Group Policy for Google Chrome Browser (windows central store)
To Manage your chrome browser in your organization, you must download and import the admx templates because Google chrome is not Microsoft product.
For this blog, i will
* Download chrome policy templates
* Import in central store
* Enforce restrictions to delete browser and download history
* Restrict using incognito mode
* Check the policy settings
* Test if policies are being applied
in domain environment.
Download Chrome Policy templates using this link https://support.google.com/chrome/a/answer/187202?hl=en
click windows
to download policy templates click Zip file of Google Chrome templates and documentation
You can view downloaded templates at downloads (depends on your download file directory)
Double click policy_templates-zip\windows\admx, scroll down and you can see
chrome.admx
google.admx
copy chrome.admx and google.admx
on your windows server go to central store
c:\windows\SYSVOL\sysvol\[your domain name]\policies\policyDefinitions\
now paste chrome.admx and google.admx
after that you must copy the adml files (for language specific)
to do that:
go back to your downloaded policy_templates-zip
Double click policy_templates-zip\windows\admx\en-us (depends on your language)
you can see
chrome.adml
google.adml
copy chrome.adml and google.adml
on your windows server go to central store
c:\windows\SYSVOL\sysvol\[your domain name]\policies\policyDefinitions\en-us (depends on your language)
now paste chrome.adml and google.adml
Now, to check if chrome policy templates are available:
on your windows server open Group Policy Management
Edit any Group Policy Object (GPO)
expand
Computer Configuration\Policies\Administrative templates: Policy definitions (ADMX files) ...
you can see Google
expand and click Google Chrome you can see the available policy templates.
Now, to prevent deleting browser and download history:
double click Enable deleting browser and download history
Click Disabled then Ok
Enable deleting browser history and download history allows users to delete browser and download history. I configured it as disabled, so that browser history and download history cannot be deleted.
To prevent using Incognito mode
expand Google Chrome and click Deprecated policies.
on the right pane double click Enable Incognito mode
Enable Incognito Mode If you don’t want Google Chrome to remember your activity, you can browse the web privately in Incognito mode. I configured it as disabled, so that Enable deleting browser history and download history Policy will capture user’s activity in google chrome.
close the Group Policy Management Editor
Now, configure the scope and make sure that the GPO is linked to designated Organizational Unit (OU)
In group Policy Management, Click GPO then click Scope tab
To check the current settings, click the settings tab
Now to enforce the policy to apply
open command prompt and type
gpupdate /force then enter
you also need to perform gpupdate /force to computers or restart the computer.
After it restart, Try deleting browser history and download history
Open Google Chrome and click CTRL+H (short cut key for accessing history)
You can see on the lower left corner that "Your Browser is managed by your organization"
Now try deleting browser history and download history by clicking Clear browsing data on the upper left corner
You can see that Browsing history and Download history is grey-scale and cannot select the check box for deletion.
If you have any issues by following this steps, Please let me know so i can help.
Thank you!
For this blog, i will
* Download chrome policy templates
* Import in central store
* Enforce restrictions to delete browser and download history
* Restrict using incognito mode
* Check the policy settings
* Test if policies are being applied
in domain environment.
Download Chrome Policy templates using this link https://support.google.com/chrome/a/answer/187202?hl=en
click windows
You can view downloaded templates at downloads (depends on your download file directory)
Double click policy_templates-zip\windows\admx, scroll down and you can see
chrome.admx
google.admx
copy chrome.admx and google.admx
on your windows server go to central store
c:\windows\SYSVOL\sysvol\[your domain name]\policies\policyDefinitions\
now paste chrome.admx and google.admx
after that you must copy the adml files (for language specific)
to do that:
go back to your downloaded policy_templates-zip
Double click policy_templates-zip\windows\admx\en-us (depends on your language)
you can see
chrome.adml
google.adml
copy chrome.adml and google.adml
on your windows server go to central store
c:\windows\SYSVOL\sysvol\[your domain name]\policies\policyDefinitions\en-us (depends on your language)
now paste chrome.adml and google.adml
Now, to check if chrome policy templates are available:
on your windows server open Group Policy Management
Edit any Group Policy Object (GPO)
expand
Computer Configuration\Policies\Administrative templates: Policy definitions (ADMX files) ...
you can see Google
expand and click Google Chrome you can see the available policy templates.
Now, to prevent deleting browser and download history:
double click Enable deleting browser and download history
Click Disabled then Ok
Enable deleting browser history and download history allows users to delete browser and download history. I configured it as disabled, so that browser history and download history cannot be deleted.
To prevent using Incognito mode
expand Google Chrome and click Deprecated policies.
on the right pane double click Enable Incognito mode
Enable Incognito Mode If you don’t want Google Chrome to remember your activity, you can browse the web privately in Incognito mode. I configured it as disabled, so that Enable deleting browser history and download history Policy will capture user’s activity in google chrome.
close the Group Policy Management Editor
Now, configure the scope and make sure that the GPO is linked to designated Organizational Unit (OU)
In group Policy Management, Click GPO then click Scope tab
To check the current settings, click the settings tab
Now to enforce the policy to apply
open command prompt and type
gpupdate /force then enter
you also need to perform gpupdate /force to computers or restart the computer.
After it restart, Try deleting browser history and download history
Open Google Chrome and click CTRL+H (short cut key for accessing history)
You can see on the lower left corner that "Your Browser is managed by your organization"
Now try deleting browser history and download history by clicking Clear browsing data on the upper left corner
You can see that Browsing history and Download history is grey-scale and cannot select the check box for deletion.
Note: Any computers that are not joined to domain will deny the
Google chrome policy. Once joined to domain and added to scope, it will apply the policy even if
users logged as local computer account.
If you have any issues by following this steps, Please let me know so i can help.
Thank you!
Comments
Post a Comment