According to statistics, the most popular browser today is Google Chrome, but its position in corporate networks is not too strong. Many administrators are not widely introducing or using Google Chrome because it is quite difficult to manage and update it centrally. In this article we’ll get acquainted with the administrative templates of group policies, provided by Google, that allow to manage Chrome settings centrally and make it easier to deploy and use this browser in corporate networks.
The administrative templates of the GPO for Google Chrome are deployed as follows:
- Download and unpack an archive with ADM/ADMX templates of Group Policies for Google Chrome ( http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip).
- There are two types of group policy templates for Windows OS in the archive: ADM and ADMX (the latter is supported in the OS since Windows Vista / 2008 and above).
- Copy the files of an administrative template to the directory where they are to be stored. If you want group policy templates to be localized, don’t forget to copy the corresponding template file.
- Suppose, we are going to use the ADMX format of the GPO template and centralized domain storage of policies. Copy chrome.admx file and localization directories to \\woshub.loc\SYSVOL\woshub.loc\Policies\PolicyDefinitions
- Open the Group Policy Management Console (gpmc.msc) and switch to editing any existing policy (or creating a new one). Make sure that both in User and Computer sections of Policies->Administrative Templates there appeared a new Google folder containing two subsections: Google Chrome and Google Chrome – Default Settings (users can override).
Tip. If you are not using the centralized GPO storage, you can add the GPO template for Google Chrome manually. To do it, right-click Administrative Templates and select Add/Remove Templates. In the next window specify the path to chrome.adm file. It is better to specify the path in the UNC format, e. g., like this: \\woshub.loc\SYSVOL\woshub.loc\Policies\{60553A6F-2549-4C9E-B522-D3CF668E56B4}\Adm\chrome.adm
So, we have installed GPO templates for Google Chrome browser. As we have told earlier, the new GPO section contains two subsections: Google Chrome and Google Chrome – Default Settings (users can override). The difference between them is that the settings of the latter section of policies can be changed by users in the browser settings on their computers. The settings of the first section are fixed and even the local administrator won’t be able to change them in the browser.
These administrative templates contain about 260 of different manageable Google Chrome settings.
It doesn’t make any sense to consider all of them, we’ll only demonstrate basic Chrome settings that are often to be configured in a corporate environment.
Let’s configure a proxy server: we are interested in the following policy section Google Chrome -> Proxy Server
- proxy server address: ProxyServer – 192.168.123.123:3128
- an exception list for proxy: ProxyBypassList – http://www.woshub.local,192.168.*, *.corp.woshub.local
Locate a home page: Home page -> HomepageLocation – http://woshub.com/
Change the location of the download folder:
Set download directory: c:\temp\Downloads
Apply the group policy to a client by running the command
gpupdate /force
|
Run the browser on the client and make sure that the GPO settings have been applied to its settings (in this screenshot, a user can’t change the values set by the administrator).
To display all settings, set by the group policies directly in the Chrome, go to the address Chrome://policy.
In the last example you Set download directory: c:\temp\Downloads.
In my experiment all users’ downloads went there.
I tried c:\temp\Downloads\%username% but now I had the same result with all users’ downloads showing up in c:\temp\Downloads\%username%.
So how do I set this policy to give each user his/her own dir under Downloads?
Also tried ${user_name}
These settings must be applied through User Configuration
Try c:\temp\downloads\%UserName%
or
c:\temp\downloads\%LogonUser%
Is it works only in the domain? I am tested on PC, which not in the domain and Chrome Group Policies I was created didn’t have any effect on Chrome browser
The policy should be applied to the standalone computer too.Are you add Chrome administrative template to gpedit.msc console?
Do you want block manager password ?
i want to disable executing .exe’s by browsing via chrome. e.g. users can enter the path in the address bar c:\windows\system32\cmd.exe. Upon entering this command – the cmd.exe gets copied into the %temp% folder and can execute. how can i stop this behaviour.
pls help
Hello Nasir,
If this behaviour can be stopped in Chrome I am unsure. However the cmd.exe can be restricted with following settings;
User Configuration – Policies – Administrative Templates – System
Policy: Don’t run specified Windows applications
Add cmd.exe
Apply this GPO to the users that need cmd restricted.
it’s not working ,
but when i chk Chrome://policy it’s shows me that there’s is policy but there’s is no effect .
Current user
Mandatory
Platform
HomepageLocation
http://www.facebook.com
OK
We have a RDP farm, and Adobe PDF is very heavy on our servers with +/- 80 people per server.
Do you know how we can make it so that you cannot choose in Chrome to Always open pdf with Adobe Acrobat? (if you do’nt choose this, the pdf opens in chrome which is perfect).
I know how to reset it when chosen (but I cannot script it).
Open Chrome about:plugins and make sure that Chrome PDF Viewer is enabled.
Next set chrome.exe as a default viewer for *.pdf files.
And simply delete Adobe Acrobat from RDP servers
Just like Osama, It doesn’t work for me too. When I check the Chrome://policy, it’s all there but somehow it doesn’t work.
homepage still google instead of what i’m setting to.
If you are using a domain policy, check that you don’t forget copy chrome.admx file and localization directories to the PolicyDefinitions folder on a DC
how do you add a bookmark via this group policy?
Thank you very much. We have deployed Citrix XenApp in a company and they have published google chrome. Our client requires that users have a predefined Proxy settings and this proxy settings can not be changed by users.
Your guidelines helped us.
I am trying to get the Google Chrome template to appear in GPMC. On the DC I have copied the admx files to C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions and the adml files to C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\en-us. I have rebooted the DC several times, but the Google Chrome template still does not show up under Computer Configuration\Policies\Administrative Templates. I can see the Google Chrome template in gpedit.msc though. Is there something else I need to do?
Thanks