I'm trying to lock down Chrome for my users. I know you can whitelist extensions, force installation of others and prevent all other extensions from installing. I've done this, and it works well. Except for one hitch.
For those extensions I force install, I want the extensions to have the necessary permissions. But my users can go into the extension details and the site access section, change "Allow this extension to read and change all your data on websites you visit" to on click or a specific site instead of all sites. It effectively makes some extensions useless. Can I lock down that configuration via policies? I couldn't find anything for that.
Related
I need to install a Chrome extension from the Chrome store to the managed workstations on my network in such a way that users (or at least users with administrator privileges) can temporarily reinstall it if necessary to troubleshoot issues.
I have tried the Force-installed extensions setting in Group Policy, but this prevents disabling or removing the deployed extensions. Instead, I tried Chrome Extension policies (https://support.google.com/chrome/a/answer/7532015), but with this method the extension is disabled by default due to Chrome security policies, requiring the user to manually approve it.
I realize that this is expected behavior to prevent application developers from auto-enabling a malicious or unwanted extension without the user's knowledge, but I am an enterprise admin trying to deploy a sanctioned extension to my managed machines.
How can I deploy and automatically enable an enterprise-installed extension without user interaction on my managed workstations, but allow that extension to be temporarily uninstalled?
I have developed a Google Chrome Extension that I need to automate installation for my users.
I have published it in Google Web Store but I don't want a user to search for it in order to install, because this extension is part of other development, including a C# application.
I am creating an installer that installs the C# application but I need to add the automatic installation for my extension. How can I do it?
Yes, you can. The procedure is described in the docs.
Summary:
The installer adds a registry entry that contains the extension ID.
Upon next Chrome restart (you may want to ask the user to do it), the extension will be downloaded and then the user will be prompted whether he/she wants to install it.
If yes, you live happily ever after, with the extension bearing "Installed by a third-party" mark in the extension list.
If no, the extension will be disabled, and you cannot enable it yourself (you have to ask the user to do that by going to chrome://extensions/ or the CWS listing)
If the user ever uninstalls the extension, it will be blacklisted from ever attempting that install procedure on this Chrome profile; if the user changes his mind, he'll have to install it directly from the Store.
Leave clear instructions for your users: that they must restart the browser and expect/accept the prompt.
The best way to do this is the way that Xan wrote in his answer.
If you need to force install Chrome extensions in your company without user interaction. You can do this with ExtensionInstallForcelist policy or with master_preferences file. Both ways described here.
I have implemented a chrome extension project but I need to install it by running a .exe file.
I tried many ways like extracting files to C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions automatically using iExpress(i gave the id of extension to the folder),
i tried creating ExtensionInstallForceList under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\ and creating new string value "1" giving it value "id;https://clients2.google.com/service/update2/crx"
and lots of other ways but still I couldn't make it. I would appreciate a little help
The only programmatic way to install an extension on Windows (assuming you're not a Windows Domain sysadmin, which seems to be a safe assumption) is as follows:
Upload your extension to Chrome Web Store and publish.
This is mandatory, but the extension can be specified to be unlisted.
Create an installer that adds a registry entry as described here.
Upon next browser restart, Chrome will:
Download the extension from Web Store (and nowhere else)
Ask a confirmation from the user to allow that extension.
If the user agrees, you're done. If the user does not agree, the extension is blacklisted and you can't try again on this install unless the user installs directly from Web Store.
ExtensionInstallForceList is only for enterprise deployments via group policy. Chrome will ignore local registry values and query the domain policy directly.
I need to setup a native application which talks to a Chrome extension.
For that I am creating a setup, but I need the extension's id to be added in the native application's manifest file. That id says which extensions are allowed to talk with that native application.
How to get the extension id, assuming the user manually installs the extension by dragging and dropping.
Btw, To my knowledge installing an external chrome extension (no chrome web store) silently is close to impossible. I highly appreciate if someone has any solution for that, too.
The recommended flow would be to keep the extension in the Web Store (possibly unlisted if it does not work without the module), silently queue it for installation using the registry or other platform-specific method, and then warn the user to accept the install in the dialog on next browser restart. This is as close to "silent" as it gets.
If you absolutely have to distribute the extension externally (and drag&drop install will probably not work), you can pin the ID by setting the "key" field in the manifest. See this question for ways of doing so.
I want to create a Chrome extension and install it as part of a larger desktop software install. This is on Windows XP/Vista/7 etc. I've used the method described here and it works.
However, the extension is installed in a disabled state. The user has to explicitly enable it from the Chrome menu (the user has 3 chances to do that before the menu badge disappears) or from the extensions page. Enabling the extension brings up a prompt in which Chrome informs the user of the permissions the extension is requesting and asks the user to reject or accept the extension.
I understand that Google wants to ensure that users have a chance to reject external extensions. I also understand that Google prefers installs via its Web Store (for various logistical reasons, that is not a preferred option for this app). In fact, our application specifically asks the user for permission before installing the extension.
My issue is that the member has to affirmatively ask for the extension to be enabled before the permissions dialog comes up. Is there any programmatic/command line way to get Chrome to bring the permissions dialog up? The user still has the choice of rejecting the extension, but I would like to present the user with this choice, rather than relying on him/her to try and enable the extension later.
[ I realize that editing the Chrome Preferences file in the installation script will install the extension without any user intervention, but I don't want to do that.]
It's possible to trigger an install from a webpage. Have your installer open chrome with a small webpage that brings up this dialog to the user.