This article is written for Google Workspace for Education (GWFE) Admins. Note Safe Doc configuration is not supported for personal gmail accounts.
At out of the box without any policies setups except the license key, Safe Doc eliminates these kids-inappropriate features in GWFE,
- the image searching feature (in Docs, Slides etc.)
- the video searching feature (in Slides, Forms etc.)
- the Explore feature (in Docs, Slides etc.)
- the Dictionary feature (in Docs, Slides etc.)
- the link preview feature (in Docs, Drawing etc.)
- the middle finger emoji (in Docs, Gmail, Hangouts etc.)
- games in google search, e.g. Snake, PacMan (in Google Search)
- the Poop sticker in Hangouts (in Hangouts etc.)
But every chef has their own taste. With that in mind, Safe Doc supports policy configurations to customize which Google Workspace features to block. To get a better understanding how policy works, take a look at Google's article Chrome Policy Management.
Policy Configuration Format
This article focuses on the Chrome profile based policy configuration via Google Admin Console. This policy management approach supports all managed Chrome browsers on Chrome OS / Windows / Mac / Linux.
In a nutshell, the policy configuration is a human-readable JSON file. The JSON includes a group of policies. A sample policy for Safe Doc is like
{
"SafeDocLicenseKey": {
"Value": "12345678-9012-3456-7890-1234567890"
},
"EnableExplore": {
"Value": true
},
"EnableDictionary": {
"Value": false
},
"EnableVideoSearch": {
"Value": true
},
"EnableImageSearch": {
"Value": false
},
"BlockAddVideo": {
"Value": false
},
"BlockEmojis": {
"Value": ["🖕"]
},
"BlockDocLinkPreview": {
"Value": true
},
"BlockWebPublish": {
"Value": true
},
"BlockGoogleSearchGames": {
"Value": true
}
}
Each policy comes with a format of "PolicyName": { "Value": <the value> }. The "Value" property is a must. Missing it would invalidate the entire configuration and the changes won't be delivered to your students' Chrome browsers.
The policy value depends on its data type.
- If it's a Boolean, the value is either true or false.
- If it's a String, the value is a text like "this is a text".
- If it's a Number, type a number.
- If it's an Array (or List), then the value is like ["a", "b", "c"].
- If it's an Object (or Group), then enclose policy elements with a pair of braces { property1: true, property2: false }. An Object is like a folder in your computer containing more files.
The definition of each policy can be found in Safe Doc Policy List below. Most Safe Doc policies are of Boolean type.
Be ware of typos. A redundant comma or missing curly bracket will break the policy configuration.
Edit Policy Configuration
First of all, We recommend you test your policy configuration in an isolated Organizational Unit (OU) to find a sweet spot of your blocking strategy. When you're ready, you can copy and paste the policy configuration to the production student OU(s).
To edit the policy configuration for an OU, follow these steps.
- Log into Admin Console.
- Go to Devices > Chrome management > Apps & extensions.
- Select the OU with Safe Doc installed.
- Click the Safe Doc app.
- In the Policy for extensions of right panel, edit your policy configuration JSON.
- If everything is correct, click Save to take effect. Then the Safe Doc extension in your test student accounts under this selected OU will be automatically receive the changes and block features as you configured.
Best Practices on Configuring Safe Doc Policies
- Only enable the policies you needed. If you don't need to block the features in Google Workspace for Education, it's recommended to explicitly turn off the policy. Enabling too many policies may impact your students' Google apps performance and experiences.
- Watch out for the default values when the policies are unset. For example, the EnableImageSearch with default value of false, that means the image searching feature is blocked if this policy does not appear in your policy configuration.
Side note: we're designing the naming convention towards Block<GWFE-feature> with the default value of false to make configuration more consistent.
Safe Doc Policy List
SafeDocLicenseKey
| Description | The license key used to activate Safe Doc. With a valid license key, the Safe Doc extension will display the icon in  . Otherwise, it's displayed as  . If not set or incorrect, the extension does not function. |
| Data type | String |
| Support since | Version 1.1.0 |
EnableExplore
| Description | Block the Explore feature in Docs and Slides. The Explore feature can be activated from the floating widget on the bottom right of app, context menu or app menu. If not set or false, the Explore feature is blocked. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.1.0 |
| Learn more | How to Disable the Explore feature in Docs and Slides? |
EnableDictionary
| Description | Block the Dictionary feature in Docs, Sheets, Slides, Forms and Drawing. The Dictionary feature can be activated from right-click context menu or app menu. If not set or false, the Dictionary feature is blocked. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.1.0 |
| Learn more | How to Disable Dictionary in Google Docs? |
EnableVideoSearch
| Description | Block the YouTube Video Search feature in Slides, Forms, Classroom and Sites. The YouTube video search feature can be activated from app menu in Slides or side app bar in Forms or comment bar in Classroom. If not set or false, this feature is blocked. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.1.0 |
| Learn more | How to Block Video Search in Google Slides, Forms, Hangouts and Classroom? |
EnableImageSearch
| Description | Block the Google Image Search feature in Docs, Sheets, Slides, Forms, Drawings, Jamboard and Sites. The Google Image Search feature can be activated from app menu Insert > Image > Search the web, toolbar, context menu or side app bar in Forms. If not set or false, this feature is blocked. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.1.0 |
| Learn more | How to Block Image Searching in Google Apps? |
BlockAddVideo
| Description | Block the Adding Video feature in Slides, Forms and Classroom. This is a more aggressive policy than EnableVideoSearch. It completely removes the Add video option from Slides, Forms and Classroom. The Slides Insert > Video will be removed. The video buttons in Forms and Classroom will removed. If this policy is set to true, the Adding Video feature is blocked. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.4.0 |
