Discover logged in Chromebook users on network?

[John Berliner]

I'm wondering if there is any possibility to discover the username of any managed Chromebook logged into our network, e.g. by using some kind of network scanner application or utility. 

For example using Apple's Remote Desktop, you can see IP address, MAC address, DNS name, and device name of all Apple devices on the network. However our Windows and Chromebook users only show an IP address.

And our firewall (SonicWALL) makes it easy enough to see which users are consuming high bandwidth, accessing inappropriate content, etc., but again only by IP address. I know Chromebooks don't support SNMP so that's out. Any suggestions?

Thanks.

[Tim White]

If you have access to Active Directory and all your users have an account you can leverage those accounts on your Sonicwall by forcing LDAP authentication for your Chromebook subnet (or all subnets that should know their network login -- maybe 5-12 plus staff). We use Active Directory plus GADS to populate our Google Apps users and maybe you do too. If so this is the no cost solution. But it does require different subnet(s) or address objects defined for users / devices / appliances that will not be able to login for access (ex. K-4 labs, servers, special network appliances that need web access). Here's a how to from a Spiceworks user:
http://community.spiceworks.com/how_to/show/2539-setup-authentication-in-sonicwall

This would also require that your users know their Active Directory password which could be different from their Google Apps password -- we also use GAPS so our passwords are the same on both.

If you don't use Active Directory here are some other thoughts:
1. Sonicwall also supports Radius and Novell authentication if either of those are an option. But they do not support Apple Open Directory.
2. This is more complex but would work without any authentication:
- Make a DHCP reservation for each Chromebook MAC Address in your dhcp server.
- Assign each reserved IP an address object in your Sonicwall.
- Now whenever a given device is online it gets identified in the Sonicwall
3. Securly.com -- these guys were the first Single Sign On option for Chromebook filtering and monitoring. We've been using them all year with our recent Blended Learning (1:1) initiative and I love their Chromebook package. They are not free but they are a drop in option and work solely from your Google Apps user structure. So it doesn't matter what directory service you use at school or if you even have one at all. They even offer a Take home option which is very nice.

I can give more input from our experiences so far this year if you want to contact me directly: twh...@wcr7.org

We don't use a Sonicwall but I have a good amount of experience with their units. We opted for a Watchguard XTM + Securly for the price point and great feature set and I would do it again. I love this combo.

More on our combo:
http://bit.ly/1jHeOim

Tim White
Technology Director
Webb City R7 Schools
www.wcr7.org
www.wcstudent.org
www.webbcitybrightfutures.org

[Ryan Case]

I have been testing GoGuardian.com and it would do what you are looking for. 

It is a content management app and free until august. 

--
You received this message because you are subscribed to the Google Groups "Chromebook Teachers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromebook-teac...@googlegroups.com.
To post to this group, send email to chromeboo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/chromebook-teachers/d69f9668-57a0-4ca0-b86c-eeeba731090f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[John Berliner]

Thanks for the great suggestions guys. We run Open Directory so leveraging the SonicWALL to require directory authentication is out, and I can't imagine SonicWALL will ever put in OD support since Apple's server product line is pretty much dead. However that's an interesting idea about setting aside DHCP reservations for each MAC address. It would require a fair amount of work to set up but it might be worthwhile. Sounds like a fun little summer project. We're making some other changes to our network in July so I'll keep that in mind.

And I'll go check out the two vendors suggested.

About the extension-based approach: We had looked at Hapara and another monitoring solution called I think NetSupport ? and decided not to implement either, for different reasons. But obviously if the same students you are worried about can easily disable or kill any browser-based extensions, it's a non-starter. Does anyone know of any plans with Google to provide "protected" extensions? (How they would implement that, I have no idea -- hiding them from task manager, making them respawn-able, etc. I dunno, I'm not a programmer...) Our school only goes up to 8th grade but we have just enough tech savvy kids in the mix that I'm sure they would figure out how to disable the managing extension within a short amount of time.

John

On Saturday, April 12, 2014 9:15:31 AM UTC-7, Tim White wrote:

We use Guardian too. But being only extension based our tech savvy kids know how to shut it down in the task manager (shift escape) just like they already do with Hapara remote control and Promevo gScholar. So regularly we have significantly less users showing up online in Guardian than there actually are.

Guardian is a little cheaper for sure (and free to test until August). But I have found time and again Securly creating solutions for us and putting in crazy hours on weekends and late nights to make things work where other vendors left me hanging. They've earned my respect for sure. Guardian on the other hand posted a writeup from me on their blog without getting my consent on the full article and more or less said I would choose them over a traditional content filter - which I would not. I'm not sure I trust these guys even though I like parts of their product.

On Apr 12, 2014 10:44 AM, "Ryan Case" <rc...@gufsd.org> wrote:

I have been testing GoGuardian.com and it would do what you are looking for. 

It is a content management app and free until august. 

On Apr 11, 2014 7:17 PM, "John Berliner" <john_b...@liveoaksf.org> wrote:

I'm wondering if there is any possibility to discover the username of any managed Chromebook logged into our network, e.g. by using some kind of network scanner application or utility. 

For example using Apple's Remote Desktop, you can see IP address, MAC address, DNS name, and device name of all Apple devices on the network. However our Windows and Chromebook users only show an IP address.

And our firewall (SonicWALL) makes it easy enough to see which users are consuming high bandwidth, accessing inappropriate content, etc., but again only by IP address. I know Chromebooks don't support SNMP so that's out. Any suggestions?

Thanks.

--
You received this message because you are subscribed to the Google Groups "Chromebook Teachers" group.

To unsubscribe from this group and stop receiving emails from it, send an email to chromebook-teachers+unsub...@googlegroups.com.

To post to this group, send email to chromeboo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/chromebook-teachers/d69f9668-57a0-4ca0-b86c-eeeba731090f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the Google Groups "Chromebook Teachers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/chromebook-teachers/DD2MGqR7GTs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to chromebook-teachers+unsub...@googlegroups.com.

To post to this group, send email to chromeboo...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/chromebook-teachers/CAHOSiV1BsUVT39DUvrBh4faY4CruCvrororWu5C%3DN8Y%2BPz_2zQ%40mail.gmail.com.

[Tim White]

Yeah not a lot of vendors support Open Directory and even when they do support is tough and results are not what you'd hope. We tried it with iBoss and Lightspeed and it kind of worked but we have had lots of ODM issues the last couple years and have moved a different direction. This past spring we loaded all students into Active Directory and this past summer / fall made the transition for Staff. Its shocking how much easier things are now. Everybody supports AD either via plugin or LDAP which is really nice.

On the Chrome extension side things are better than they were last August. At least the extensions do respawn now but its not always as quick as Google says. Most of the time teachers have to tell kids to close their Chromebooks and when they open them they back up remote control shows up in Hapara again (unless they kill the process again). But its hard for staff to know if there's a technology glitch or bad student behavior because we have seen both.
The real fix will be for Google to allow disabling Task Manager for select OUs as a management option. This is what we need. Then we could rely on many extension based solutions.

I still love other elements of Hapara that don't rely on the extension and wholeheartedly recommend their product.

- Tim

To unsubscribe from this group and all its topics, send an email to chromebook-teac...@googlegroups.com.

To post to this group, send email to chromeboo...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/chromebook-teachers/09a10520-27e0-453b-b891-9648f6639dd9%40googlegroups.com.