This article is written for G Suite for Education (GSFE) Admins. Note Safe Doc configuration is not supported for personal gmail accounts.

At out of the box, Safe Doc eliminates these kids-inappropriate features in GSFE,

  • the image searching feature
  • the video searching feature
  • the Explore feature
  • the Dictionary feature
  • the link preview feature
  • the middle finger emoji
  • games in google search, e.g. Snake
  • the Poop sticker in Hangouts

But every chef has their own taste. With that in mind, Safe Doc supports policy configurations to customize which G Suite features to block. To get a better understanding how policy works, take a look at Google's how-to Configuring Apps and Extensions by Policy.

Policy Configuration Format

As you just discovered from the Google article, the policy formats depend on the platform. I only explain the format for Chrome OS because students commonly use Chromebooks in school.

In a nutshell, the configuration is a human-readable JSON file. A sample policy for Safe Doc is like

{
  "SafeDocLicenseKey": {
    "Value": "12345678-9012-3456-7890-1234567890"
  },
  "EnableExplore": {
    "Value": true
  },
  "EnableDictionary": {
    "Value": false
  },
  "EnableVideoSearch": {
    "Value": true
  },
  "EnableImageSearch": {
    "Value": false
  },
  "BlockAddVideo": {
    "Value": false
  },
  "BlockEmojis": {
    "Value": ["🖕"]
  },
  "BlockDocLinkPreview": {
    "Value": true
  },
  "BlockDriveSharedLinks": {
    "Value": {
      "Blacklist": [
        "1TTdYiQ_TgOlpNr-zyT8OpFLbwPmz0-g9XymYql5l1ZA",
        "*@*",
        "/*/*"
      ],
      "BlacklistExceptions": [
        "114xLJiJZ8OwXJ41sYyKdycT8Hy0ccbIgPVPG-n_6tew",
        "*@school.us"
      ],
      "DelegateAdminEmail": "d.admin@test.xfanatical.com"
    }
  },
  "BlockWebPublish": {
    "Value": true
  },
  "BlockGoogleSearchGames": {
    "Value": true
  }
}

The definition of each policy can be found in Safe Doc Policy List below.

Editing a policy value is simple. Check the data type of the policy.

  • If it's a Boolean, the value is either true or false.
  • If it's a String, the value is a text like "this is a text".
  • If it's a Number, type a number.
  • If it's an Array (or List), then the value is like ["a", "b", "c"].
  • If it's an Object (or Group), then enclose policy elements with a pair of braces { part1: true, part2: false }. An Object is like a folder in your computer containing more files.

But be ware of typos, a redundant comma or missing curly bracket will break the policy configuration.

Apply New Policy Configuration

First of all, test your policy configuration in an isolated Organizational Unit (OU) to see if the user experience is what you wanted.

When you're ready to deploy the policy configuration, follow these steps

  1. Log into Admin Console.
  2. Go to Devices > Chrome management > Apps & extensions.
  3. Select your student OU with Safe Doc installed.
  4. Click Safe Doc app.
  5. In this Policy for extensions of right panel, copy and paste your tested policy configuration.
  6. If everything is correct, click Save to take effect. Then Safe Doc in your students' Chromebooks will be automatically reconfigured.
Edit Safe Doc Policy in Admin Console
Edit Safe Doc Policy in Admin Console

Safe Doc Policy List

SafeDocLicenseKey

DescriptionThe license key used to activate Safe Doc.

With a valid license key, the Safe Doc extension will display the icon in GREEN. Otherwise, it's displayed in GREY.

If not set or incorrect, the extension does not function.
Data typeString
Support sinceVersion 1.1.0

EnableExplore

DescriptionBlock the Explore feature in Docs and Slides.

The Explore feature can be activated from the floating widget on the bottom right of app, context menu or app menu.

If not set or false, the Explore feature is blocked.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.1.0
Learn moreHow to Disable the Explore feature in Docs and Slides?

EnableDictionary

DescriptionBlock the Dictionary feature in Docs, Sheets, Slides, Forms and Drawing.

The Dictionary feature can be activated from right-click context menu or app menu.

If not set or false, the Dictionary feature is blocked.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.1.0
Learn moreHow to Disable Dictionary in Google Docs?
DescriptionBlock the YouTube Video Search feature in Slides, Forms and Classroom.

The YouTube video search feature can be activated from app menu in Slides or side app bar in Forms or comment bar in Classroom.