BlockEmojis
| Description | Block certain insulting emojis in Gmail, Hangouts and Docs Gmail has a feature to allow students to select emoji symbols when composing an email. This policy allows you to configure which emoji symbol should be blocked. The Emojis also exist in the Hangouts chat dialog and the special characters menu Insert > Special characters > Emojis in Docs, Slides and Drawing. This policy is supplied with a list of strings. If this policy is not set, the default array will be used, ["🖕"]. If this policy is empty [], no emojis are blocked. If this policy includes an *, the emoji feature is disabled. |
| Data type | List of Strings |
| Default | ["🖕"] |
| Examples | "BlockEmojis": {Block the middle finger, pile of poo and dagger emojis. "BlockEmojis": {Block the entire emoji feature. "BlockEmojis": {No block. |
| Support since | Version 1.4.0 |
| Learn more | Remove Inappropriate Emojis in Gmail, Chat, and Docs |
BlockDocLinkPreview
| Description | Block the link preview feature in Docs, Slides and Drawings. The link preview feature allows students to accidentally finding inappropriate images and contents on links. |
| Data type | Boolean |
| Default | true |
| Support since | Version 1.5.0 |
| Learn more | Disable Link Preview Feature in Docs, Slides and Drawings |
BlockDriveSharedLinks
| Description | Block certain Google drive shared links even students have access permissions This policy is more powerful than Admin Console's Drive Sharing settings in terms of drive access management for students. It gives teachers and administrators finer control on which drive information students can see. This policy is an Object, containing 5 child properties ►Blacklist ►BlacklistExceptions ►DelegateAdminEmail ►ServiceAccountEmail ►ServiceAccountPrivateKey Safe Doc will determine whether to block a shared drive file by first matching the Blacklist and matching the BlacklistExceptions list. The DelegateAdminEmail setting is used when you need to block owners by organizational units. The ServiceAccountEmail and ServiceAccountPrivateKey are used to call Google APIs without students' manual authorization. Note: this policy requires a Google service account. You can see the full instructions of setting up this policy in Block Google Drive Sharing Files > Approach 2. |
| Data type | Object |
| Default | { "Blacklist": [], |
| Examples | "BlockDriveSharedLinks": {For a Grade 3 student, s/he is ► blocked to open the google doc with id 1TTdYiJ_TgOlpNr-zYT8OpELbwPmz0-g1XymYql5l1ZA ► only allowed to visit shared files from his/her school, whitelisted schools, trusted external organizations and personal @gmail accounts. Files owned by other emails are blocked. ►disallowed to see shared files from Grade 4 and Grand 5 students and staffs other than teachers, like administrators or technicians. |
| Support since | Version 1.6.7 |
| Learn more | Block Google Drive Sharing Files > Approach 2 |
| Service Account Encryption Tool |
Blacklist
This is a subsidiary property of BlockDriveSharedLinks policy.
| Description | The blacklist of Drive file sources. Safe Doc can block Drive shared files in 3 forms. 1) A specific Drive file ID. Safe Doc blocks specific Drive files if their file IDs are in this blacklist. 2) All shared Drive files from specific owners. Input an email or emails of file owners. Safe Doc detects the owner of file link and block it if the owner's email address falls into the blacklist. Support the * wildcard. 3) All shared Drive files from owners from specific organizational units (OU) or sub OUs. Specify the Organizational Unit Path. The OU path is a different representation of OU separated by a forward-slash '/'. For example, /Students/Elementary School/Grade 1 equals to District Domain > Students > Elementary School > Grade 1. Safe Doc looks up the OU of file owner and blocks the file link if the owner OU is in the blacklist. |
| Data type | List of Strings |
| Default | [] |
| Examples | "Blacklist": [Block 2 drive files by their file IDs "Blacklist": ["*@gmail.com"]Block all shared files from @gmail.com accounts "Blacklist": [Block all shared files from 2 specific owners "Blacklist": ["*@*"]Block all shared files from anyone, including users in your domain. Combine this with the BlacklistExceptions option to achieve whitelisting specific owners. "Blacklist": ["/Students/Grade 4", "/Students/Grade 5"]Block shared file links from Grade 4 and Grade 5 students, including their sub-OUs. "Blacklist": ["/Students/*/Exam"]Block shared file links from Exam students on any grades, including their sub-OUs. "Blacklist": ["/Staff"]Block shared file links from any staff OU and sub OUs. "Blacklist": ["*"]Nah, using a single wildcard does not work. |
| Support since | Version 1.6.7 |
BlacklistExceptions
This is a subsidiary property of BlockDriveSharedLinks policy.
| Description | Any file that matches the source in this list will be unblocked. Safe Doc accepts 2 forms of sources. 1) Specific owner emails. Support the * wildcard too. 2) Specific organizational units and sub OUs. Support the * wildcard too. |
| Data type | List of Strings |
| Default | [] |
| Examples | "BlacklistExceptions": [Allow shared files from your school domain, whitelisted school domain, external non-profit organization and trusted @gmail accounts. "BlacklistExceptions": ["/Staff/Teachers"]Allow shared file links from any teachers, including sub-OUs. |
| Support since | Version 1.6.7 |
DelegateAdminEmail
This is a subsidiary property of BlockDriveSharedLinks policy.
| Description | A privilege-limited administrator email to allow Safe Doc access user and organizational unit basic information to perform drive file link filtering. To know which OU a shared file owner is associated to, Safe Doc needs to impersonate an administrator to get user and OU information from your school domain using your service account. A separate administrator account with minimum user read-only and OU read-only privileges is ideal. |
| Data type | String |
| Default | "" |
| Examples | "DelegateAdminEmail": "[email protected]"[email protected] is an user account with limited admin privileges created specifically to read file owners' OU information. |
| Support since | Version 1.6.7 |
ServiceAccountEmail
This is a subsidiary property of BlockDriveSharedLinks policy.
