- Encrypt email in Outlook with Microsoft 365 - Tue, Dec 6 2022
- Restricting registration to Azure AD MFA from trusted locations with Conditional Access policy - Thu, Nov 24 2022
- Azure AD MFA with number matching and temporary access passes - Tue, Nov 22 2022
Manage Chrome with Group Policy
First, you need to determine where your Group Policy definition store is. By default on a domain controller, it will be at c:\windows\policydefinitions. If you have multiple domain controllers, you may have had a Central Store configured.
If you do not know if you have a Central Store configured, browse to your domain's SYSVOL folder. Open the Policies folder. If you see a PolicyDefinitions folder, you are working with a Central Store. It may be worth creating one at this point, but that is beyond what we are discussing here.
Once you have located your PolicyDefinitions folder, we can store the Chrome Group Policy templates in it after you download the ZIP files. I recommend you do this on a client machine, as we will make some changes to the folders before we add them to the PolicyDefinitions folder.
Extract the policy_templates.zip folder. Inside the extracted folder, go into the windows folder.
Inside the windows folder, open the admx folder. This folder contains multiple language folders that you do not need if you will be managing the Group Policies in English. You can delete every folder in here except en-US.
You should be left with a folder that looks like the screenshot below.
If you're using the default PolicyDefinitions folder on your Domain Controller, you need to take ownership of it to copy the Chrome template files in.
Once you have ownership of the folder, copy both the en-US and two ADMX files into the Policy Definitions Folder.
Open Group Policy Management and create a new GPO.
Go into the Group Policy Object Editor and select Computer Configuration > Administrative Templates > Google. You will see two subfolders, Google Chrome and Google Chrome (Default Settings).
The difference between the two should be self-explanatory. The default settings contain what you want to present the first time a user loads Chrome; it contains things like a home page and preferred search engine—things you may want to offer but allow the user to control.
The main folder contains more options such as policy settings that, once configured, cannot be changed by the user.
So, we'll jump straight into some policies you may want to configure, starting with Remote Access.
|Allow Remote Connections to this Machine||Disabled|
You may want to prevent Chrome from opening PDF files (a pet peeve of several of the people I support).
|Always Open PDF Files Externally||Enabled|
You may want to manage the extensions installed on a device or block certain extensions.
You can find the full list of policies here.
Manage Edge with Group Policy
I mentioned Microsoft Edge earlier. The process we went through above is identical to what you need to do to control Edge using Group Policy.
First, download the Edge ADMX templates. Edge policy files are downloaded as a CAB file that contains a ZIP file with an identical folder structure to the ZIP file from Google.
Once again, remove any unnecessary language folders, and copy the remaining folders/files to your PolicyDefinitions folder.
Create a new GPO for Microsoft Edge, and start setting some policies.
In the Group Policy Editor, you will notice that there are additional settings available for Edge that are not present in Chrome.
Microsoft has published a full list of policy settings for Microsoft Edge.
Subscribe to 4sysops newsletter!
Hopefully, this article has been useful. I am very interested in knowing what settings you deploy to your clients and why.