Help Center
14 DAY FREE TRIAL
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Managing ChromeOS Devices
  3. Managed Guest Session

Category filter

Configure content settings in managed guest sessions on ChromeOS devices

Jump To

Content settings in managed guest sessions allow administrators to control and customize the browsing experience on ChromeOS devices used in shared environments.

Content settings give administrators fine-grained control over how websites behave during managed guest sessions, such as blocking pop-ups, restricting access to the microphone or camera, disabling autoplay for media, and managing cookie behavior – all to align the browsing experience with organizational policies.

With Hexnode UEM, administrators can configure and enforce these content settings across all enrolled ChromeOS devices, ensuring consistency at scale.

Configure content settings

You can personalize the content preference on your ChromeOS devices by setting up the Content policy in the Hexnode UEM console. Follow these steps:

  1. Log in to the Hexnode UEM console.
  2. Navigate to the Policies tab.
  3. Click New Policy to create a new policy or select an existing one to edit.
  4. Enter a suitable name and a description (optional) for the policy.
  5. Select ChromeOS, then go to Managed Guest Session > Content.
  6. Click Configure.
    7. Note:


    For settings that require you to specify URLs, enter valid server URLs separated by commas (,) or semicolons (;).

    Image showing the content settings in managed guest sessions (page-1)