| Description | The email of service account you created in your Google Cloud Platform. To protect the service account information, we strongly recommend to encrypt it using the Service Account Encryption Tool for Safe Doc tool in the BlockDriveSharedLinks policy and set the value with the encrypted text instead of the plain email address. |
| Data type | String |
| Default | "" |
| Examples | "ServiceAccountEmail": "7a04e3d4373e5759f78e493ab296fb26ee93b...(truncated for demo purpose)"Use an encrypted value of service account email for security. "ServiceAccountEmail": "[email protected]"It's also acceptable to use the plain email address. |
| Support since | Version 1.29.1 |
ServiceAccountPrivateKey
This is a subsidiary property of BlockDriveSharedLinks policy.
| Description | The private key of service account you created in your Google Cloud Platform. To protect the service account information, please first encrypt it using the Service Account Encryption Tool for Safe Doc tool in the BlockDriveSharedLinks policy and set the value with the encrypted text instead of the plain private key. You're responsible to protect your own service account private key. |
| Data type | String |
| Default | "" |
| Examples | "ServiceAccountPrivateKey": "3251af946a10775edbb8080790b3c849d3b7...(truncated for demo purpose)"Use an encrypted value of service account private key for security. "ServiceAccountPrivateKey": "-----BEGIN PRIVATE KEY-----\nIt's also acceptable to use the plain private key, but it's not recommended. |
| Support since | Version 1.29.1 |
BlockWebPublish
| Description | Block the publishing Docs / Sheets / Slides to the web feature, which allows students to share their documents publicly in the internet. If the policy is set to true, Safe Doc will remove the menu item File > Publish to the web in Google Docs, Sheets, Slides and Drawings. If this policy is unset or false, Safe Doc does nothing to the feature. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.6.7 |
| Learn more | Prevent Students from Publishing Google Docs to Web |
BlockGoogleSearchGames
| Description | Blocks mini games (Snake, Tic tac toe, Pac-Man etc.) in Google search results. If this policy is unset, Safe Doc blocks the google search games. To unblock the games, explicitly set the policy value to false. |
| Data type | Boolean |
| Default | true |
| Support since | Version 1.6.7 |
| Learn more | Block Google Search Games |
BlockClassroomUnenroll
| Description | Prevent students from unenrolling classes in Google Classroom This feature is enabled if this option is true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.7.0 |
| Dropped support since | Version 1.34.5 Google supports Control whether students can unenroll themselves from classes starting from Oct 4, 2021. |
| Learn more | Prevent Students from Unenrolling in Classroom |
BlockStickers
| Description | Block certain not-so-nice stickers in Hangouts Provide the sticker name in this policy to remove those stickers from your students' Hangouts app and Gmail app. To find which value to be put in the policy, see this Sticker Names table. This policy is supplied with a list of strings. If this policy is not set, the default array will be used, ["Poop"]. If this policy is empty [], no stickers are blocked. |
| Data type | Array of strings |
| Default | ["Poop"] |
| Examples | "BlockStickers": {Block the Poop, Cheers and the LMAO stickers |
| Support since | Version 1.8.0 |
| Learn more | Block Stickers in Hangouts |
BlockMeetCaptions
| Description | Block Live captions feature in Google Meet. The live captions feature is blocked if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.9.0 |
| Learn more | Block Live Captions in Google Meet |
NewTabPageUrl
| Description | Configure the default New Tab page URL and prevent students from changing it. The New Tab page is the page opened when new tabs are created (including the one opened in new windows). If this policy is not set, the default new tab page is used. |
| Data type | String |
| Default | "" |
| Examples | "NewTabPageUrl": {Redirect the new tab page to Google Classroom |
| Support since | Version 1.10.4 |
| Learn more | Change Chrome New Tab URL |
BlockMeetRecord
| Description | Disable the meeting recording feature in Google Meet. Prevent students from initiating meeting recording in Google Meet except the teacher. The meeting recording is blocked if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.11.0 |
| Dropped support since | Version 1.32.1 Google Meet has addressed this issue, as documented in Record a video meeting, "You can record if: You’re the meeting organizer; You’re in the same organization as the organizer; You’re a teacher signed in to your Google Workspace account, but not a student." |
| Learn more |
BlockMeetPresent
| Description | Disable the presenting screen feature in Google Meet. Prevent students from sharing their screens to take over the teacher's presentation, permanently without disabling it in Host Control. The presentation screen is blocked if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.11.0 |
| Dropped support since | Version 1.36.0 Google has provided a replacement admin control for this feature. Please Google's announcement in New Google Meet management settings for admins. |
| Learn more | Disable Students Sharing Screens in Google Meet |
BlockMeetAddPeople
| Description | Restrict students from adding people in Google Meet. This policy disables the feature to add people into Google Meet. In a typical online learning scenario, only the teacher (host) can add people. Students are not allowed to invite people into the meeting. The adding people feature in Meet is blocked if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.12.0 |
| Learn more | Prevent Students From Adding People To Google Meet |
BlockComment
| Description | Disable the Comment feature in Docs Editors and Drive. This policy disables the Comment feature in Google Docs, Sheets, Slides, Drawings as well as Drive. This could prevent students from chatting on it. The Comment feature is blocked if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.12.0 |
| Learn more | Disable Comment In Google Docs Editors |
BlockInFileChat
| Description | Disable the Chat feature in Google Docs Editors. This policy disables the Chat feature in Google Docs, Sheets, Slides and Drawings. The Chat feature is blocked if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.12.0 |
| Learn more | Disable Chat In Docs, Sheets, Slides And Drawings |
BlockMeetChat
| Description | Disable the Chat feature in Google Meet. This policy stops students from posting chat messages in Google Meet. But students can still view messages posted by the teacher. This policy is an alternative permanent solution for all Meets as opposed to the Host Control that is on session basis. The Chat feature is blocked if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.13.0 |
