Google Chrome for Work
Use modern and secure browser.
To learn how to use group policies for Google Chrome web browser in Windows, read on.
On the Setup page of Chrome for Work , google posted a setup guide, I highlighted the following items:
')
Install Chrome
If you plan to install chrome by group policies or other means you need the msi package, the msi package needs to be downloaded here .
If you do not have an embedded application launch control policy, as practice shows, users install the chrome browser on their own, and in this case the browser distribution will be installed in the user profile.
Installation templates
Download a zip file for Google Chrome templates and documentation .
The archive contains ADM / ADMX templates and examples in the form of a reg file.
More information about group policy templates can be found here .
ADMX templates need to be copied to the central repository of your domain.
This is a DFS ball which is located on domain controllers in the folder C: \ Windows \ SYSVOL \ sysvol \ "FQDN of your domain" \ Policies \ PolicyDefinitions \
The network repository is available via the link \\ "FQDN of your domain" \ policies \ PolicyDefinitions \
If the PolicyDefinitions folder is missing, create the folder yourself.
If you did everything right, when you create a new policy, you will have a new Google section.
Automatic update
Download the administrative template here , only the ADM template is available.
After adding a template to your policy, you will have a new section, where you can select the update period or disable the auto update.
Politicians
I found on the open spaces of google a wonderful guide Deploying and Securing Google Chrome in a Windows Enterprise , a very useful document from the National Security Agency of USA.
A politician a lot, as google himself writes. Over 100 rules for customization.
First of all, I recommend adjusting the size of the local cache and its location.
1 - Set disk cache directory: set value to "$ {local_app_data} \ Google \ Chrome \ User Data"
2 - Set disk cache size in bytes: set the cache value in bytes
3 - Set Google Chrome Frame user data directory: set value "$ {local_app_data} \ Google \ Chrome \ User Data"
4 - Set media disk cache size in bytes: set the cache value in bytes
5 - Set user data directory: set the value of "$ {roaming_app_data} \ Google \ Chrome \ User Data"
Pay attention to the variables {local_app_data} and {roaming_app_data}, these are the folders "\% username% \ AppData \ Local" and "\% username% \ AppData \ Roaming" in the user profile.
6 - Managed Bookmarks: with this parameter you can create your own bookmarks collection.
example:
[{"Name": "Google", "url": "google.com"}, {"name": "Yandex", "url": "Yandex.com"}, {"name": "Bing", "Url": "bing.com"}]
result:
For a list of policies, open the chrome: // policy / page in your browser.
Plugin Policies
I prefer to use the policy where everything is prohibited is not allowed.
7 - Specify a list of disabled plugins: set the value to * to disable all plugins
8 - Specify a list of enabled plugins: allow selected plugins
For a list of plugins, open the chrome: // plugins / page in your browser.
Policies for Extensions and Applications
As in the case of plugins, I disable everything that is not allowed.
9 - Configure extension installation blacklist: set the value to * to disable all extensions
When you try to install an extension or application, chrome will display the following error window:
The Configure extension installation white list and Configure options list will allow you to install or install the necessary extensions.
For a list of installed extensions, open the chrome: // extensions / and chrome: // apps / for the list of applications page in your browser.
Experimental options
To gain access to experimental options, you must open the chrome: // flags / page.
I use only one option “Save page in MHTML format” to save pages in web archive format.
Google Chrome Implementation Practice
I have used many recommendations from the NSA guide.
After disabling extensions and access to the “webstore”, several users complained about the lack of favorite skins.
On terminal servers, ws2008R2 slows down the sound on the youtube site, in ws2012 cases there is no such problem.
Automatic update is not configured.
Recommendations
After writing the article, I came across videos on this topic, I recommend for viewing:
How to deploy Chrome in a Windows domain
Managing Chrome with group policy
Configuring legacy browser support for Chrome
To learn how to use group policies for Google Chrome web browser in Windows, read on.
On the Setup page of Chrome for Work , google posted a setup guide, I highlighted the following items:
')
Install Chrome
If you plan to install chrome by group policies or other means you need the msi package, the msi package needs to be downloaded here .
