Managing Google Chrome using Group Policy is not a new idea. Because Microsoft Edge, as you may know, is based on Chromium, you can update your Group Policies to manage Edge as well.

Manage Chrome with Group Policy

First, you need to determine where your Group Policy definition store is. By default on a domain controller, it will be at c:\windows\policydefinitions. If you have multiple domain controllers, you may have had a Central Store configured.

If you do not know if you have a Central Store configured, browse to your domain's SYSVOL folder. Open the Policies folder. If you see a PolicyDefinitions folder, you are working with a Central Store. It may be worth creating one at this point, but that is beyond what we are discussing here.

Once you have located your PolicyDefinitions folder, we can store the Chrome Group Policy templates in it after you download the ZIP files. I recommend you do this on a client machine, as we will make some changes to the folders before we add them to the PolicyDefinitions folder.

Download Chrome ADMX Templates from the chrome enterprise website

Download Chrome ADMX Templates from the chrome enterprise website

Extract the policy_templates.zip folder. Inside the extracted folder, go into the windows folder.

Select the windows folder inside the policy templates folder

Select the windows folder inside the policy templates folder

Inside the windows folder, open the admx folder. This folder contains multiple language folders that you do not need if you will be managing the Group Policies in English. You can delete every folder in here except en-US.

You should be left with a folder that looks like the screenshot below.

Tidied Chrome policy templates folder

Tidied Chrome policy templates folder

If you're using the default PolicyDefinitions folder on your Domain Controller, you need to take ownership of it to copy the Chrome template files in.

PolicyDefinitions folder is owned by TrustedInstaller

PolicyDefinitions folder is owned by TrustedInstaller

Once you have ownership of the folder, copy both the en-US and two ADMX files into the Policy Definitions Folder.

Open Group Policy Management and create a new GPO.

Create a new GPO to set Chrome policy

Create a new GPO to set Chrome policy

Go into the Group Policy Object Editor and select Computer Configuration > Administrative Templates > Google. You will see two subfolders, Google Chrome and Google Chrome (Default Settings).

The difference between the two should be self-explanatory. The default settings contain what you want to present the first time a user loads Chrome; it contains things like a home page and preferred search engine—things you may want to offer but allow the user to control.

The main folder contains more options such as policy settings that, once configured, cannot be changed by the user.

So, we'll jump straight into some policies you may want to configure, starting with Remote Access.

Allow Remote Connections to this MachineDisabled
Disable Chrome Remote Access feature

Disable Chrome Remote Access feature

You may want to prevent Chrome from opening PDF files (a pet peeve of several of the people I support).

Always Open PDF Files ExternallyEnabled
Prevent Chrome from opening PDF files

Prevent Chrome from opening PDF files

You may want to manage the extensions installed on a device or block certain extensions.

Manage Chrome extensions using GPO settings

Manage Chrome extensions using GPO settings

You can find the full list of policies here.

Manage Edge with Group Policy

I mentioned Microsoft Edge earlier. The process we went through above is identical to what you need to do to control Edge using Group Policy.

First, download the Edge ADMX templates. Edge policy files are downloaded as a CAB file that contains a ZIP file with an identical folder structure to the ZIP file from Google.

Extract Edge ADMX policy files

Extract Edge ADMX policy files

Once again, remove any unnecessary language folders, and copy the remaining folders/files to your PolicyDefinitions folder.

Create a new GPO for Microsoft Edge, and start setting some policies.

Create a new GPO to set Edge policy

Create a new GPO to set Edge policy

In the Group Policy Editor, you will notice that there are additional settings available for Edge that are not present in Chrome.

Microsoft Edge Group Policy settings

Microsoft Edge Group Policy settings

Microsoft has published a full list of policy settings for Microsoft Edge.

Subscribe to 4sysops newsletter!

Hopefully, this article has been useful. I am very interested in knowing what settings you deploy to your clients and why.

avatar
1 Comment
  1. Pretty useful post for beginners. I use the GPO settings to disable browser sign-in, disable desktop notifications for all sites (except a few), block extensions in both Chrome and Edge browsers.

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account