Manage Chrome browser with Windows device management

For administrators who manage Chrome browser on Windows for a business or school.

As an administrator, you can use custom settings to configure Chrome browser settings on your organization’s Microsoft Windows 10 devices. You first set a custom setting to allow Chrome on the managed devices to accept policy settings, then you set a custom setting for each Chrome policy.

Step 1: Ingest the Chrome ADMX file into your Google Admin console

Get the Chrome ADMX file contents:

  1. On a Windows device, download the Chrome ADMX templates.
  2. In a text editor, open C:\Users\username\Downloads\template\windows\admx\chrome.admx and copy the contents.

Set up a custom setting for ingesting the Chrome ADMX policy:

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile and endpointsand thenSettingsand thenWindows.
  3. Click Custom settings.
  4. Click Add a custom setting.
  5. Enter text into the fields:
    • Name
      Chrome ADMX Ingestion
    • OMA-URI
      ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Chrome/Policy/ChromeAdmx
    • Data type
      String (select from drop-down list)
    • Value
      Enter the text from chrome.admx
    • Description (optional)
      Enter a description
  6. Click Next.
  7. Choose the organizational unit to apply the policy to.
  8. Click Apply.

Step 2: Add a custom setting for each Chrome policy

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. In the Admin console, go to Menu and then Devicesand thenMobile and endpointsand thenSettingsand thenWindows.
  3. Click Custom settings.
  4. Click Add a custom setting.
  5. Enter text into the fields, following the examples below for the type of policy you’re implementing. For a complete list of available policies, go to the Chrome Enterprise policy list.
    Note: The OMA-URI field does not automatically populate Chrome browser policies because they are ADMX based.
  6. Click Next.
  7. Choose the organizational unit to apply the policy to.
  8. Click Apply.

Example A: Enable home button

  • Name
    Chrome – ADMX – ShowHomeButton
  • Description
    Enable the home button
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome*~Startup*/ShowHomeButton
  • Data type
    String
  • Value
    <enabled/>

Example B: Configure URL for homepage button

  • Name
    Chrome – ADMX – HomepageLocation
  • Description
    Configure the URL the homepage button opens
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome*~Startup*/HomepageLocation
  • Data type
    String
  • Value
    <enabled/>

Example C: Enable site isolation

  • Name
    Chrome – ADMX – SitePerProcess
  • Description
    Enable Site Isolation
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/SitePerProcess
  • Data type
    String
  • Value
    <enabled/>

Example D: Set application locale value

  • Name
    Chrome – ADMX – ApplicationLocaleValue
  • Description
    Application locale
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ApplicationLocaleValue
  • Data type
    String
  • Value
    <enabled/>
    <data id="ApplicationLocaleValue" value="de"/>

Example E: Set URL blocklist

  • Name
    Chrome – ADMX – URLBlacklist
  • Description
    List of URLs to deny
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/URLBlacklist
  • Data type
    String
  • Value
    <enabled/>
    <data id="URLBlacklistDesc" value="1&#xF000;http://xyz.com&#xF000;2&#xF000;http://abc.com"/>

    Important: Use &#xF000; as the separator between key-value pairs.

Example F: Allow specific extensions

  • Name
    Chrome – ADMX – ExtensionInstallWhitelist
  • Description
    Allow specific extensions
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome*~Startup*/ExtensionInstallWhitelist
  • Data type
    String
  • Value
    <enabled/>

Example G: Block all extensions

  • Name
    Chrome – ADMX – ExtensionInstallBlacklist
  • Description
    Extension blocklist
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome~Extensions/ExtensionInstallBlacklist
  • Data type
    String
  • Value
    <enabled/>
    <data id="ExtensionInstallBlacklistDesc" value="1&#xF000;*"/>

    Important: Use &#xF000; as the separator between key-value pairs.

Example H: Manage Bookmarks

  • Name
    Chrome – ADMX – ManagedBookmarks
  • Description
    Managed Bookmarks
  • OMA-URI
    ./Device/Vendor/MSFT/Policy/Config/Chrome~Policy~googlechrome/ManagedBookmarks
  • Data type
    String
  • Value
    <enabled/>
    <data id='ManagedBookmarks' value='[
      {"toplevel_name":"Company Bookmarks"},
       {"url":"solarmora.com","name":"Solarmora Company"},
       {"url":"blogs.altostrat.com","name":"Favorite blogs"},
      {"name":"Email services","children":[
        {"url":"your-company.com","name":"An email service"},
        {"url":"other-company.com","name":"Another email service"}]}]'/>

    Important: Use double quotes on the inner values and single quotes on the outer values.

Step 3: Confirm that the policy is set

After you apply any Chrome policies, users need to restart Chrome browser for the settings to take effect. You can check users’ devices to make sure the policy was applied correctly.

  1. On a managed device, open Chrome browser.
  2. In the address bar, enter chrome://policy.
  3. Click Reload policies.
  4. Verify that the policy you set is enabled.

Step 4: (Optional) Configure other templates

In addition to managing the Chrome browser following the steps above, you can ingest and configure other templates, such as Google Updater, and Chrome Beta Policy Templates.

To use these templates, first you need to download them. Then, similar to Step 2 above, add new custom settings.

Troubleshooting

  • If the custom policy you set isn’t in your list of Chrome policies, make sure that you allowed adequate time for the policy to propagate on the managed device. It can take up to 3 hours for policies to apply to devices with internet connection. To force a policy sync, on the device open Settings and find Managed by Google. Manually sync the device twice then check the policies again.
  • To verify that the policy is in the registry, in the Run box enter regedit to open the Registry Editor in Windows 10. Verify that the correctly defined policy is visible at HKLM\Software\Policies\Google\Chrome. If it’s not visible, it means the policy is not pushed correctly.
  • Make sure you've typed the OMA-URI correctly and ensure that the value is correct XML. If you get any of these wrong, an error message won't appear, but the policy won't be enforced on your users machines.

Related topics

Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
16662492988275591903
true
Search Help Center
true
true
true
true
true
410864
false
false