School Laptop - When You Don't Have Control
School-issued Chromebooks present unique challenges for parents trying to manage screen time and content access at home. In this post, I'll share how I tackled a persistent problem: a school Chromebook that bypassed our home network controls and allowed unrestricted video streaming despite our best efforts.
The Problem: School Devices with Their Own Rules
Many schools now provide Chromebooks for students to use both in class and at home. While these devices offer valuable educational benefits, they come with an unexpected challenge for parents trying to maintain healthy digital boundaries at home.
School-issued Chromebooks are typically configured with enterprise management tools that enforce the school's policies—including their internet filtering system. Products like Lightspeed filter proxy initial connection requests through school servers, effectively bypassing any local DNS or content filtering you might have configured on your home network.
To complicate matters further, tech-savvy students quickly discover proxy websites and workarounds that circumvent even the school's filtering systems. In our household, this meant homework time was regularly derailed by YouTube videos, despite our network-level content restrictions that worked perfectly on other devices.
Regaining Control: Falling Back on TLS 1.2
One of the most effective, if blunt, ways to regain control is by "falling back on TLS 1.2" at the firewall level. By disabling TLS 1.3 for specific school-managed MAC addresses, we can force the device's traffic through a local inspection point (like a MITM proxy with a root CA) that the school's enterprise policy might otherwise bypass.
The key takeaway is that you cannot rely on DNS alone for managed devices. You must use a combination of MAC-based IP static assignments and Layer 7 firewall rules to identify and shunt this traffic into a restricted VLAN. This enforces your home rules over the school's proxy, ensuring that homework time remains productive and focused.