If not set or false, this feature is blocked.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.1.0
Learn moreHow to Block Video Search in Google Slides, Forms, Hangouts and Classroom?
DescriptionBlock the Google Image Search feature in Docs, Sheets, Slides, Forms and Drawings.

The Google Image Search feature can be activated from app menu Insert > Image > Search the web, toolbar, context menu or side app bar in Forms.

If not set or false, this feature is blocked.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.1.0
Learn moreHow to Block Image Searching in Google Apps?

BlockAddVideo

DescriptionBlock the Adding Video feature in Slides, Forms and Classroom.

This is a more aggressive policy than EnableVideoSearch. It completely removes the Add video option from Slides, Forms and Classroom. The Slides Insert > Video will be removed. The video buttons in Forms and Classroom will removed.

If this policy is set to true, the Adding Video feature is blocked.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.4.0

BlockEmojis

DescriptionBlock certain insulting emojis in Gmail.

Gmail has a feature to allow students to select emoji symbols when composing an email. This policy allows you to configure which emoji symbol should be blocked.

This policy is supplied with a list of strings.
If this policy is not set, the default array will be used, ["🖕"].
If this policy is empty [], no emojis are blocked.
If this policy includes an *, the emoji feature is disabled.
Data typeList of Strings
Default["🖕"]
ExamplesBlock middle finger, grinning face, smiling face with sunglasses emojis.
["🖕", "😀", "😎"]

Block the emoji feature.
["*"]

No block.
[]
Support sinceVersion 1.4.0
Learn moreRemove Inappropriate Emojis in Gmail and Hangouts

BlockDocLinkPreview

DescriptionBlock the link preview feature in Docs, Slides and Drawings. The link preview feature allows students to accidentally finding inappropriate images and contents on links.
Data typeBoolean
Defaulttrue
Support sinceVersion 1.5.0
Learn moreDisable Link Preview Feature in Docs, Slides and Drawings

BlockDriveSharedLinks

Description Block certain Google drive shared links even students have access permissions
This policy is more powerful than Admin Console's Drive Sharing settings in terms of drive access management for students. It gives teachers and administrators finer control on which drive information students can see.

Note this policy has 3 child settings, Blacklist, BlacklistExceptions and DelegateAdminEmail. Safe Doc will determine whether to block a shared drive file by first matching the blacklist and matching the exception list. The DelegateAdminEmail setting is used in the process of content filtering.The details of these settings are included in this table below.
Data typeObject
Support sinceVersion 1.6.7
Learn moreBlock Google Drive Sharing Files
Default
          
{
  "Blacklist": [],
  "BlacklistExceptions": [],
  "DelegateAdminEmail": ""
}
Examples
          
{
  "Blacklist": [
    "1TTdYiJ_TgOlpNr-zYT8OpELbwPmz0-g1XymYql5l1ZA",
    "*@*",
    "/Students/Element School/Grade 4",
    "/Students/Element School/Grade 5",
    "/Staff/*"
  ],
  "BlacklistExceptions": [
    "*@your.district.k12.us",
    "*@brother.district.k12.us",
    "*@nonprofit.org",
    "the.science.guy@gmail.com",
    "/Staff/Teachers"
  ],
  "DelegateAdminEmail": "d.admin@your.district.k12.us"
}
For a Grade 3 student, s/he is
  • blocked to open the google doc with id 1TTdYiJ_TgOlpNr-zYT8OpELbwPmz0-g1XymYql5l1ZA
  • only allowed to visit shared files from his/her school, whitelisted schools, trusted external organizations and personal @gmail accounts. Files owned by other emails are blocked.
  • not allowed to see shared files from Grade 4 and Grand 5 students and staffs other than teachers, like administrators or technicians.
Blacklist
DescriptionThe blacklist of Drive file sources. Safe Doc can block Drive shared files in 3 forms.
1) A specific Drive file ID. Safe Doc blocks specific Drive files if their file IDs are in this blacklist.
2) All shared Drive files from specific owners. Input an email or emails of file owners. Safe Doc detects the owner of file link and block it if the owner's email address falls into the blacklist. Support the * wildcard.
3) All shared Drive files from owners from specific organizational units (OU). Specify the Organizational Unit Path. The OU path is a different representation of OU separated by a forward-slash '/'. For example, /Students/Elementary School/Grade 1 equals to District Domain > Students > Elementary School > Grade 1. Safe Doc looks up the OU of file owner and blocks the file link if the OU is in the blacklist.
Data typeList of Strings
Default[]
Examples["1TTdYiJ_TgOlpNr-zYT8OpELbwPmz0-g1XymYql5l1ZA", "1b4xLJiWZ8OwXJ45kYyOdycT8Hs0cabIgPVKG-n_6tew"]
Block 2 drive files with their file id

["*@gmail.com"]
Block all shared files from @gmail.com accounts

["b.buckley@gmail.com", "p.melendez@example.org"]
Block all shared files from 2 specific owners

["*@*"]
Block all shared files from anyone, including users in your domain. Combine this with the BlacklistExceptions option to achieve whitelisting specific owners.

