When operating a Chromebook on a school network, it is common to enroll the Chromebook into an Enterprise domain. On a school network, typically chromebooks must be enrolled in enterprise management.
Enroll Chromebook on Domain
- Turn on the Chrome device and follow the onscreen instructions until you see the sign-in screen. Don’t sign in yet. Before signing in to the Chrome device, press Ctrl + Alt + E to go to the enrollment screen.
- Enter the username and password for an existing Google Apps user on your account that has eligibility to enroll. Enter the username and password from your Google admin welcome letter, or the username and password for an existing G Suite user on your account that has eligibility to enroll.
- Click Enroll device. You’ll receive a confirmation message that the device has been successfully enrolled.
You must enroll a device before any user signs in to it (including you as the teacher). If a user signs in first, your policies will not apply, and you must wipe (or powerwash) the device to restart enrollment.
Selecting Keep Chrome device in current location means that when you enroll the Chrome device, it will stay in the top-level organization for your domain and will pull device settings from there accordingly. Selecting Place Chrome device in user organization means that when you enroll the Chrome device, the device will be placed in the organizational unit that the enrolling user is in.
The settings you’ve applied for that user’s organizational unit will be applied to the device. Place Chrome device in user organization is a useful setting if you need to manually enroll many devices. The device settings unique to the user’s organization will be automatically added to the device, instead of requiring an additional step of manually moving each device into a specific organization after enrollment.
Note: This policy will only take effect if the device is being enrolled into the domain for the first time or the device was previously deprovisioned.
Force re-enrollment for wiped or recovered devices
The Forced Re-Enrollment device policy ensures that wiped or recovered devices remain managed when they’re distributed to users. This policy is turned on by default. If you don’t want a Chrome device to re-enroll in your domain, you need to deprovision the device.
By default, users in this organization will be allowed to enroll new or deprovisioned devices. Selecting Do not allow users in this organization to enroll new or deprovisioned devices will prevent users, such as students in a sub-organization from enrolling new devices. Note that this policy does not affect devices being force-reenrolled.
Manage Chrome devices with Active Directory
You can integrate your devices running Chrome OS with a Microsoft® Active Directory® server. Integrating joins devices to your domain so you can see them in your domain controllers. You can also manage sessions and push policies to users and devices. You don’t need to synchronize usernames to Google servers. Users sign in to devices using their Active Directory credentials. Using devices as kiosks or digital signage with Active Directory integration isn’t supported at this time.