Forum Discussion
AB21805
Oct 05, 2021Bronze Contributor
Blocking chrome extensions but whitelist specific ones
Hi all, Im having issues white listing specific extensions and also blocking others too! Iv added the Chrome ADMX and have force deploy on specific apps which is working but below are the conf...
- Oct 15, 2021You could try to download this admx file (just uploaded it)
https://github.com/Call4cloud/Enrollment/blob/main/DU/ADMX/chromeadmx.xml
And try to ingest that one... to see what happens?
AB21805
Oct 14, 2021Bronze Contributor
Oct 14, 2021
What happens when you create a separate policy/csp for it?
- Oct 16, 2021Hi, created/updated my blog about it. Take a look at part 3 🙂
https://call4cloud.nl/2021/10/what-if-chrome-policies-are-failing/ - AB21805Oct 15, 2021Bronze Contributorahah so so many!
- Oct 15, 2021Nice to hear! .. now your next problem 😛
- AB21805Oct 15, 2021Bronze ContributorWorked perfectly! Thank you
- AB21805Oct 15, 2021Bronze Contributorjust trying now thanks
- Oct 15, 2021You could try to download this admx file (just uploaded it)
https://github.com/Call4cloud/Enrollment/blob/main/DU/ADMX/chromeadmx.xml
And try to ingest that one... to see what happens? - AB21805Oct 15, 2021Bronze ContributorDo I need to change something in the code? via policy
- Oct 15, 2021
Not sure if that the issue but i noticed the word: deprecatedpolicies... i guess I got an older admx?
- AB21805Oct 15, 2021Bronze Contributor
- Oct 15, 2021
Hi,
We need need to be sure if the admx that is delivered to the client has the ExtensionInstallBlacklist in it...
Could you check out this key:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\NodeCache\CSP\Device\MS DM Server\Nodes
Search for chrome... note down that number and use it like this
Get-ItemProperty -Path Registry::"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\NodeCache\CSP\Device\MS DM Server\Nodes\15026" | Select-Object "ExpectedValue" | Format-List * | Out-File c:\temp\chromeADMX.txtAnd open that txt and search for ExtensionInstallBlacklist
And if its in there .. try to search for ExtensionInstallBlacklist in that same nodes key.
- AB21805Oct 15, 2021Bronze Contributor
Rudy_Ooms_MVP Any ideas one what I can try?
- AB21805Oct 14, 2021Bronze ContributorHi think I found the correct one MDM ConfigurationManager: Command failure status. Configuration Source ID: (2F8AAF4A-BBC7-4009-A02F-27F93C36E6DA), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallBlacklist), Result: (The system cannot find the file specified.).
- Oct 14, 2021There should be an error than in your intune mgt log and the device mgt event log
This error you were mentioning
/Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version
is not the one you are looking for, this one is due to the detect if a certain patch is present on Windows if i am not mistaken - AB21805Oct 14, 2021Bronze ContributorI did try this before and same thing! So annoying ha. Is it worth doing it the JSON way?
Although I am unsure how to even ad the JSON via intune