| Dropped support since | Version 1.36.0 Google has provided an admin control to disable the chat feature in Google Meet. Please see the announcement in New Google Meet management settings for admins. |
| Learn more | Disable Chat In Google Meet |
BlockSendFeedback
| Description | Prevent students from sending feedback to Google in Google Workspace apps. This policy disables the send feedback feature everywhere in Google Workspace apps. For example, in Docs menu Help > Help Docs improve, or in Gmail ? > Send feedback. The blocking is ON if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.14.1 |
| Learn more | Prevent Students From Sending Feedback In G Suite |
BlockClassroomPeopleInfo
| Description | This policy removes the People tab in Google Classroom. The People tab displays all students' information that is a privacy concern for parents. The blocking is ON if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.14.1 |
| Learn more | Hide the People tab in Google Classroom |
BlockAddImageByUrl
| Description | This policy disables the feature to insert a web image by URL in Docs, Sheets, Slides, Forms, Drawing, Gmail and Sites. The blocking is ON if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.14.1 |
| Learn more | Disable Inserting Image By URL In Docs Editors |
BlockEmailAsAttachment
| Description | This policy disables the feature to email files as attachments in Docs, Sheets, Slides, Forms and Drawing. The emailing as attachment feature is under the menu File > Email > Email this file. The blocking is ON if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.14.1 |
| Learn more | Block Email as Attachment in Google Docs |
BlockMeetJoinOrStartButton
| Description | This policy removes the New meeting and Join buttons in Google Meet home page. It makes students joining random meeting code harder. The blocking is ON if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.14.4 |
ScheduleRefreshChromeTabs
| Description | Force refreshing all Chrome tabs daily. This policy forces students' all active Chrome tabs to reload at one or more set times daily. The policy contains 2 mandatory attributes, Times and Timezone. Attribute Times is a list of times in the format of hh:mm, 2 digits hour (0-23) and 2 digits minute (0-59). 09:00 or 17:30 is valid; 7:05 or 14:3 or 9:0 is not valid. Attribute Timezone is the time zone name for time above. A list of timezone values can be found in List of tz database time zones, the TZ database name column of the table. For example, America/New_York or Europe/London or Australia/Sydney. This Chrome tabs force reloading feature is ON if this policy's both attributes are set correctly. |
| Data type | Object |
| Default | { |
| Examples | "ScheduleRefreshChromeTabs": {Auto-refresh Chrome tabs at 9am, 11am, 2pm and 4pm (Eastern Time) |
| Support since | Version 1.14.6 |
| Upgrade info | If you upgrade from a version before 1.15.5, the Time attribute is deprecated. Please use Times attribute. |
BlockGmailChat
| Description | Disable the Hangouts Chat in Gmail This policy disables the Hangouts Chat widget at the left panel of Gmail. It prevents students from chatting in Gmail. The Hangouts Chat service is not changed. The blocking is ON if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.15.0 |
| Dropped support since | Version 1.34.2 The classic Hangouts widget in Gmail side panel can be turned off by disabling the Classic Hangouts service for the students OU. |
| Learn more | Block Hangouts Chat in Gmail |
BlockEditorTemplates
| Description | Remove docs editor templates from Google Drive This policy removes some or all docs editor templates from the Template gallery provided by Google. To disable all templates provided by Google, specify a value of ["*"] as the example below. To disable some templates provided by Google, supply the policy with a list of key phrases. A template is removed when the title contains all words in a key phrase. The key phrases are case-insensitive. The blocking is ON if this policy has values. |
| Data type | List of Strings |
| Default | [] |
| Examples | "BlockEditorTemplates": {Removes all templates in General tab. "BlockEditorTemplates": {Removes both Google Doc template Essay Playful and Essay Paperback. Removes the Google Sheet template Project timeline. Removes the Google Slides template Professional profile. |
| Support since | Version 1.16.0 |
| Learn more | Remove Default Templates in Google Docs |
BlockDriveShare
| Description | Remove Share feature in Drive This policy removes completely the Share feature in Google Drive. It prevents students from sharing documents with other students and teachers too. The blocking is ON if this policy is set to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.17.0 |
| Learn more | Block Google Drive Sharing Files |
| Similar policy | BlockDriveSharedLinks |
EnableMeetMuteAll
| Description | Mute all participants and lock muting in Google Meet This policy added a magic chat command in Google Meet, /muteall. This command allows teachers to mute all students at once while presenting the lecture, by opening the chat side panel and input /muteall. The difference of the chat command from the built-in mute all button on Feb 2021's Google Meet update is that students cannot unmute themselves. This chat command locks the muting until the end of meeting unless they refresh the page and rejoin the meeting. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.18.0 |
| Dropped support since | Version 1.34.5. Google adds microphone management to the Host Control for Meet organizers since Oct. 21, 2021. |
| Learn more | Force Mute All Students in Google Meet |
BlockSendForms
| Description | Remove the Send button in Google Forms This policy removes the Send button in Google Forms This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.19.0 |
| Learn more | Stop Students Sending Google Forms |
BlockSheetFunctions
| Description | Remove certain functions in Google Sheets This policy removes certain Google Sheet functions from the list which may download harmful online content from web. The removed functions are not displayed in the menus. That said, the removed functions still work in a formula per se. This policy accepts a list of function names, case-insensitive. Functions in the list are removed. This feature is OFF by default. |
| Data type | List of Strings |
| Default | [] |
| Examples | "BlockSheetFunctions": {Removes 3 functions, IMPORTDATA, IMPORTHTML and IMAGE, all of which download data from the internet. |
| Support since | Version 1.19.0 |
