Forum Discussion
Blocking chrome extensions but whitelist specific ones
Hi all,
Im having issues white listing specific extensions and also blocking others too!
Iv added the Chrome ADMX and have force deploy on specific apps which is working but below are the config for the ones that dont work
Blocking
./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallBlacklist
String:
<enabled/> <data id="ExtensionInstallBlacklistDesc" value="1*"/>
Whitelisting
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallWhitelist
String: <enabled/> <data id="ExtensionInstallWhitelistDesc" value="1alhngdkjgnedakdlnamimgfihgkmenbh2jbldkhfglmgeihlcaeliadhipokhocnm"/>
(I used this link: https://www.inthecloud247.com/manage-google-chrome-settings-with-microsoft-intune/ )
Please help!
- You could try to download this admx file (just uploaded it)
https://github.com/Call4cloud/Enrollment/blob/main/DU/ADMX/chromeadmx.xml
And try to ingest that one... to see what happens?
33 Replies
Hi,
Just pushed this config to my test tenant
It looks like its working at my side without any issue...
Could you check out your chrome admx it contains this part and if it arrived at your device (policymanager /registry)
<policy class="Both" displayName="$(string.ExtensionInstallBlacklist)" explainText="$(string.ExtensionInstallBlacklist_Explain)" key="Software\Policies\Google\Chrome" name="ExtensionInstallBlacklist" presentation="$(presentation.ExtensionInstallBlacklist)">
<parentCategory ref="Extensions"/>
<supportedOn ref="SUPPORTED_WIN7"/>
<elements>
<list id="ExtensionInstallBlacklistDesc" key="Software\Policies\Google\Chrome\ExtensionInstallBlacklist" valuePrefix=""/>
</elements>
</policy>- AB21805Bronze Contributor
So I have checked the ADMX and all is there:
Here is the policy I set for blacklist too:
Here is the registry via the device:
Any ideas where Im going wrong? Is it best we do this via powershell or is it clear where I have made a mistake?
Thanks again for your continued help
Hi could you also post the out put of this key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Chrome~Policy~googlechrome~Extensions
like
And this one \PolicyManager\Providers\762C2E7F-8C25-4E9E-AA57-D6E805C0E451\default\Device\Chrome~Policy~googlechrome~Extensions
And this key \SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist
- I totally forgot... I am creating the configu policies like you did right now to take a look (I really need a todo list.. but than again sometimes i am totally digged into a subject i don't look at my calender i guess)
- hi,
Are you receiving any specific errors when looking at the device management enterprise event log?- AB21805Bronze Contributor