Applies for managed Chrome browsers on Windows.
As an administrator, you can monitor Chrome browser on your users’ Microsoft Windows computers by installing the Chrome Reporting Extension. With the extension, you can monitor health indicators, usage behavior, and security events.
What you can monitor
You can monitor the resource consumption of the Chrome browser, signed-in status, connectivity, usage patterns, and browsing behavior. For more details, see Review and troubleshoot reports on this page.
The extension data is stored in a structured log file in JSON format. You can use a common enterprise data-mining tool, such as Splunk or Microsoft System Center Configuration Manager (SCCM), to ingest and parse the data.
Install the reporting extension
- Use the Group Policy Management Editor to force-install the Chrome Reporting Extension. See detailed steps for force-installing the extension.
- Download the Chrome Reporting Extension MSI.
- Deploy the MSI package using your preferred software.
- Download the ADMX templates to turn on or off real-time reporting.
- Check that the %LOCALAPPDATA%\Google\ChromeReporting path was created to verify MSI installation.
- Verify the extension was installed on users’ computers. The Chrome Web Store ID is emahakmocgideepebncgnmlmliepgpgb.
Manage extension data
Data collection locationOnce installed and active, the extension collects data and stores it in a file located in %LOCALAPPDATA%\Google\ChromeReporting
. The file is constantly updated with new data. We recommend removing the file after it’s ingested or using a log-rotation tool to rename the file and split logging intervals.
In addition to the reporting extension, error reporting for Chrome browser can also be found in the System Event Log. You can gather the data labeled chrome in this log to review other events. This data is not copied in the reporting extension file to avoid duplication.
The log file is updated once per minute at most. How often data is collected depends on the activity.
- Data that doesn’t frequently change is collected once when a user starts Chrome browser or every 24 hours if the browser is left running.
- Data that frequently changes, such as resource consumption, is gathered every hour.
- User browsing behavior is aggregated at one-hour intervals.
- Changes to the extension and browser sign-in status are updated immediately when the event happens.
Review and troubleshoot reports
Extensions and plugins
List of installed Chrome Extensions
Description: Extensions running on your users' devices, including version, any permissions needed, and installation source.
Used to: Detect anomalies and potential security risks. For example, you can:
- Investigate force-installed extensions that are disabled. You can search for reports with type == "admin" and enabled == false. A force-installed extension that’s disabled can signal file corruption, malicious software, or users actively trying to prevent an extension from operating.
- Locate programs that are not approved by your organization. You can find unpacked extensions installed from disk by searching for "developer" or "sideload".
- Look for extensions that require wide or security-relevant permissions, such as extensions that request access to http://*/* or webRequestAPI. You can search for the permissions properties in the list of extensions in your report.
List of installed Plugins
Description: Installed plugins, such as Adobe PDF viewer or PNaCl plugins.
Used to: Audit the plugins used in your organization. You can block any plugins that violate your organization's security policies.
Machine data
Machine name
Description: Name of the machine. This information can be considered Personally Identifiable Information (PII) and should be handled with care.
Used to: Uniquely pinpoint machines that need troubleshooting or are experiencing issues. It can also help with compliance or corporate policy investigations.
Network connectivity
Description: Information about the IP address, LAN, and internet status.
Used to: Diagnose issues with the network configuration of the browser. For example, you can use this information to diagnose proxy configuration problems or whether extensions interfere with network traffic.
OS and Chrome versions
Description: Operating system, version, and platform (x86, x64, or arm).
Used to: Diagnose issues that occur more frequently or exclusively on a particular operating system or browser version, or both.
Policy status
Description: Set of configured policies for Chrome.
Used to: Diagnose policy issues.
Telemetry data
Description: Metrics about how much CPU and memory Chrome browser uses.
Used to: Help plan system upgrades and analyze performance issues caused by the browser or particular websites used in your organization.
UMA metrics and crashes
Description: This User Metrics Analysis (UMA) data contains technical information used by the Chrome browser engineering team.
Used to: Debug Chrome crashes.
User data
Browsing History
Description: Aggregation (updated every hour) of the pages your users visit and the time they spend on each page.
Used to: Find which sites users spend the most time on, what errors they encounter, and whether any users are violating any internet-usage policies.
Signed-in status
Description: Information about which user is signed in to Chrome browser.
Used to: Identify users violating an internet-usage policy and verify the policy compliance of the Chrome browser installation.
User behavior
Description: Browser usage on a per-site basis. Make sure that this information is collected according to local laws and regulations.
Used to: Track your users’ usage of apps and sites.
Windows/AD current username
Description: Username of the currently signed-in user if they’re in your Active Directory domain. This information can be considered Personally Identifiable Information (PII) and should be handled with care.
Used to: Figure out if issues are due to a machine or a user. Can also aid in finding misformatted Group Policy Object (GPO) configurations.
Known issues
- Crashes are only gathered from the default profile location, which is %LOCALAPPDATA%\Google\Chrome\User Data\. If a custom directory is used, crashes will not be recorded. For this reason, you should turn on automatic crash reporting.
- No Google Safe Browsing data is gathered.
Google and related marks and logos are trademarks of Google LLC. All other company and product names are trademarks of the companies with which they are associated.