    Content settings Description Supported OS version
    Restricted Mode for YouTube Enforces a minimum level of Restricted Mode on YouTube. Three options to select from:
    1. Disabled: Chrome does not enforce Restricted Mode on YouTube.
    2. Moderate: Users are limited to Moderate Restricted Mode.
    3. Strict: Restricted Mode is permanently enabled on YouTube.
    		 ChromeOS 55+
    Safe Search When checked, SafeSearch is used for Google Search queries. SafeSearch filters Google search results to prevent explicit content from appearing. ChromeOS 41+
    Block screenshots When checked, it prevents screenshots from being captured using keyboard shortcuts or extension APIs. ChromeOS 22+
    Screen capture When checked, websites can prompt the user to share a video stream of their screen. ChromeOS 81+
    Screen capture allowlist Specify the list of sites that allow tab, window, and desktop video capture. ChromeOS 94+
    Window capture allowlist Specify the list of sites that are allowed tab and window video capture. Sites in this list will be ignored in the “Screen capture allowlist” field. ChromeOS 94+
    Tab capture allowlist Specify the list of sites that allow tab video capture. Sites in this list will be ignored in the “Screen capture allowlist” and “Window capture allowlist” field. ChromeOS 94+
    Allow only same origin tab capture allowlist Specify the list of sites allowed to capture video of their own tab only (same-origin capture). Sites in this list will be ignored in the “Screen capture allowlist”, “Window capture allowlist” and “Tab capture allowlist” field. ChromeOS 94+
    Allow Pepper to use shared images for video decoding Controls the recent refactor for VideoDecoder APIs in PPAPI plugin. The migration only affects internal implementation details and should not change any behavior. However, this can be used in case any PPAPI apps do not work as expected. ChromeOS 119-121
    Allow Pepper to use the new video decoder If checked, a new decoder is used for hardware accelerated video decoding. ChromeOS 110-114
    Allow modern buffer allocation If checked, allows modern buffer allocation for Graphics3D APIs PPAPI plugin. ChromeOS 110-114
    Auto-select client certificates URL allowlist Specify the URLs where Chrome automatically selects a client certificate if requested. ChromeOS 15+
    Throttling behavior of background JavaScript timers Specify whether JavaScript timers for background tabs inactive for 5 minutes or more should be suspended based on either Google’s internal logic or user-configured settings. For these tabs, timers only execute their code once a minute. This can decrease CPU load and battery power consumption. Three options to select:
    1. Users can choose: Allow throttling of background JavaScript timers to be configured by users.
    2. Force no throttling: Force no throttling of background JavaScript timers.
    3. Force throttling: Force throttling of background JavaScript timers.
    		ChromeOS 85+
    Clamping behaviour of JavaScript setTimeout() Specify if timeout() should be used aggressively to break down long JavaScript tasks to improve browser performance. Three options to select from:
    1. Default.
    2. Clamp after normal nesting threshold.
    3. Clamp aggressively.
    		ChromeOS 104-106
    Javascript JIT Specify if sites must be allowed to run JavaScript JIT. Four options to select from:
    1. Allowed on all sites: JavaScript JIT is enabled for all websites.
    2. Blocked on all sites: JavaScript JIT is disabled for all websites.
    3. Allowed on specific sites: Allows you to set a list of site URLs that are allowed to run JavaScript with the JIT (Just-In-Time) compiler enabled.
    4. Blocked on specific sites: Allows you to set a list of site URLs that are not allowed to run JavaScript with the JIT (Just-In-Time) compiler enabled.
    		ChromeOS 93+
    Javascript setTimeout() minimum Specify behavior for clamping of JavaScript setTimeout() with a timeout of 0ms. Three options to select from:
    1. Default.
    2. Javascript setTimeout() with a timeout of 0ms will not clamp to 1ms.
    3. Javascript setTimeout() with a timeout of 0ms will clamp to 1ms.
    		ChromeOS 101-109
    Clipboard restrictions Specify if sites can or cannot ask users to grant them access to the clipboard or you can allow the user to make the decision. Five options to select from:
    1. Allow user to choose: Users can choose which websites are allowed or blocked from accessing the clipboard.
    2. Allow all URLs to request for accessing the clipboard: All websites are permitted to request access to the clipboard.
    3. Block all URLs from accessing clipboard: No website is allowed to access the clipboard.
    4. Allow specific URLs: Only the specified site URLs are allowed to access the clipboard.
    5. Block specific URLs: The specified site URLs are blocked from accessing the clipboard.
    		ChromeOS 103+
    Notification restrictions Specifies whether websites are allowed to display desktop notifications. Five options to select from:
    1. Allow user to choose: Users are prompted to allow or block desktop notifications when a website requests permission.
    2. Allow all notifications: All websites are automatically allowed to display desktop notifications without prompting the user for permission.
    3. Block all notifications: No websites are allowed to show desktop notifications. All requests for notification permissions are automatically denied.
    4. Allow specific URLs to show notifications: Only the specified site URLs are allowed to display desktop notifications.
    5. Block specific URLs from showing notifications: The specified site URLs are blocked from displaying desktop notifications.
    		ChromeOS 11+
    Autoplay video allowlist Specify the URLs that are allowed to autoplay media. Prefix a domain with “*.” to include all its subdomains, or use “*” to allow autoplay on all domains. ChromeOS 86+
    Auto open file types Specify the list of file types that automatically open after download. ChromeOS 84+
    Auto-open downloaded files allowlist Specify the list of URL patterns of pages that are allowed to automatically open the downloaded files. ChromeOS 84+
    Pop-up restrictions Specifies whether websites are allowed to display pop-ups. Choose from the following options:
    1. Allow user to choose: Users can decide whether to allow or block pop-ups.
    2. Allow all pop-ups: All websites are permitted to display pop-ups without any restrictions.
    3. Block all pop-ups: Pop-ups are blocked on all websites. Sites will not be able to open new pop-up windows.
    4. Allow specific URLs to show pop-ups: Only the specified website URLs are allowed to display pop-ups. All other sites will be blocked.
    5. Block specific URLs from showing pop-ups: The specified website URLs are blocked from displaying pop-ups. All other sites will be allowed.
    		ChromeOS 11+
    Block Cross-origin JavaScript dialogs Check this option to block JavaScript dialogs triggered from a cross-origin iframe. ChromeOS 91+
    Throttle non-visible, cross-origin iframes Check this option to throttle JavaScript dialogs initiated by non-visible, cross-origin iframes. ChromeOS 110-123
    Navigate to external protocols inside a sandboxed iframe If this option is unchecked, Chrome will block navigation to external protocols within sandboxed iframes. ChromeOS 96+
    URL blocklist Specify the list of URLs that cannot be accessed from inside the guest session. ChromeOS 86+
