Control and review users in a G Suite domain: Google Vault

Català (Catalan) Español (Spanish)

In an educational centre, it is important to know what students do with digital tools. In a previous post, I explained the audit options available from the domain management console. But sometimes we need something else. Can we see what emails sends a user? Can we see files they haven’t shared with anyone? Administrators can do it with Google Vault. In this article we will see some functionality, but it is not intended to be an exhaustive description of the tool.

Even if we are not administrators, it is also important to know what our administrator can do. Can the address of a school look at the professional emails of its teachers? The answer is that in a G suite domain, yes.

Naturally, spying on teachers is at least ethically reprehensible. But to be able to access what the students create with the school’s mail when there are signs of misuse is not only recommended, but for me it is an obligation of the school.

Let’s see how it can be done and what possibilities it offers. The application that allows it is Google Vault, available for G Suite for education domains.

According to Google, the purpose of the tool is to Archive, Retain for Legal Purposes, Search, Export and create Audit Reports.

To understand each other, it allows us to search for mail, drive files and group topics and export the results. Unlike the admin console audit reports, here we will be able to access the mail content (even if it is not for us), the documents a user has in Drive (even if they have not been shared) and the topics of a group (even if we are not part of it). Logically, all this can only be done by the administrator.

We enter the tool and the first thing to do is to configure the time that Vault stores mail and documents. We access the menu Data storage on the left and choose the time we want. As we have unlimited space, I recommend to keep indefinitely.

It is important to note that they will be retained even if the user deletes them.

We will use the tool to search for emails that have been typed by a user (student). In the menu on the left we will choose Issues and select the Create button.

It’ll ask us for a subject name and, if we want, a description. Once entered, the left menu will change.

We could create specific retention rules, although having indicated that everything is kept indefinitely does not make much sense. Let’s focus on the Find tool.

When you select it, the search criteria appear. What we want to search for (mail, drive or groups), from whom (user or organization) and between what dates.

At the bottom, next to the Search button there is an arrow with different options to perform.

For starters we can choose Search. Later, we can export the results if needed.

I’ve run a test on my domain, looking for my one-day emails to show how the results are obtained.

The list shows both the emails sent by the user and those received. Attention, even if the user has deleted the emails, they will also appear in the list.

Now, if we want, we can see the content of a specific email by clicking on the subject.

We could also have searched for the user’s documents, either because they were created by him or shared with him.

As with e-mails, we could click on the one that interests us and see the preview (without being able to modify it).

Obviously, the tool is much more powerful and will allow you to export this data, save the searches we have done… The idea of the article was just to make a presentation and be aware of what the administrator can see.

As far as students are concerned, it is certainly an excellent tool. If there is a sign of misuse of the tool, the administrator will be able to investigate what has happened. It is not superfluous to be honest with the students and explain this possibility to them. At least I’m one of the first things I tell them. The center provides them with a user, but they should know that it is monitored and that any action they take can be viewed by the administrator.

Another issue is with teachers. There is a much more sensitive legal issue here, because even though they are professional accounts, teachers still have the right to privacy. In any case, legal or otherwise, it is also good to know the possibility for the domain administrator to see emails and documents that we teachers create. And if the administrator isn’t someone with an address, it gets more complicated, as you could access emails that you shouldn’t see at all. But this would already be a misuse of the Vault tool and is far from the intent of this article.

Català (Catalan) Español (Spanish)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.