Forum Discussion
Blocking chrome extensions but whitelist specific ones
- Oct 15, 2021You could try to download this admx file (just uploaded it)
https://github.com/Call4cloud/Enrollment/blob/main/DU/ADMX/chromeadmx.xml
And try to ingest that one... to see what happens?
- Oct 16, 2021Hi, created/updated my blog about it. Take a look at part 3 🙂
https://call4cloud.nl/2021/10/what-if-chrome-policies-are-failing/ - AB21805Oct 15, 2021Bronze Contributorahah so so many!
- Oct 15, 2021Nice to hear! .. now your next problem 😛
- AB21805Oct 15, 2021Bronze ContributorWorked perfectly! Thank you
- AB21805Oct 15, 2021Bronze Contributorjust trying now thanks
- Oct 15, 2021You could try to download this admx file (just uploaded it)
https://github.com/Call4cloud/Enrollment/blob/main/DU/ADMX/chromeadmx.xml
And try to ingest that one... to see what happens? - AB21805Oct 15, 2021Bronze ContributorDo I need to change something in the code? via policy
- Oct 15, 2021
Not sure if that the issue but i noticed the word: deprecatedpolicies... i guess I got an older admx?
- AB21805Oct 15, 2021Bronze Contributor
- Oct 15, 2021
Hi,
We need need to be sure if the admx that is delivered to the client has the ExtensionInstallBlacklist in it...
Could you check out this key:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\NodeCache\CSP\Device\MS DM Server\Nodes
Search for chrome... note down that number and use it like this
Get-ItemProperty -Path Registry::"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\NodeCache\CSP\Device\MS DM Server\Nodes\15026" | Select-Object "ExpectedValue" | Format-List * | Out-File c:\temp\chromeADMX.txtAnd open that txt and search for ExtensionInstallBlacklist
And if its in there .. try to search for ExtensionInstallBlacklist in that same nodes key.
- AB21805Oct 15, 2021Bronze Contributor
Rudy_Ooms_MVP Any ideas one what I can try?
- AB21805Oct 14, 2021Bronze ContributorHi think I found the correct one MDM ConfigurationManager: Command failure status. Configuration Source ID: (2F8AAF4A-BBC7-4009-A02F-27F93C36E6DA), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallBlacklist), Result: (The system cannot find the file specified.).
- Oct 14, 2021There should be an error than in your intune mgt log and the device mgt event log
This error you were mentioning
/Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version
is not the one you are looking for, this one is due to the detect if a certain patch is present on Windows if i am not mistaken - AB21805Oct 14, 2021Bronze ContributorI did try this before and same thing! So annoying ha. Is it worth doing it the JSON way?
Although I am unsure how to even ad the JSON via intune