    Blocked URL exceptions Specify the list of URLs that can only be accessed from inside the guest session. ChromeOS 86+
    Allow users to cast from Chrome Check this option to allow users to cast content from Chrome. ChromeOS 52+
    Allow all IPs (Available only when Allow users to cast from Chrome is enabled) Controls whether Google Cast can connect to devices on all IP addresses. Choose from the following options
    1. Not configured: Google Cast is allowed to connect only to devices on private IP addresses (default behavior).
    2. True: Google Cast can connect to devices on both private and public IP addresses.
    3. False: Google Cast is restricted to connecting only to devices on private IP addresses.
    		ChromeOS 67+
    Show Google Cast icon in toolbar Check this option to show the Cast icon in the toolbar. ChromeOS 58+
    Media controls for Google Cast sessions started by other devices Controls whether media playback controls are shown for Google Cast sessions initiated by other devices on the local network. Choose from the following options:
    1. Default: Uses the device’s default behavior for displaying media controls.
    2. Enabled: Displays media controls for Google Cast sessions started by other devices on the local network.
    3. Disabled: Hides media controls for Google Cast sessions started by other devices on the local network.
    		ChromeOS 110+
    Insecure websites can make requests Specifies whether insecure websites are allowed to make requests. Choose from the following options:
    1. Users can choose: Users are allowed to decide whether insecure websites can make requests.
    2. Allowed: All insecure websites are permitted to make requests without restriction.
    3. Allow for specific sites: Only the specified insecure website URLs are allowed to make requests. All others will be blocked.
    		ChromeOS 92+
    Show warnings for insecure forms When this option is enabled, Chrome warns users before they enter information into forms on websites that aren’t secure. ChromeOS 86+
    Enable window.webkitStorageInfo API Check this option to enable window.webkitStorageInfo API. ChromeOS 106-112
    Enable Event.path API Controls support for the Event.path API. Choose from the following options:
    1. Until Chrome 108: Allows the use of Event.path API only until Chrome version 108.
    2. Until Chrome 115: Extends support for Event.path API until Chrome version 115.
    3. Disable: Disables the usage of Event.path API.
    		ChromeOS 105-115
    Enable CryptoToken extension Controls how long the CryptoToken extension remains available in Chrome. Choose from the following options:
    1. Until Chrome 105: The CryptoToken extension will be enabled only up to Chrome version 105.
    2. Until Chrome 107: The CryptoToken extension will remain enabled up to Chrome version 107.
    		ChromeOS 106-107
    Network file share Check this option to allow users to access Network File Shares on ChromeOS devices. ChromeOS 70+
    NTLM authentication (Available only when Network File Share is enabled) Check this option to use NTLM as the authentication protocol for SMB file share mounts. ChromeOS 71+
    Preconfigured file share mode (Available only when Network File Share is enabled) Choose how the file share URL should appear on the device. Choose from the following options:
    1. Mount the shared URL: The specified URL will be mounted as a file share.
    2. Add to the shared discovery dropdown: The specified URL will appear in the file share discovery list, allowing users to manually select and mount it.
    		ChromeOS 71+
    File URL (Available only when Network File Share is enabled) Provide the file URL. ChromeOS 110+
    NetBIOS discovery (Available only when Network File Share is enabled) Check this option to enable the use of the NetBIOS name query protocol for discovering network file shares. ChromeOS 70+
    Scroll to text fragment Check this option to allow websites to use the “scroll to text fragment” feature via URL links. ChromeOS 83+
    URL-keyed anonymized data collection Check this option to keep anonymized data collection enabled at all times on the device. ChromeOS 69+
    Optimization Guide Fetching Check this option to allow Chrome to fetch page load metadata and machine learning models to improve browsing performance. ChromeOS 101-103
    File URLs with local access enabled in the PDF viewer Specify the file URLs that are allowed local access within the PDF viewer. ChromeOS 110+
    Trash files Check this option to allow files to be moved to the trash in the Files app. ChromeOS 109+
    Native Client Check this option to use Native Client for running secure, native code within the browser. ChromeOS 116-131
    Shopping list Controls the availability of the shopping list functionality. If checked, users will see an option in the UI to track the price of the product on the current page. Tracked products will appear in the bookmarks side panel. ChromeOS 107+
    PPB_VideoDecoder(Dev) API Check this option to use the PPB_VideoDecoder(Dev) API. ChromeOS 111-114
    Third-party storage partitioning Controls whether third-party storage partitioning is allowed on the device. Choose from the following options
    1. Allow for all URLs: Third-party storage partitioning is permitted for all websites.
    2. Block for all URLs: Third-party storage partitioning is disabled for all websites.
    3. Block for specific origins: Allows you to set a list of URLs that specify origins for which third-party storage partitioning should be disabled.
    		ChromeOS 113+
    Renderer for PDF files Controls which rendering engine the PDF viewer in Google Chrome uses. Choose from the following options:
    1. Default: Chrome automatically selects the appropriate PDF renderer.
    2. Use Skia renderer for PDF files: The PDF viewer uses the Skia for rendering PDFs.
    3. Use AGG renderer for PDF files: The PDF viewer uses the AGG renderer for rendering PDFs.
    		ChromeOS 115+
    Zstd compression Check this option to allow web content to be compressed with Zstandard (Zstd). ChromeOS 119+
    Compression dictionary transport support Check this option to enable the use of previous responses as compression dictionaries for future network requests. ChromeOS 118+
    CSS custom state deprecated syntax Check this option to allow the use of deprecated CSS custom state syntax by default. ChromeOS 127-132

    Image showing the content settings in managed guest sessions (page-2)

Associate the policy with target entities

  1. Navigate to Policy Targets > Domains/OUs.
  2. Click on +Add Domain/OUs. From the list, select the Google Workspace account integrated with Hexnode.
  3. The parent OU will be listed and indicated with a briefcase icon to differentiate it from other domains.
  4. Click on the dropdown next to the parent OU to view its child’s OUs. Select the required Organizational Units and click OK.
  5. Associate the policies to the OUs to which the target devices are assigned.
  6. Click Save to associate the policy with the selected Organization Units.

What happens at the device end?

Once the Content policy is applied, the configured settings will take effect in the ChromeOS interface during managed guest sessions. Depending on the policy configuration, certain content-related features will be pre-configured, restricted, or hidden. Users will not be able to modify these settings, ensuring a consistent and secure browsing experience across all managed guest sessions.

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Managing ChromeOS Devices