| Learn more | Remove Inappropriate Functions in Google Sheets |
BlockDriveGridView
| Description | Remove the Grid View and file previews in Google Drive This policy is intended to block file preview thumbnails in Google Drive as bad file preview thumbnails are visible enough to disturb students. This policy has 3 functions, 1. Enforce List view. Google Drive will be always in List view. 2. Grid View button removed.  3. Remove those large preview thumbnails. A typical place is the My Drive > Quick Access.  This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.19.5 |
EnableMeetChatOffCommand
| Description | Enable the /chatoff command in Google Meet When this policy is enabled, in Google Meet, teachers will be able to use the /chatoff command in the chat window to disable the chat feature for specific student. The /chatoff command is used in the following syntax. /chatoff <student email address> Examples: /chatoff [email protected] /chatoff [email protected] The given student's chat feature is disabled temporarily for the Google Meet session. The chat feature is restored in their next Google Meet session. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.20.6 |
| Learn more | Disable Chat in Google Meet |
OptOutAnonymousErrorReporting
| Description | Opt out anonymous Safe Doc error reporting To help us troubleshoot Safe Doc issues, Safe Doc automatically collects anonymous crash information. The error reporting excludes any personal identifiable information (PII) abiding by privacy laws like COPPA. See xFanatical Privacy Page for more information. Anonymous error reporting is ON by default. To opt out, set this policy to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.20.6 |
BlockMeetPhoneInfo
| Description | Disable joining by phone in Google Meet Google Meet includes an option to allow students join by phone for the audio. This feature is misused for inviting external unauthorized participants. This policy removes the phone information in Google Meet and disallow students to initiate a phone call from Google Meet. Set this policy to true to enforce the blocking. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.22.0 |
| Learn more | Disable Joining by Phone in Google Meet |
BlockDocsSpellCheck
| Description | Disable the Spell Check feature in Docs editors Google Docs, Sheets, Slides and Drawings all have a spell checking and automatic correction feature. Schools wanted to turn this feature off to force students learn vocabularies on their own. This policy disables the spelling checking suggestions in the Docs editors. Students cannot enable them by themselves. This policy may not be immediate effective because it disables the spell checks and grammar checks at the background when the student is in idle on Docs. Please expect 1-2 days to see the results on your students. Set this policy to true to disable the spell check and grammar check. This feature is OFF by default. Note: setting this policy to false won't automatically enable spell checking. Students need to turn them on individually. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.22.0 |
| Learn more | Disable Spell Check in Google Docs |
BlockMeetStudentInfo
| Description | Hide student names in Google Meet Student full names in Google Meet are visible to the entire room. This causes privacy concerns for some parents and teachers. This policy removes all student names so students' identities are better protected. Set this policy to true to hide the names. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.23.1 |
| Learn more | Hide Participants in Google Meet |
BlockMeetChangeBackground
| Description | Disable changing virtual background in Google Meet Students are distracted by the updated feature of custom background in Google Meet. This policy is set to block students changing the virtual background. It removes the buttons and menus to change background. Set this policy to true to block the change background feature. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.24.2 |
| Learn more | Disable Changing Background in Google Meet |
BlockEmailCollaborators
| Description | Disable the emailing collaborators feature in Docs editors In Docs / Sheets / Slides / Drawings, students can email each other using the File > Email > Email collaborators menu, which opens an interface to configure the messages to be sent. This policy blocks the Email collaborators feature. Set this policy to true to enforce the blocking. This feature is OFF by default (the policy is unset). |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.25.0 |
| Learn more | Disable Emailing Collaborators in Docs Editors |
BlockClassroomUnsubmitAssignment
| Description | Disable students unsubmitting assignment works in Google Classroom. In Google Classroom, students are able to unsubmit an assignment after turning in the initial assignment work. This policy disables the Unsubmit button so that students are no longer allowed to make changes. Set this policy to true to disable the Unsubmit button. This feature is OFF by default (the policy is unset). |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.26.0 |
| Learn more | Disable Students Unsubmitting & Resubmitting Assignment in Google Classroom |
BlockClassroomResubmitAssignment
| Description | Disable students resubmitting assignment works in Google Classroom. In Google Classroom, students are able to resubmit assignment after the teacher graded the their work. This creates classroom chaos for the teacher. This policy disables the Resubmit button and disallow student to add or delete assignment work. Set this policy to true to enforce the blocking policy. This feature is OFF by default (the policy is unset). |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.26.4 |
| Learn more | Disable Students Unsubmitting & Resubmitting Assignment in Google Classroom |
BlockUnnicknamedMeeting
| Description | Block students re-joining old unsupervised meeting links in Google Meet When a Google Meet is created without a nickname, the meeting won't expire and may last for 90 days. Students found these old but still accessible meetings and chat without moderation. This policy blocks students from joining these old unmanaged meetings without a nickname and with Host Controls > Quick Access = ON. Meetings with a nickname or requiring host permissions to join are not blocked. The policy asks students to wait for 5 seconds before it decides to block or not block the meeting. In rare cases, the 5 seconds waiting is not long enough for slow loading pages so that the meeting may be falsely block. If you have seen nicknamed meetings falsely blocked by Safe Doc often, please extend the wait time in the BlockUnnicknamedMeetingWaitTime policy. Set this policy to true to enforce the blocking policy. This feature is OFF by default (the policy is unset). |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.27.2 |
