- Office Deployment Tool (ODT): Deploy Office using custom XML files - Thu, Mar 30 2023
- Microsoft Teams freezes: Set cam permissions for conferencing apps - Tue, Mar 21 2023
- Microsoft 365 Apps admin center: Remote Office configuration - Wed, Mar 8 2023
Manage Chrome with Group Policy
First, you need to determine where your Group Policy definition store is. By default on a domain controller, it will be at c:\windows\policydefinitions. If you have multiple domain controllers, you may have had a Central Store configured.
If you do not know if you have a Central Store configured, browse to your domain's SYSVOL folder. Open the Policies folder. If you see a PolicyDefinitions folder, you are working with a Central Store. It may be worth creating one at this point, but that is beyond what we are discussing here.
Once you have located your PolicyDefinitions folder, we can store the Chrome Group Policy templates in it after you download the ZIP files. I recommend you do this on a client machine, as we will make some changes to the folders before we add them to the PolicyDefinitions folder.
Download Chrome ADMX Templates from the chrome enterprise website
Extract the policy_templates.zip folder. Inside the extracted folder, go into the windows folder.
Select the windows folder inside the policy templates folder
Inside the windows folder, open the admx folder. This folder contains multiple language folders that you do not need if you will be managing the Group Policies in English. You can delete every folder in here except en-US.
You should be left with a folder that looks like the screenshot below.
Tidied Chrome policy templates folder
If you're using the default PolicyDefinitions folder on your Domain Controller, you need to take ownership of it to copy the Chrome template files in.
PolicyDefinitions folder is owned by TrustedInstaller
Once you have ownership of the folder, copy both the en-US and two ADMX files into the Policy Definitions Folder.
Open Group Policy Management and create a new GPO.
Create a new GPO to set Chrome policy
Go into the Group Policy Object Editor and select Computer Configuration > Administrative Templates > Google. You will see two subfolders, Google Chrome and Google Chrome (Default Settings).
The difference between the two should be self-explanatory. The default settings contain what you want to present the first time a user loads Chrome; it contains things like a home page and preferred search engine—things you may want to offer but allow the user to control.
The main folder contains more options such as policy settings that, once configured, cannot be changed by the user.
So, we'll jump straight into some policies you may want to configure, starting with Remote Access.
| Allow Remote Connections to this Machine | Disabled |
Disable Chrome Remote Access feature
You may want to prevent Chrome from opening PDF files (a pet peeve of several of the people I support).
| Always Open PDF Files Externally | Enabled |
Prevent Chrome from opening PDF files
You may want to manage the extensions installed on a device or block certain extensions.
Manage Chrome extensions using GPO settings
You can find the full list of policies here.
Manage Edge with Group Policy
I mentioned Microsoft Edge earlier. The process we went through above is identical to what you need to do to control Edge using Group Policy.
First, download the Edge ADMX templates. Edge policy files are downloaded as a CAB file that contains a ZIP file with an identical folder structure to the ZIP file from Google.
Extract Edge ADMX policy files
Once again, remove any unnecessary language folders, and copy the remaining folders/files to your PolicyDefinitions folder.
Create a new GPO for Microsoft Edge, and start setting some policies.
Create a new GPO to set Edge policy
In the Group Policy Editor, you will notice that there are additional settings available for Edge that are not present in Chrome.
Microsoft Edge Group Policy settings
Microsoft has published a full list of policy settings for Microsoft Edge.
Subscribe to 4sysops newsletter!
Hopefully, this article has been useful. I am very interested in knowing what settings you deploy to your clients and why.
Pretty useful post for beginners. I use the GPO settings to disable browser sign-in, disable desktop notifications for all sites (except a few), block extensions in both Chrome and Edge browsers.