Forum Discussion

AB21805's avatar
AB21805
Bronze Contributor
Oct 05, 2021
Solved

Blocking chrome extensions but whitelist specific ones

Hi all,

 

Im having issues white listing specific extensions and also blocking others too! 

Iv added the Chrome ADMX and have force deploy on specific apps  which is working but below are the config for the ones that dont work

 

Blocking

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallBlacklist

 

String: 

<enabled/> <data id="ExtensionInstallBlacklistDesc" value="1&#xF000;*"/>

 

Whitelisting

 

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallWhitelist

 

String: <enabled/> <data id="ExtensionInstallWhitelistDesc" value="1&#xF000;alhngdkjgnedakdlnamimgfihgkmenbh&#xF000;2&#xF000;jbldkhfglmgeihlcaeliadhipokhocnm"/>

 

(I used this link: https://www.inthecloud247.com/manage-google-chrome-settings-with-microsoft-intune/ )

 

 Please help!

 

 

Azure Friday
Conditional Access
Graph API
Intune
Mobile Application Management (MAM)
mobile device management (mdm)
Software Management

33 Replies

Sort By
  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Oct 12, 2021

    AB21805 

     

    Hi,

     

    Just pushed this config to my test tenant

     

     

    It looks like its working at my side without any issue... 

     

     

    Could you check out your chrome admx it contains this part and if it arrived at your device (policymanager /registry)

     

    <policy class="Both" displayName="$(string.ExtensionInstallBlacklist)" explainText="$(string.ExtensionInstallBlacklist_Explain)" key="Software\Policies\Google\Chrome" name="ExtensionInstallBlacklist" presentation="$(presentation.ExtensionInstallBlacklist)">
    <parentCategory ref="Extensions"/>
    <supportedOn ref="SUPPORTED_WIN7"/>
    <elements>
    <list id="ExtensionInstallBlacklistDesc" key="Software\Policies\Google\Chrome\ExtensionInstallBlacklist" valuePrefix=""/>
    </elements>
    </policy>

     

    • AB21805's avatar
      AB21805
      Bronze Contributor
      Oct 13, 2021

      Hi Rudy_Ooms_MVP 

       

      So I have checked the ADMX and all is there: 

       

      Here is the policy I set for blacklist too:

       

       

      Here is the registry via the device: 

       

       

      Any ideas where Im going wrong? Is it best we do this via powershell or is it clear where I have made a mistake? 

       

      Thanks again for your continued help

       

      • Rudy_Ooms_MVP's avatar
        Rudy_Ooms_MVP
        MVP
        Oct 13, 2021

        AB21805 

        Hi could you also post the out put  of this key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Chrome~Policy~googlechrome~Extensions

         

        like

         

         

        And this one \PolicyManager\Providers\762C2E7F-8C25-4E9E-AA57-D6E805C0E451\default\Device\Chrome~Policy~googlechrome~Extensions

         

        And this key \SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist

         

         

         

         

  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Oct 12, 2021
    I totally forgot... I am creating the configu policies like you did right now to take a look (I really need a todo list.. but than again sometimes i am totally digged into a subject i don't look at my calender i guess)
  • Rudy_Ooms_MVP's avatar
    Rudy_Ooms_MVP
    MVP
    Oct 06, 2021
    hi,

    Are you receiving any specific errors when looking at the device management enterprise event log?

Resources