| Learn more | Block Students Joining Old Unsupervised Google Meetings |
BlockUnnicknamedMeetingWaitTime
| Description | This policy configures the BlockUnnicknamedMeeting policy to wait for a given amount of time before the policy BlockUnnicknamedMeeting decides to block or not block a meeting. It does not block any Google Workspace features per se. Why use this policy? Because the default 5 seconds wait time may not be enough to students' Chrome browsers to load a meeting (slow devices or network), so that the policy BlockUnnicknamedMeeting may make a wrong decision. If this is the case, experiment to extend the wait time up to 15 seconds. The unit of wait time is seconds. Do not put the unit into the value. If this policy is not configured, the wait time is by default 5 seconds. |
| Data type | Number |
| Valid data | [5, 15] The value should be between 5 and 15, both inclusive. Any other numbers out of this range are ignored. |
| Default | 5 |
| Examples | "BlockUnnicknamedMeetingWaitTime": { |
| Support since | Version 1.27.5 |
| Learn more | Block Students Joining Old Unsupervised Google Meetings |
BlockDocVoiceTyping
| Description | Block the voice typing feature in Google Docs and Slides The voice typing feature can be found in the Tools > voice typing menu in Google Docs and Tools > voice type speaker notes in Google Slides. This policy removes the voice typing feature so that students are forced to type on their own to learn word spelling. Set this policy to true to enforce the blocking policy. This feature is OFF by default (the policy is unset). |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.28.1 |
| Learn more | Disable Voice Typing in Google Docs |
BlockTranslateDoc
| Description | Block the Translate Document feature in Google Docs Google Docs has a feature in Tools > Translate document to translate a document to a different language. This may be exploited by students for cheating in foreign language exams. This policy removes the Translate document feature in Google Docs. Set this policy to true to enforce the blocking policy. This feature is OFF by default (the policy is unset). |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.28.1 |
| Learn more | Disable Translating Document in Google Docs |
LimitBrowserTabs
| Description | Limit the number of Chrome tabs students are allowed to open That students open too many browser tabs may dramatically slow down and destabilize the school managed devices. Some apps or extensions may crash due to out of memory. This policy prevents students from opening too many browser tabs to improve the overall device performance. This policy only supports Chrome browser. This policy's value is an Object. The Object has 2 properties, MaxTabs and TabCloseStrategy. ‣ MaxTabs is the maximum number of Chrome tabs allowed to open. The number should be non-negative. The special number 0 means unlimited. ‣ TabCloseStrategy is a setting to close which tab when the maximum number of Chrome tabs is reached. The value is one of these numbers, 1, 2, 3 and 4. The meaning of these numbers are explained below. 1 - The oldest accessed tab is closed. Recommended. 2 - The oldest created tab is closed 3 - The least accessed tab is closed 4 - The new tab is immediately closed. All existing tabs remain open. This policy is enabled when the value of MaxTabs property is not 0. To disable this policy, set the MaxTabs value to 0. |
| Data type | Object |
| Default | { |
| Examples | "LimitBrowserTabs": {A student is allowed to open at max 8 Chrome tabs. If the student tries to open a new tab (9th tab), the oldest accessed tab will be closed and the 9th tab will be open. "LimitBrowserTabs": {A student is allowed to open at max 5 Chrome tabs. If the student tries to open a new tab (6th tab), the 6th tab will be immediately closed. "LimitBrowserTabs": {Students are allowed to open as many Chrome tabs as the browser can. |
| Support since | Version 1.29.0 |
| Learn more | Prevent Students from Opening Too Many Chrome Tabs |
EnableMeetCameraOffCommand
| Description | Allow teachers to turn off a student's camera in Google Meet In remote learning using Google Meet, some students may dress inappropriately, distracting others students. The policy adds a chat command to allow teachers to turn off a student's camera, and the student cannot turn the camera back on unless they refresh the page and rejoin the meeting. The chat command follows the format of /cameraoff [email protected]. That is, the /cameraoff command, a space and the student's email. The command takes effects only if the student's camera is on. The chat command is valid when this policy is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.30.3 |
| Learn more | Disable Student Camera in Google Meet |
EnableMeetMicOffCommand
| Description | Allow teachers to turn off a student's microphone in Google Meet In remote learning using Google Meet, certain students are talkative, often interrupting the course. The policy adds a chat command to allow teachers to turn off a student's microphone, and the student cannot turn the microphone back on unless they refresh the page and rejoin the meeting. The chat command follows the format of /micoff [email protected]. That is, the /micoff command, a space and the student's email. The command takes effects only if the student's microphone is on. The chat command is valid when this policy is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.30.3 |
| Learn more | Force Mute Talkative Students in Google Meet |
BlockClassroomAssignmentLateSubmission
| Description | Prevent students from turning in late assignment work in Google Classroom In Google Classroom, students are allowed to turn in their assignment late. Although teachers set the due date, Classroom does not enforce locking assignments if students missed the due. Instead, any assignment turned in or marked done after the due date is recorded as late. This policy enforces locking the assignments if students do not turn in by the due. It disables the Mark as done or Turn In button with a tooltip Late submission not allowed. The feature is turned on when the policy value is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.31.0 |
| Learn more | Prevent Students from Turning In Assignment Late in Google Classroom |
BlockClassroomAssignmentEmptySubmission
