SOLVED

How to block incognito mode on chrome via intune

Steel Contributor

Hi all,

 

I have tried to block chrome incognito mode

 

I have tried this 

 

OMA-URL: ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/IncognitoModeAvailability

 

value: <enabled/>
<data id=”IncognitoModeAvailability” value=”1” />

 

Please help!

11 Replies
Maybe a stupid question... but did you ingest the admx also ?
What happens when you target the user instead of device? I have seen in it in the past, that some times the device selection just won't work while configuring this setting.

Did you take a look on what the deviceenterprisemgt eventlog has to say?

Hi @Rudy_Ooms_MVP 

 

Yes I have added the ADMX. Incognito is literally the only one that doesn't seem to work. 

 

Screenshot 2021-08-03 at 9.57.15 AM.png

 

I have tried to target the user too but no luck! Is this possible an alternative way like using powershell? 

 

I just dont get where im going wrong

 

 

You could try to add a powershell script which adds the 32-Bit DWORD value IncognitoModeAvailability
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
What would I actually put in the script?

Thanks for your continued support Rudy
I did try this

New-ItemProperty -Path "HKCU:\Software\Policies\Google\Chrome" -Name "IncognitoModeAvailability" -Value ”1”  -PropertyType "REG_DWORD"

But no luck
best response confirmed by AB21805 (Steel Contributor)
Solution
SOmething like this: (created it on my iphone so... no guarantees :p )

$reg = Get-Itemproperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome" -Name IncognitoModeAvailability | out-null
if(-not($reg)){

New-Itemproperty -path "HKLM:\\SOFTWARE\Policies\Google\Chrome" -name "IncognitoModeAvailability" -value "2"
} else
{
Set-ItemProperty -path "HKLM:\\SOFTWARE\Policies\Google\Chrome" -name "IncognitoModeAvailability" -value "2"
}
I will try tomorrow and let you know. Thank you!
Hi Rudy,

This didnt work. I tried it manually on the device first but no luck! Any ideas?
the error I am getting is "new-itemproperty : requested registry access is not allowed"
Ignore me this worked! I had to change value to 1 to block it. Thank you so much for your help!

Your OMA values were correct my friend. You only needed to modify the quotes. They should all have been " and not @AB21805 

1 best response

Accepted Solutions
best response confirmed by AB21805 (Steel Contributor)
Solution
SOmething like this: (created it on my iphone so... no guarantees :p )

$reg = Get-Itemproperty -Path "HKLM:\SOFTWARE\Policies\Google\Chrome" -Name IncognitoModeAvailability | out-null
if(-not($reg)){

New-Itemproperty -path "HKLM:\\SOFTWARE\Policies\Google\Chrome" -name "IncognitoModeAvailability" -value "2"
} else
{
Set-ItemProperty -path "HKLM:\\SOFTWARE\Policies\Google\Chrome" -name "IncognitoModeAvailability" -value "2"
}

View solution in original post