["/Students/Grade 4", "/Students/Grade 5"]
Block shared file links from Grade 4 and Grade 5 students.

["/Staff", "/Staff/*"]
Block shared file links from any staff.

["*"]
Nah, using a single wildcard does not work.
BlacklistExceptions
Description Exception Drive file links to the blacklist. Any file that matches the source in this list will be unblocked. Safe Doc accepts 2 forms of sources.
1) Specific owner emails. Support the * wildcard too.
3) Specific organizational units. Support the * wildcard too..
Data typeList of Strings
Default[]
Examples ["*@your.district.k12.us", "*@brother.district.k12.us", "*@nonprofit.org", "the.science.guy@gmail.com"]
Allow shared files from your school domain, whitelisted school domain, external non-profit organization and trusted @gmail accounts.

["/Staff/Teachers"]
Allow shared file links from any teachers.
DelegateAdminEmail
Description A privilege-limited administrator email to allow Safe Doc access user and organizational unit basic information to perform drive file link filtering.
To know which OU a shared file owner is associated to, Safe Doc needs to impersonate an administrator to get user and OU information from your school domain using a service account. A separate administrator account with minimum user read-only and OU read-only privileges is ideal.

Learn more about service account in Google's document Perform G Suite Domain-Wide Delegation of Authority
Data typeString
Default"" (an empty string)
Examples"d.admin@your.district.k12.us"

BlockWebPublish

DescriptionBlock the publishing Docs / Sheets / Slides to the web feature, which allows students to share their documents publicly in the internet.

If the policy is set to true, Safe Doc will remove the menu item File > Publish to the web in Google Docs, Sheets, Slides and Drawings.

If this policy is unset or false, Safe Doc does nothing to the feature.
Data typeBoolean
Defaultfalse
Support since Version 1.6.7
Learn morePrevent Students from Publishing Google Docs to Web

BlockGoogleSearchGames

DescriptionBlocks mini games (Snake, Tic tac toe, Pac-Man etc.) in Google search results if this policy is enabled.

If this policy is unset or false, Safe Doc does nothing to the google search.
Data typeBoolean
Defaulttrue
Support sinceVersion 1.6.7
Learn moreBlock Google Search Games

BlockClassroomUnenroll

DescriptionPrevent students from unenrolling classes in Google Classroom

This feature is enabled if this option is true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.7.0
Learn morePrevent Students from Unenrolling in Classroom

BlockStickers

DescriptionBlock certain not-so-nice stickers in Hangouts

Provide the sticker name in this policy to remove those stickers from your students' Hangouts app and Gmail app. To find which value to be put in the policy, see this Sticker Names table.

This policy is supplied with a list of strings.
If this policy is not set, the default array will be used, ["Poop"].
If this policy is empty [], no stickers are blocked.
Data typeArray of strings
Default["Poop"]
Example value["Poop", "Cheers", "Callouts_Internet_LMAO"]
Support sinceVersion 1.8.0
Learn moreBlock Stickers in Hangouts

BlockMeetCaptions

DescriptionBlock Live captions feature in Google Meet.

The live captions feature is blocked if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.9.0
Learn moreBlock Live Captions in Google Meet

NewTabPageUrl

DescriptionConfigure the default New Tab page URL and prevent students from changing it.

The New Tab page is the page opened when new tabs are created (including the one opened in new windows).

If this policy is not set, the default new tab page is used.
Data typeString
Example valuehttps://classroom.google.com
Support sinceVersion 1.10.4
Learn moreChange Chrome New Tab URL

BlockMeetRecord

DescriptionDisable the meeting recording feature in Google Meet.

Prevent students from initiating meeting recording in Google Meet except the teacher.

