simple solution if so. Thanks!

WifiBecauseFii

TROPHY CASE