Web 2.0, SOA, and Web Services: Google Chrome Leverages Active Directory for Centralized Deployment and Management
Google Chrome Leverages Active Directory for Centralized Deployment and Management
by Andrew Garcia
The new Chrome MSI installer package can be deployed using standard windows management software, like Active Directory Group Policy.
Install at Reboot
After creating a Group Policy-based installation rule, I issued a policy refresh (above). Chrome installed successfully after the next client reboot.
Rip and Replace
The new installation recognizes and removes any pre-existing versions of Chrome installed within user profiles. The users bookmarks and passwords are migrated to the new instance.
Google offers both ADM and ADMX versions of the Chrome Administrative Templates, which can be used to centrally configure Chrome behavior. Each kind of template includes 36 different policies at this time.
Create GPO and Link
To apply Chrome policies, I created a new OU (Organizational Unit) in Active Directory, moved the managed clients to that container, then created a new Group Policy which I applied to the container.
Changing Search Provider
Administrators can change the default search provider in Chrome. Here I set the policy to use Bing instead of Google (top), allowing me to search from the link bar (middle).
Administrators can easily issue a blanket blacklist to deny users the ability to install browser extensions. Blacklisting individual extensions requires more workfinding the extension ID (top left) and creating the blacklist policy (top right). At bottom, the policy is enforced.
By policy, I could allow or deny the ability for the browser to offer to save passwords. When allowed, I could further block the users ability to see saved passwords in clear text. The circle (left) shows where the option would exist, sans blocking policy.