| Description | Prevent students from turning in empty assignment work in Google Classroom Google Classroom gives students a Mark as done button to turn in empty assignments without attaching any files or links. It overburdens teachers' classwork as they have to return empty assignments and message students to turn in a valid assignment. This policy enforces requiring students to attached at least one file or link in their assignment work. It disables the Mark as done button with a tooltip Empty submission not allowed. The feature is turned on when the policy value is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.31.0 |
| Learn more | Disable Students Turning in Empty Assignment in Google Classroom |
BlockChatBlockUser
| Description | Removes the feature to block users in Google Chat In Google Chat, students can block someone if they don't want to chat with the person, including the teacher. Thus, the teacher is not able to reach to the student for discussions. There is no admin control for this. This policy removes the feature of Blocking someone in students' Google Chat interface. This policy does not automatically unblock the teachers from the list. You will need to instruct students to unblock them from their Blocked users page. The feature is turned on when the policy value is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.32.0 |
| Learn more | Prevent Students from Blocking Teachers in Google Chat |
AutoRevokeDriveSharing
| Description | Auto revoke unauthorized shared Drive files This policy is intended to limit internal Google Drive sharing between students. For example, if student A creates a Google Doc and shares with student B, C, D and teacher E, then Safe Doc will revoke the unauthorized permissions to B, C, D while leave alone the permission to the teacher E. This policy is an Object, containing 5 child properties ►Blacklist ►BlacklistExceptions ►DelegateAdminEmail ►ServiceAccountEmail ►ServiceAccountPrivateKey Safe Doc will revoke the permissions shared to those who are in the Blacklist but not in BlacklistExceptions. The DelegateAdminEmail setting is used when you need to block owners by organizational units. The ServiceAccountEmail and ServiceAccountPrivateKey are used to call Google APIs without students' manual authorization. Notes ► This policy requires a Google service account. ► The implementation of Blacklist and BlacklistExceptions in this policy is slightly different from the Blacklist and BlacklistExceptions in the policy BlockDriveSharedLinks, when it comes to mixed email conditions and OU conditions. In this policy, email and OU conditions are treated equally if mixed used. This policy will evaluate all conditions in the Blacklist first and evaluate the BlacklistExceptions. ► This policy does not revoke permissions shared to group emails. ► This policy does not revoke file permissions shared before this policy taking place, unless the file has changes later. You can see the full instructions of setting up this policy in Block Google Drive Sharing Files > Approach 3. |
| Data type | Object |
| Default | { "Blacklist": [], |
| Examples | "BlockDriveSharedLinks": {A student under the policy above is limited to share their files to the teachers. Any files shared to other students under /Students/* OU or /Staff/IT will be revoked. |
| Support since | Version 1.33.0 |
| Learn more | Block Google Drive Sharing Files > Approach 3 |
| Service Account Encryption Tool |
Blacklist
This is a subsidiary property of AutoRevokeDriveSharing policy.
| Description | The blacklist with which a student cannot share files. It accepts 1) Email addresses. Support the * wildcard. 2) Organizational Unit Paths. Support the * wildcard. The OU path is a different representation of OU separated by a forward-slash '/'. For example, /Students/Elementary School/Grade 1 equals to District Domain > Students > Elementary School > Grade 1. The OU values automatically includes their sub OUs too. |
| Data type | List of Strings |
| Default | [] |
| Examples | "Blacklist": [Revoke file access permissions shared to 2 specific collaborators "Blacklist": ["*@*"]Revoke file access permissions shared to anyone, including teachers "Blacklist": ["/Students/Grade 4", "/Students/Grade 5"]Revoke file access permissions shared to Grade 4 and Grade 5 students, including their sub OUs. "Blacklist": ["/Students/*/Exam"]Revoke file access permissions shared to the Exam students on any Grade, including sub OUs. "Blacklist": ["/Staff"]Revoke file access permissions shared to all staffs, including sub OUs under the Staff OU. "Blacklist": ["*"]Nah, using a single wildcard does not work. |
| Support since | Version 1.33.0 |
BlacklistExceptions
This is a subsidiary property of AutoRevokeDriveSharing policy.
| Description | Take out certain people from the blacklist so that the permissions shared to them won't be revoked. As same as the format of blacklist, it accepts 1) Email addresses. Support the * wildcard. 2) Organizational unit paths. Support the * wildcard. |
| Data type | List of Strings |
| Default | [] |
| Examples | "BlacklistExceptions": [Allow file sharing to a couple of resource emails, the Exam account and the IT account. "BlacklistExceptions": ["/Staff/Teachers"]Allow file sharing to the teachers. |
| Support since | Version 1.33.0 |
DelegateAdminEmail
This is a subsidiary property of AutoRevokeDriveSharing policy.
| Description | A privilege-limited administrator email to allow Safe Doc access user and organizational unit basic information to perform the blacklist filtering. To know which OU a collaborator (the person who received the shared file) is located, Safe Doc needs to impersonate an administrator to get user and OU information from your school domain using your service account. A separate administrator account with minimum user read-only and OU read-only privileges is ideal. |
| Data type | String |
| Default | "" |
| Examples | "DelegateAdminEmail": "[email protected]"[email protected] is a user account with limited admin privileges created specifically to read the collaborator's OU information. |
| Support since | Version 1.33.0 |
ServiceAccountEmail
This is a subsidiary property of AutoRevokeDriveSharing policy.
| Description | The email of service account you created in your Google Cloud Platform. To protect the service account information, we strongly recommend to encrypt it using the Service Account Encryption Tool for Safe Doc tool in the AutoRevokeDriveSharing policy and set the value with the encrypted text instead of the plain email address. |
| Data type | String |
| Default | "" |
| Examples | "ServiceAccountEmail": "7a04e3d4373e5759f78e493ab296fb26ee93b...(truncated for demo purpose)"Use an encrypted value of service account email for security. (Recommended) "ServiceAccountEmail": "[email protected]"It's also acceptable to use the plain email address. |
| Support since | Version 1.33.0 |
ServiceAccountPrivateKey
This is a subsidiary property of AutoRevokeDriveSharing policy.