If you do not have an embedded application launch control policy, as practice shows, users install the chrome browser on their own, and in this case the browser distribution will be installed in the user profile.
Installation templates
Download a zip file for Google Chrome templates and documentation .
The archive contains ADM / ADMX templates and examples in the form of a reg file.
More information about group policy templates can be found here .
ADMX templates need to be copied to the central repository of your domain.
This is a DFS ball which is located on domain controllers in the folder C: \ Windows \ SYSVOL \ sysvol \ "FQDN of your domain" \ Policies \ PolicyDefinitions \
The network repository is available via the link \\ "FQDN of your domain" \ policies \ PolicyDefinitions \
If the PolicyDefinitions folder is missing, create the folder yourself.
If you did everything right, when you create a new policy, you will have a new Google section.
Automatic update
Download the administrative template here , only the ADM template is available.
After adding a template to your policy, you will have a new section, where you can select the update period or disable the auto update.
Politicians
I found on the open spaces of google a wonderful guide Deploying and Securing Google Chrome in a Windows Enterprise , a very useful document from the National Security Agency of USA.
A politician a lot, as google himself writes. Over 100 rules for customization.
First of all, I recommend adjusting the size of the local cache and its location.
1 - Set disk cache directory: set value to "$ {local_app_data} \ Google \ Chrome \ User Data"
2 - Set disk cache size in bytes: set the cache value in bytes
3 - Set Google Chrome Frame user data directory: set value "$ {local_app_data} \ Google \ Chrome \ User Data"
4 - Set media disk cache size in bytes: set the cache value in bytes
5 - Set user data directory: set the value of "$ {roaming_app_data} \ Google \ Chrome \ User Data"
Pay attention to the variables {local_app_data} and {roaming_app_data}, these are the folders "\% username% \ AppData \ Local" and "\% username% \ AppData \ Roaming" in the user profile.
6 - Managed Bookmarks: with this parameter you can create your own bookmarks collection.
example:
[{"Name": "Google", "url": "google.com"}, {"name": "Yandex", "url": "Yandex.com"}, {"name": "Bing", "Url": "bing.com"}]
result:
For a list of policies, open the chrome: // policy / page in your browser.
Plugin Policies
I prefer to use the policy where everything is prohibited is not allowed.
7 - Specify a list of disabled plugins: set the value to * to disable all plugins
8 - Specify a list of enabled plugins: allow selected plugins
* Java *
* Flash *
* Adobe Acrobat *
* Microsoft Office *
* Silverlight *
* VMware *
* Chrome PDF Viewer *
* RealPlayer *
* Quicktime *
For a list of plugins, open the chrome: // plugins / page in your browser.
Policies for Extensions and Applications
As in the case of plugins, I disable everything that is not allowed.
9 - Configure extension installation blacklist: set the value to * to disable all extensions
When you try to install an extension or application, chrome will display the following error window:
The Configure extension installation white list and Configure options list will allow you to install or install the necessary extensions.
For a list of installed extensions, open the chrome: // extensions / and chrome: // apps / for the list of applications page in your browser.
Experimental options
To gain access to experimental options, you must open the chrome: // flags / page.
Attention! These experimental functions can change, stop working or disappear at any time. We do not provide any guarantees regarding the possible consequences of their activation, in addition, they may cause the browser to crash. The browser can delete all your data, the security and privacy of data can be compromised in unexpected ways. Experimental functions selected by one user are included for all browser users on the computer. Be careful.
I use only one option “Save page in MHTML format” to save pages in web archive format.
Google Chrome Implementation Practice
I have used many recommendations from the NSA guide.
After disabling extensions and access to the “webstore”, several users complained about the lack of favorite skins.
On terminal servers, ws2008R2 slows down the sound on the youtube site, in ws2012 cases there is no such problem.
Automatic update is not configured.
Recommendations
After writing the article, I came across videos on this topic, I recommend for viewing:
How to deploy Chrome in a Windows domain
Managing Chrome with group policy
Configuring legacy browser support for Chrome
Source: https://habr.com/ru/post/259941/
All Articles