Oct 05 2021 05:48 AM
Hi all,
Im having issues white listing specific extensions and also blocking others too!
Iv added the Chrome ADMX and have force deploy on specific apps which is working but below are the config for the ones that dont work
Blocking
./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallBlacklist
String:
<enabled/> <data id="ExtensionInstallBlacklistDesc" value="1*"/>
Whitelisting
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallWhitelist
String: <enabled/> <data id="ExtensionInstallWhitelistDesc" value="1alhngdkjgnedakdlnamimgfihgkmenbh2jbldkhfglmgeihlcaeliadhipokhocnm"/>
(I used this link: https://www.inthecloud247.com/manage-google-chrome-settings-with-microsoft-intune/ )
Please help!
Oct 05 2021 11:05 PM
Oct 05 2021 11:33 PM
Oct 06 2021 12:05 AM
Oct 06 2021 12:21 AM
Oct 06 2021 03:15 AM
@Rudy_Ooms_MVP Hi, Any ideas? Or is it worth trying to do these via powershell/regedit instead?
Oct 06 2021 03:23 AM
Oct 06 2021 03:26 AM
Oct 12 2021 02:25 AM
Oct 12 2021 06:41 AM
Oct 12 2021 08:23 AM
Hi,
Just pushed this config to my test tenant
It looks like its working at my side without any issue...
Could you check out your chrome admx it contains this part and if it arrived at your device (policymanager /registry)
<policy class="Both" displayName="$(string.ExtensionInstallBlacklist)" explainText="$(string.ExtensionInstallBlacklist_Explain)" key="Software\Policies\Google\Chrome" name="ExtensionInstallBlacklist" presentation="$(presentation.ExtensionInstallBlacklist)">
<parentCategory ref="Extensions"/>
<supportedOn ref="SUPPORTED_WIN7"/>
<elements>
<list id="ExtensionInstallBlacklistDesc" key="Software\Policies\Google\Chrome\ExtensionInstallBlacklist" valuePrefix=""/>
</elements>
</policy>
Oct 13 2021 01:14 AM
So I have checked the ADMX and all is there:
Here is the policy I set for blacklist too:
Here is the registry via the device:
Any ideas where Im going wrong? Is it best we do this via powershell or is it clear where I have made a mistake?
Thanks again for your continued help
Oct 13 2021 03:24 AM - edited Oct 13 2021 03:26 AM
Hi could you also post the out put of this key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Chrome~Policy~googlechrome~Extensions
like
And this one \PolicyManager\Providers\762C2E7F-8C25-4E9E-AA57-D6E805C0E451\default\Device\Chrome~Policy~googlechrome~Extensions
And this key \SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist
Oct 13 2021 07:09 AM
The first screenshot I have:
Second and third I cant seen to find exactly what you want but here are the screnshots:
Any ideas?
Oct 13 2021 07:14 AM
Oct 13 2021 07:19 AM
Oct 13 2021 07:52 AM
@AB21805 For our extension management in Edge (and Chrome) we use the "Configure extension management settings" option containing a JSON with the all extensions blocked and then the individual ones we want available listed with either "force_installed" for those we want installed and not touchable by the user, "allowed" for those that user can go and install from the Edge store (and/or Chrome store) and "normal_installed" for those that we pre-install but the user can enable/disable as needed. We've found this handles extensions overall better than using the separate settings entries.
Below is our JSON as an example and here's the documentation link (and this is also included in Intune): https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#configure-extension-management-s...
|
Oct 13 2021 09:42 AM
Oct 14 2021 12:34 AM
Oct 14 2021 12:48 AM
Oct 15 2021 02:30 AM
Solution