The default values from Google allow users to edit trust settings for all CA certificates, remove user-imported certificates, and import certificates.
If a user removes CA certificates from their device there is a possibility it could affect the functionality of our services. It is recommended that you do not allow users to edit certificates installed on their devices.
To do this:
- Log into your Google Workspace as a Super Admin User (admin.google.com)
- Navigate to Devices > Chrome > Settings > Users & Browsers
- Select your root directory (If you wish to limit the scope of this best practice, select the container which contains the proper users)
- Scroll down to Security
- Locate the settings:
- User management of installed CA certificates
- User management of installed client certificates
- Locate the settings:
- Select 'Disallow users from managing certificates' for both fields:
Full navigation path, applied on root directory, with settings highlighted:
Close up of specific settings:
Comments
Article is closed for comments.