| Description | The private key of service account you created in your Google Cloud Platform. To protect the service account information, please first encrypt it using the Service Account Encryption Tool for Safe Doc tool in the AutoRevokeDriveSharing policy and set the value with the encrypted text instead of the plain private key. You're responsible to protect your own service account private key. |
| Data type | String |
| Default | "" |
| Examples | "ServiceAccountPrivateKey": "3251af946a10775edbb8080790b3c849d3b7...(truncated for demo purpose)"Use an encrypted value of service account private key for security. (Recommended) "ServiceAccountPrivateKey": "-----BEGIN PRIVATE KEY-----\nIt's also acceptable to use the plain private key. |
| Support since | Version 1.33.0 |
BlockChatRooms
| Description | Removes the Spaces (formerly Rooms) & Group conversations feature in Google Chat Google Chat spaces is a feature for group communication and collaboration. Similarly, Google Chat also features a group conversation with similar intention. Students often share inappropriate files, pics through group chat. Both features are removed in this policy. With the policy turned on, students cannot find, open or create spaces and group conversations in their Chat web app. The feature is turned on when the policy value is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.34.0 |
| Learn more | Disable students using Spaces in Google Chat |
BlockMeetCompanionMode
| Description | Disable the Companion Mode in Google Meet This policy removes the option for students to join Google Meet sessions by the companion mode. The feature is turned on when the policy value is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.35.0 |
| Learn more | Disable the Companion Mode in Google Meet |
BlockDriveMakeCopy
| Description | Disable the Make a copy feature in Drive and Docs Editors This policy removes the "Make a copy" menu item in Google Drive, Docs, Sheets, Slides, Forms, Drawings and Jamboard. The feature is turned on when the policy value is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.37.0 |
| Learn more | Block Drive Make Copy Option |
ReloadTabsAfterActivation
| Description | Reload Chrome tabs after the Safe Doc is installed and activated This policy does not block anything. Instead, it's a customization setting for Safe Doc. By default, when Safe Doc is installed and activated, existing opened Chrome tabs are not impacted. By turning on this policy at the time of deployment, students' Chrome tabs will be automatically reloaded after Safe Doc is installed and activated on their Chrome browser. The feature is turned on when the policy value is set to true. This feature is OFF by default. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.37.0 |
BlockYoutubeEmbedPlayerFeatures
| Description | Block features in the Youtube embed player The Youtube embed player is ubiquitous in the internet. Some features within the embed player outsmart the expectation of school management. For example, when you pause the video in the embed player, it will recommend you with related videos. When the video ends playing, a wall of related videos pops up. The policy blocks the subtle features in the Youtube embed player. The policy includes these sub-properties. ► BlockRelatedVideos ► BlockYoutubeButton ► BlockCopyLink ► BlockContextMenu ► BlockWatchLater ► BlockShare Each sub-property manages one feature in the Youtube embed player. Click each property to learn more. By default the policy is OFF. It does not block anything in the Youtube embed player. |
| Data type | Object |
| Default | { |
| Examples | "BlockYoutubeEmbedPlayerFeatures": { |
| Support since | Version 1.38.0 |
| Learn more | Remove Controls In YouTube Embed Videos |
BlockRelatedVideos
This is a sub-property of BlockYoutubeEmbedPlayerFeatures.
| Description | Block the related videos in the Youtube embed player In the Youtube embed player, when you pause the video or watch until the end, Youtube would display a "More videos" overlay on the top of video. The suggested videos generated by Youtube AI algorithm go beyond the school's managed list. That students watch unexpected videos concern school management. This policy disables the "More videos" feature in the embed player. When you pause the video or when the video ends, no "More videos" would display. To turn on the blocking, set the property value to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.38.0 |
BlockYoutubeButton
This is a sub-property of BlockYoutubeEmbedPlayerFeatures.
| Description | Removes the Youtube button in the control bar of Youtube embed player. The Youtube button takes students to the video page of Youtube main site. To turn on the blocking, set the property value to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.38.0 |
BlockCopyLink
This is a sub-property of BlockYoutubeEmbedPlayerFeatures.
| Description | Removes the "Copy link" button in the title bar of Youtube embed player. The "Copy link" button set the clipboard to the shortened Youtube URL, e.g. https://youtu.be/h3GAAtXxBn8. The "Copy link" button is available when the embed player is in the Privacy Enabled Mode. To turn on the blocking, set the property value to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.38.0 |
BlockContextMenu
This is a sub-property of BlockYoutubeEmbedPlayerFeatures.
| Description | Blocks the context menu from showing up when you right click the Youtube embed player. The context menu includes options of "Account", "Loop", "Copy video URL", "Copy video URL at current time", "Copy embed code", "Copy debug info", "Troubleshoot playback issue" and "Stats for nerds". To turn on the blocking, set the property value to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.38.0 |
BlockWatchLater
This is a sub-property of BlockYoutubeEmbedPlayerFeatures.
| Description | Removes the "Watch later" button in the title bar of Youtube embed player. The button adds the video to the student's Youtube playlist. To turn on the blocking, set the property value to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.38.0 |
BlockShare
This is a sub-property of BlockYoutubeEmbedPlayerFeatures.
| Description | Removes the "Share" button in the title bar of Youtube embed player. The button pops the system Share dialog to allow the video to be shared with others. To turn on the blocking, set the property value to true. |
| Data type | Boolean |
| Default | false |
| Support since | Version 1.38.0 |
Takeaway
Configuration is an important characteristic of software. Luckily Google provided this option to remote configure the behavior of Safe Doc. If you encountered issues with the configurations, please leave a comment, email us at [email protected] or ask on Safe Doc community.
Safe Doc
