Whether you are deploying computers in a public environment or a corporate environment, Google Chrome has a range of built in policies that you as a system administrator can configure, there are two methods of configuring policies for Chrome.
- Applying registry policies via a .reg file or other means.
- Using the Google Chrome ADMX policy templates and deploying the policies through Group Policy
Google have different versions of Google Chrome you may not be aware of, I find that using the enterprise version of Chrome works well in deployments, you can find it at the following link.
Google Chrome ADMX Policies
Group policy ADMX templates for Google Chrome can be found below if you are planning to apply policies via group policy, the documentation on the use of these ADMX templates can be found on the Chromium website.
Google Chrome ADMX Templates: dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
Google Chrome ADMX Documentation: www.chromium.org/administrators/policy-templates
Google Chrome Registry Policies
Google Chrome policies can be applied in the registry under HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the following paths, full policy paths provided below:
Google Chrome: Software\Policies\Google\Chrome\
Chromium: Software\Policies\Chromium\
These policies are simple to create and apply by creating a simple .reg file, the following lists the 20 most common Google Chrome policies, how to apply them, including a final code sample.
20 Most Common Google Chrome Policies
ForceEphemeralProfiles
The Force Ephemeral profiles policy ensures that any user data is cleared from Google Chrome between user sessions, this is an extremely useful policy for public used machines. ForceEphemeralProfiles can be applied with RegEdit with the following configuration.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"ForceEphemeralProfiles"=dword:00000001
Alternative configuration:
Value 0 - Ephemeral Profiles Disabled
SavingBrowserHistoryDisabled
This policy ensures that as users browse websites in Google Chrome that no browsing history is saved in Chrome.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"SavingBrowserHistoryDisabled"=dword:00000001
Alternative configuration:
Value 0 - Saving browser history enabled
SyncDisabled
This policy prevents Google Chrome from syncing any data, can be used to disable syncing data to Google accounts that would otherwise sync your settings and preferences.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"SyncDisabled"=dword:00000001
Alternative configuration:
Value 0 - Sync enabled
PasswordManagerEnabled
This policy can be used to disable the Google Chrome password manager so as users login to websites Chrome won't ask users if they would like to save their password in Chrome.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"PasswordManagerEnabled"=dword:00000000
Alternative configuration:
Value 1 - Password manager enabled
SigninAllowed
This policy allows you to stop users from signing into Chrome with a Google account.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"SigninAllowed"=dword:00000000
Alternative configuration:
Value 1 - Sign in allowed
HideWebStoreIcon
This policy prevents access to the Chrome Webstore, preventing users from installing apps and extensions.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"HideWebStoreIcon"=dword:00000001
Alternative configuration:
Value 0 - Show web store icon
ShowAppsShortcutInBookmarkBar
This policy works in addition to the previous policy, removing the Apps button from the bookmarks bar, and further preventing access to the Web store.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"ShowAppsShortcutInBookmarkBar"=dword:00000000
Alternative configuration:
Value 1 - Show apps shortcut in bookmarks bar
DefaultCookiesSetting
This policy keeps cookies only for the duration of the users session, when a user closes the browser all cookies are cleared.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"DefaultCookiesSetting"=dword:00000004
Alternative configuration:
Value 0 - Allow all sites to set local data
Value 1 - Do not allow any site to set local data
AutoFillEnabled
This policy will disable the use of autofill in online forms and disable saving autofill data such as names, addresses .etc
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"AutoFillEnabled"=dword:00000000
Alternative configuration:
Value 1 - Enables autofill
AutofillCreditCardEnabled
This policy disables the use of autofill saving credit/debit card details for use in online purchases.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"AutofillCreditCardEnabled"=dword:00000000
Alternative configuration:
Value 1 - Enables autofill credit card
BrowserAddPersonEnabled
This policy prevents users from adding additional user accounts or profiles to the Google Chrome browser.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"BrowserAddPersonEnabled"=dword:00000000
Alternative configuration:
Value 1 - Enables adding users
BrowserGuestModeEnabled
Disables the guest mode built into Google Chrome.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"BrowserGuestModeEnabled"=dword:00000000
Alternative configuration:
Value 1 - Enables guest mode
CloudPrintSubmitEnabled
Disables Google Cloud print functionality in Google Chrome and stops users from signing in and adding Cloud Print printers.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"CloudPrintSubmitEnabled"=dword:00000000
Alternative configuration:
Value 1 - Enable Google Cloud Print
DefaultBrowserSettingEnabled
Stops Google Chrome from checking if Chrome is the default browser on startup and prevents users from changing the default browser settings.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"DefaultBrowserSettingEnabled"=dword:00000000
Alternative configuration:
Value 1 - Allow Google Chrome to check if it is the default browser
EditBookmarksEnabled
Prevents users from adding or editing bookmarks in Google Chrome.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"EditBookmarksEnabled"=dword:00000000
Alternative configuration:
Value 1 - Allow users to add or edit bookmarks
CloudPrintProxyEnabled
Stops Google Chrome from acting as a proxy between Google Cloud Print and Legacy printers connected to the computer.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"CloudPrintProxyEnabled"=dword:00000000
Alternative configuration:
Value 1 - Allow Google Chrome to act as a Cloud Print proxy
ExtensionAllowedTypes
This policy is configured as a key, if you create the key and leave it empty, all extension file types will be disabled so users can't sideload extensions.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionAllowedTypes]
URLBlacklist
This policy enables you to block particular webpages in Google Chrome, this also extend to blocking chrome settings pages and it primarily what it is used for. Blocking "chrome://settings/" for example will block users from accessing the settings page in Google Chrome.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\URLBlacklist]
"1"="chrome://settings/"
For a full list of supported policies in Google Chrome, refer to the documentation at cloud.google.com/docs/chrome-enterprise/policies/
Common Google Chrome RegEdit policies
For your convenience the following is the complete config for all of these common Google Chrome policies which you can customise for your needs, it's a perfect template you can use on public use machines.
Was this helpful?
Comments
Post a Comment