The meeting recording is blocked if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.11.0
Learn moreDisable Students Recording Meeting in Google Meet

BlockMeetPresent

DescriptionDisable the presenting screen feature in Google Meet.

Prevent students from sharing their screens to take over the teacher's presentation.

The presentation screen is blocked if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.11.0
Learn moreDisable Students Sharing Screens in Google Meet

BlockMeetAddPeople

DescriptionRestrict students from adding people in Google Meet.

This policy disables the feature to add people into Google Meet. In a typical online learning scenario, only the teacher (host) can add people. Students are not allowed to invite people into the meeting.

The adding people feature in Meet is blocked if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.12.0
Learn morePrevent Students From Adding People To Google Meet

BlockComment

DescriptionDisable the Comment feature in Docs Editors and Drive.

This policy disables the Comment feature in Google Docs, Sheets, Slides, Drawings as well as Drive. This could prevent students from chatting on it.

The Comment feature is blocked if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.12.0
Learn moreDisable Comment In Google Docs Editors

BlockInFileChat

DescriptionDisable the Chat feature in Google Docs Editors.

This policy disables the Chat feature in Google Docs, Sheets, Slides and Drawings.

The Chat feature is blocked if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.12.0
Learn moreDisable Chat In Docs, Sheets, Slides And Drawings

BlockMeetChat

DescriptionDisable the Chat feature in Google Meet.

This policy stops students from posting chat messages in Google Meet. But students can still view messages posted by the teacher.

The Chat feature is blocked if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.13.0
Learn moreDisable Chat In Google Meet

BlockSendFeedback

DescriptionPrevent students from sending feedback to Google in G Suite.

This policy disables the send feedback feature everywhere in G Suite.

The blocking is ON if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.14.1
Learn morePrevent Students From Sending Feedback In G Suite

BlockClassroomPeopleInfo

DescriptionThis policy removes the People tab in Google Classroom. The People tab displays all students' information that is a privacy concern for parents.

The blocking is ON if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.14.1
Learn moreHide the People tab in Google Classroom

BlockAddImageByUrl

DescriptionThis policy disables the feature to insert a web image by URL in Docs, Sheets, Slides, Forms, Drawing and Gmail.

The blocking is ON if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.14.1
Learn moreDisable Inserting Image By URL In Docs Editors

BlockEmailAsAttachment

DescriptionThis policy disables the feature to email files as attachments in Docs, Sheets, Slides, Forms and Drawing.

The blocking is ON if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.14.1
Learn moreBlock Email as Attachment in Google Docs

BlockMeetJoinOrStartButton

DescriptionThis policy removes the Join or start a meeting or Use a meeting code button in Google Meet home page. It forces students joins internal meetings.

Join or start a meeting button in Google Meet
Use a meeting code button in Google Meet

The blocking is ON if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.14.4

ScheduleRefreshChromeTabs

DescriptionForce refreshing all Chrome tabs daily.

This policy forces students' all active Chrome tabs to reload at one or more set times daily.

The policy contains 2 mandatory attributes, Times and Timezone.

Attribute Times is a list of times in the format of hh:mm, 2 digits hour (0-23) and 2 digits minute (0-59). 09:00 or 17:30 is valid; 7:05 or 14:3 or 9:0 is not valid.

Attribute Timezone is the time zone name for time above. A list of timezone values can be found in List of tz database time zones, the TZ database name column of the table. For example, America/New_York or Europe/London or Australia/Sydney.

This Chrome tabs force reloading feature is ON if this policy's both attributes are set correctly.
Data typeObject
Default{
"Times": [],
"Timezone": ""
}
Examples{
"Times": ["09:00", "11:00", "14:00", "16:00"],
"Timezone": "America/New_York"
}
Support sinceVersion 1.14.6
Upgrade infoIf you upgrade from a version before 1.15.5, the Time attribute is deprecated. Please use Times attribute.

BlockGmailChat

DescriptionDisable the Hangouts Chat in Gmail

This policy disables the Hangouts Chat widget at the left panel of Gmail. It prevents students from chatting in Gmail.

The Hangouts Chat service is not subject to change.

The blocking is ON if this policy is set to true.
Data typeBoolean
Defaultfalse
Support sinceVersion 1.15.0
Learn moreBlock Hangouts Chat in Gmail

Takeaway

Configuration is an important characteristic of software. Luckily Google provided this option to remote configure the behavior of Safe Doc. If you encountered issues with the configurations, please leave a comment, email us at support@xfanatical.com or ask on our support community.