Web 2.0, SOA, and Web Services: Google Chrome Leverages Active Directory for Centralized Deployment and Management

 
 
By Andrew Garcia  |  Posted 2011-01-11
 
 
 

Google Chrome Leverages Active Directory for Centralized Deployment and Management

by Andrew Garcia

Google Chrome Leverages Active Directory for Centralized Deployment and Management

MSI Installer

The new Chrome MSI installer package can be deployed using standard windows management software, like Active Directory Group Policy.

MSI Installer

Install at Reboot

After creating a Group Policy-based installation rule, I issued a policy refresh (above). Chrome installed successfully after the next client reboot.

Install at Reboot

Rip and Replace

The new installation recognizes and removes any pre-existing versions of Chrome installed within user profiles. The users bookmarks and passwords are migrated to the new instance.

Rip and Replace

Administrative Templates

Google offers both ADM and ADMX versions of the Chrome Administrative Templates, which can be used to centrally configure Chrome behavior. Each kind of template includes 36 different policies at this time.

Administrative Templates

Create GPO and Link

To apply Chrome policies, I created a new OU (Organizational Unit) in Active Directory, moved the managed clients to that container, then created a new Group Policy which I applied to the container.

Create GPO and Link

Changing Search Provider

Administrators can change the default search provider in Chrome. Here I set the policy to use Bing instead of Google (top), allowing me to search from the link bar (middle).

Changing Search Provider

Blocking Extensions

Administrators can easily issue a blanket blacklist to deny users the ability to install browser extensions. Blacklisting individual extensions requires more work—finding the extension ID (top left) and creating the blacklist policy (top right). At bottom, the policy is enforced.

Blocking Extensions

Password Controls

By policy, I could allow or deny the ability for the browser to offer to save passwords. When allowed, I could further block the users ability to see saved passwords in clear text. The circle (left) shows where the option would exist, sans blocking policy.

Password Controls

Rocket Fuel