- SystoLOCK in review: Logging in to Active Directory with multi-factor authentication without passwords - Tue, Dec 5 2023
- New Group Policy settings in Windows 11 23H2 - Mon, Nov 20 2023
- Windows Server 2025 will support SMB over QUIC in all editions - Fri, Nov 17 2023
In Windows 10, the settings under Apps > Default apps show a list of popular programs for which you can pick an app as the default. If you select a web browser, the file extensions and protocols for which it is registered (.html, http://, etc.) are then automatically assigned to it.
This overview is now missing in Windows 11, so you have to assign each file type and protocol individually to the desired default program. The easiest way to do this is to search in Apps > Default apps for the program you want to make the default.
For example, if you search for "Chrome," you will get all the file extensions and protocols that this browser is registered with.
Most of them are assigned to Microsoft Edge after an update to Windows 11 and must be individually redirected to Chrome. In this case, you see a message persuading the user to stay with Edge.
Set up a reference system for GPO
To set a default program via GPO, configure the default apps on the admin machine, export them to an XML file, and specify it as a configuration file in the appropriate group policy.
To create a sample configuration for default apps, you need to log on to the machine with an admin account because the DISM utility requires elevated privileges. On the other hand, if you configure the file type associations as a normal user, then these changes will be neglected because DISM will export not these but the settings of the privileged user.
The standard browser is set using the Windows 11 GUI, as described above. The good news is that you can also use a PC with Windows 10 for this because the format of the exported settings remains the same.
Once you have specified all the default apps you want, switch to a command prompt or PowerShell session, and run the following command:
dism /online /Export-DefaultAppAssociations:assoc.xml
This will write the list of default apps and their associated file types or protocols to the assoc.xml file. This file contains the settings for both the web browser and all other types of applications. However, you can just keep the entries you actually need and import only the sections that affect the browser. Other standard apps are not changed or deleted by importing the reduced list on the target computers.
This task can be done relatively easily with PowerShell. For example, if you have defined Chrome as the default on the reference computer, then extract the settings responsible for the browser with this command:
Get-Content .\assoc.xml | Select-String -Pattern "Chrome|.xml|DefaultAssociations"| Out-File -Encoding utf8 .\browser.xml
The output file contains an empty line before the XML declaration, which you should remove in an editor. Then copy it to a file share that can be accessed by all target PCs.
Creating a GPO
Now you can create a GPO that will implement the XML file's configuration on the target computers. The responsible setting can be found under Computer Configuration > Policies > Administrative Templates > Windows Components > File Explorer and is called Set a default association configuration file.
As you can see from the policy path, the default browser can be set in this way only for computers and not for specific users.
After activating the setting, enter the name and path of the configuration file in the corresponding field. On the next reboot, all computers in the scope of this GPO should adopt the default browser from the XML file, in our example, Google Chrome.
Even though the interactive configuration of the default browser has become unnecessarily cumbersome in Windows 11, there is no fundamental change in the central configuration of default apps via GPO. Those who want to simplify the customization of the reference computer can also perform this task under Windows 10.
Subscribe to 4sysops newsletter!
The limitation of using group policies remains that the default browser can only be set for computers, not for users.