New Profile-GPO not working like expected

Iron Contributor

Setting https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#browseraddprofileenabled should also prevent creation new profiles from edge://settings/profiles

17 Replies

Totally agree. And the documentation even states:

 

Allows users to create new profiles, using the Add profile option. If you enable this policy or don't configure it, Microsoft Edge allows users to use Add profile on the Identity flyout menu or the Settings page to create new profiles.

If you disable this policy, users cannot add new profiles from the Identity flyout menu or the Settings page.

 

Yet the settings page still allows the creation of new profiles.

Discovered the same issue here.

@Thilo Langbein Having the same issues, did you make any progress on this?

 

Also policy "Block access to a list of URLs" doesn't work with edge://settings/profiles

 

I use a similar policy in chrome and it functions correctly. 

@AJParker I think this issue is fixed in newer edge version (beta channel). 80+ or so.

@Thilo Langbein Re: BrowserAddProfileEnabled

I'm experiencing the same issue. Any news on whether that will be fixed?

Beta Channel is already fixed.

@Thilo Langbein The error in BrowserAddProfileEnabled? That's great! Thanks for letting me know.

Possibility to delete (create new) Profile is also a problem for us. Because then there is the a new path under %LOCALAPPDATA%.

@Thilo Langbein Just checked: With ForceEphemeralProfiles that doesn't happen. But without the ephemeral profiles each time I delete an Edge profile I'm getting new profile folders in C:\Users\username\AppData\Local\Microsoft\Edge\User Data if that is the path you meant.

@Thilo Langbein I've got 80.0.361.50 and the new admx installed: "add profile" is gone. "delete" (which also creates a new profile) is still there. So my problem is fixed (yay!) but not all of yours.

@abadiya 

Yes, I want to have "Delete profile" also gone.

@Thilo Langbeinand @abadiya , can this setting help you?

 
 

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#nonremovableprofileenabled

 

This creates a non removable profile with the work- or schoolaccount….

@Matthias Vandenberghe 

But we don't use a microsoft school- or work account.

@Thilo Langbein, ok I understand... I was under the impression you had, since it was posted in the "enterprise" board....
Then I don't know how to work around it....
Anyway, what is the reason you would like to remove the "delete" option?
You can also force the users to sign in...

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#browsersignin 

I guess they will at least have one profile....

@Matthias Vandenberghe 

 

We cannot use AAD. Our computers (on prem) domain-joined and users should get one default browser profile (C:\Users\<user>\AppData\Local\Microsoft\Edge\User Data) on first run and should stay with that profile.

Inside Edge-UI users should not able to delete (recreate) this profile. What exactly you mean with "signing into the browser"?

 

@Thilo Langbein 

Signin: you can choose to signin with a Microsoft account in the browser profile. This way you can sync your settings.

 

Why wouldn't they be allowed to recreate this default profile? If you set policies, or even a master_preferences file, I don't see the problem or the harm of recreating this profile...

If you don't like using GPO, you can even set the configuration using Configuration Items and Baselines via SCCM.

If you don't have that, you can use a custom installation script to put the registry keys for the settings. Since it is in the HKLM Policy hive, users have no write permissions.

 

On top of that, the profile is stored in a userprofile writeable directory. Just delete the userdata folder, and voila, you have a new profile....

On profile creation a new "Profile 1" folder is created under C:\Users\<UserID>\AppData\Local\Microsoft\Edge\User Data

 

But we sync Bookmarks file from C:\Users\<UserID>\AppData\Local\Microsoft\Edge\User Data\Default which is then not use anymore.

 

So, our users browser profile must stay under C:\Users\<UserID>\AppData\Local\Microsoft\Edge\User Data\Default