This article guides you through setting up Blocksi for Windows devices. It includes procedures for deploying three MSI files along with your Windows Server: one for Web Filtering and two for Classroom Management.

Prerequisites

The following are required before you can begin setting up Blocksi:

• Windows Server with the following roles created:

  • Active Directory Domain Services

  • DNS

  • File and Storage Services.

• A file share that is accessible by all Windows devices that you wish to filter. (It is recommended that this share is on another partition rather than the server's C drive.)

• Good organization of your Active Directory environment (users, computers, OUs). It is especially important for computer objects to be in easily identifiable OUs as they will be the target of the GPO you create.

• Username prefixes in Active Directory must match the email account prefix.

For instance, an administrator used Google Admin Console to create the email address John.Doe@example-school.com for a student.

At a minimum, the username entered into Active Directory must match the prefix John.Doe or Blocksi will not filter the student's account.

• Devices running Windows 7 and up.

• The following files, which can be found by signing in to your Admin Dashboard:

  • Blocksi 2.4.msi – This is the classroom management application that allows a student's device to be seen by the Teacher Dashboard.

  • BlocksiUPN.msi – This is used to detect the logged in user's identity. Without it Blocksi 2.4.msi will not work.

  • BlocksiWebfilter_x.x.x.x.msi – Performs the web filtering on the device. Can be used independently of the other MSIs.

Creating a New GPO for the OUs to Which to Deploy Blocksi

Configuring the Firewall

1. Go to Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Defender Firewall > Domain Profile.

2. Double-click Windows Defender Firewall: Define inbound port exceptions.

3. Select Enabled.

4. Click Show and type 9432:TCP:*:enabled:Blocksi.

5. Click OK.

   

Configuring Packages to Install With Elevated Privileges

1. Go to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Installer.

2. Set Always install with elevated privileges to Enabled.

   

Downloading the Three MSI Files

Access the Blocksi Admin Dashboard.

1. Sign in to the Blocksi Admin Dashboard using your Google Admin or Microsoft credentials.

2. Click the user icon on the Action Bar and click Downloads.

   

3. The Downloads window opens.

   

3. Download the following files from the Windows tab:

• Class Management - App (filename appears as Blocksi 2.4.msi)

• Class Management App - UPN (filename appears as BlocksiUPN.msi)

• Web Filter (filename appears as BlocksiWebfilter_10.8.3.18.msi)

Configuring the MSIs to Deploy

1. Go to User Configuration > Policies > Software Settings > Software installation.

2. Right-click in the open area on the right and select New > Package.

3. Locate the MSI files you placed in your file share, select them, and click Open.

4. If you see a dialog box stating Cannot verify path is a network location…, you may need to change the destination to a UNC file path rather than one that includes a drive letter.

   

4. Select Assigned and click OK.

   

5. Repeat for all three MSI files.

6. Right-click on the first package.

7. Select Properties.

8. Select Deployment tab. Deployment type should be Assigned.

9. Select the Install this application at logon checkbox.

10. Ensure that the Installation user interface options is set to Maximum.

    

11. Click the Advanced button.

12. Select the Ignore language when deploying this package checkbox.

13. Click OK.

14. Repeat for all three packages.

    

Configuring the Chrome Browser Policy

1. Go to User Configuration > Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome.

2. If you do not see Classic Administrative Templates, you may need to download and unzip the GoogleChromeEnterpriseBundle64.zip file found here:

   https://dl.google.com/tag/s/appguid%253D%257B8A69D345-D564-463C-AFF1-A69D9E530F96%257D%2526iid%253D%257BBEF3DB5A-5C0B-4098-B932-87EC614379B7%257D%2526lang%253Den%2526browser%253D4%2526usagestats%253D1%2526appname%253DGoogle%252520Chrome%2526needsadmin%253Dtrue%2526ap%253Dx64-stable-statsdef_1%2526brand%253DGCEB/dl/chrome/install/GoogleChromeEnterpriseBundle64.zip?_ga%3D2.8891187.708273100.1528207374-1188218225.1527264447

2. In your Group Policy Management Editor, ensure you are on User Configuration > Policies > Administrative Templates.

3. Select the Action tab and click Add/Remove Templates.

4. Click Add in the new window.

5. Locate the GoogleChromeEnterpriseBundle64 folder you’ve unzipped at Configuration > adm > en-US, select Chrome.adm, and click Open.

   

6. Close the dialog box and go to User Configuration > Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome.

7. Double-click Continue running background apps when Google Chrome is closed.

8. Select Enabled and click OK.

9. Go to User Configuration > Policies > Administrative Templates > Classic Administrative Templates > Google > Google Chrome > Extensions.

10. Double-click Configure the list of force-installed apps and extensions.

11. Select Enabled and click Show.

12. Return to the Blocksi Admin Dashboard Downloads section and copy the Blocksi Enterprise Edition Windows ID.

13. Paste the following ID (fcclfaoepaibnkmpcnknicjhpnbbbnom) into the Value field and click OK.

14. Click OK on the next window.

    

Configuring Blocksi Apps to Run at Signon

1. Go to User Configuration > Policies > Administrative Templates > System > Logon.

2. Double-click Run these programs at user logon.

3. Select Enabled and click Show.

4. Enter the following files paths for the three Blocksi applications:

   • C:\Program Files (x86)\Blocksi 2.4\blocksi2.4.exe

   • C:\Program Files (x86)\Blocksi Webfilter\bsflt.exe

   • C:\Program Files (x86)\BlocksiUPN\upn.exe

5. Click OK.

   

Setting to Install With Elevated Privileges

1. Go to User Configuration > Policies > Administrative Templates > Windows Components > Windows Installer.

2. Double-click Always install with elevated privileges.

3. Select Enabled and click OK.

   

Troubleshooting

Refer to the following troubleshooting tips if you have a problem:

• If the apps fail to deploy to devices, it may be necessary to rename the file path from a local drive letter such as: F:\BlocksiFiles\Blocksi 2.4.msi to a UNC path, such as \\blocksi-dc01\FS-01\BlocksiFiles\Blocksi 2.4.msi.

• If Web Filtering or Classroom management is not working, ensure the following applications are installed: Blocksi 2.4, BlocksiUPN, and BlocksiWebfilter.

• Ensure the following processes are running: Blocksi2.4.exe, upn.exe, and bsflt.exe.

• Ensure the firewall rule to allow inbound TCP port 9432 is seen in the firewall.

• Ensure the users login name matches the prefix found in the email address.

• Ensure computers are in the correct OU to receive the Blocksi GPO.