What do you need help with?

  1. Support
  2. Filter
  3. Best Practice

GPO Chrome Extension Best Practices

Securly Admin
Updated

This article provides best practices for configuring Securly’s Google Chrome extensions using the Group Policy Editor.

All settings can be configured within your Group Policy Editor by following this path: (Computer Configuration or User Configuration) > Policies > Administrative Templates > Google > Google Chrome > Extensions

  • “Configure extension installation blocklist” [ExtensionInstallBlocklist] may be used to block all other extensions (such as VPNs or proxies).  Click to enable it and then use the ‘Show’ button to bring up the value box and enter “*”.

  • Now, navigate back to: (Computer Configuration or User Configuration) > Policies > Administrative Templates > Google > Google Chrome
  • “Browser sign-in settings” [BrowserSignin] may be used to force users to sign in to the browser, click to enable it and select ‘Force users to sign-in to use the browser’.

  • “Block access to a list of URLs” should be enabled. Click “Show” to add the following list of URLs:
    • chrome://addresses
    • chrome://certificate-manager
    • chrome://extensions
    • chrome://flags
    • chrome://hang
    • chrome://inspect
    • chrome://kill
    • chrome://network
    • chrome://serviceworker-internals
    • chrome://settings/privacy
    • chrome://settings/reset
    • chrome://settings/signOut
    • chrome://settings/system
    • chrome://version
    • data://*
    • devtools://*
    • javascript://*

  • “Control where developer tools can be used” [DeveloperToolsAvailability] should be enabled and ‘Disallow usage of the Developer Tools’ should be selected.

  • “Enable network prediction” should be enabled and ‘Do not predict network actions on any network connection’ should be selected.

  • “IncognitoModeAvailability” [IncognitoModeAvailability] should be enabled and “Incognito mode disabled” should be selected.

  • “Enable guest mode in browser” [BrowserGuestModeEnabled] should be disabled.

  • “Enable ending processes in the Browser task manager” [TaskManagerEndProcessEnabled] should be disabled.

After making changes to any Group Policy, running the command “gpupdate /force” will propagate the changes you made.

Was this article helpful?
0 out of 0 found this helpful
Have more questions?
Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more