Configure ExtensionSettings policy

Applies to managed Chrome browsers on Windows, Mac, and Linux.

The ExtensionSettings policy controls multiple settings, including settings that are controlled by existing extension-related policies. The ExtensionSettings policy overrides those policies if they're also set.

To apply custom policies for an individual extension, use the extension ID. Use the * value to set the default policy for all extensions that you haven’t set custom configurations for.

To find an app or extension ID:

  1. Open the Chrome Web Store.
  2. Find and select the app or extension you want.
  3. Look at the URL. The ID is the long string of characters at the end of the URL.
    For example, gmbgaklkmjakoegficnlkhebmhkjfich is the ID for Google Calendar.

The ExtensionSettings policy can contain the fields listed in the table.

Field Description and settings

allowed_types

Can be used only to configure the default configuration, *.

Specifies what types of app or extension users are allowed to install on Chrome browser. Choose one or more of the following options:

blocked_install_message

If you block users from installing certain extensions, you can specify a custom message to display in the browser if users try to install them.

Append text to the generic error message that is displayed on the Chrome Web Store. For example, you can tell users how to contact their IT department or why a particular extension is unavailable. The message can be up to 1,000 characters long.

blocked_permissions

Prevents users from installing and running extensions that request certain API permissions that your organization doesn’t allow. For example, you can block extensions that access cookies.

If an extension requires a permission that you blocked, the user can’t install it. If users previously installed the extension, it will no longer load. If an extension contains a blocked permission as an optional requirement, it installs as usual. Then, while the extension is running, blocked permissions are automatically declined.

For a list of available permissions, see the Chrome developer site.

file_url_navigation_allowed

Chrome browser version 119 and later

Allows extensions to navigate to specified file URLs.

installation_mode

Controls if and how extensions that you specify are added to Chrome browser. You can set the installation mode to:

  • allowed—Users can install the extension. If no installation mode is defined, this is the default.
  • blocked—Users can’t install the extension.
  • force_installed—Automatically install the extension without user interaction. Users can’t remove it. You also need to define the extension download location using update_url.
    Note: You can’t use * to set the default configuration. Chrome browser wouldn't know which extension to automatically install.
  • normal_installed—Automatically install the extension without user interaction. Users can disable it. You also need to define the extension download location using update_url.
    Note: You can’t use * to set the default configuration. Chrome browser wouldn't know which extension to automatically install.
  • removed(Chrome version 75 or later) Users can’t install the extension. If users previously installed the extension, Chrome browser removes it.

install_sources

Can be used only to configure the default configuration, *.

Specifies which URLs are allowed to install extensions. You need to allow the location of the *.crx file and the page where the download starts from, the referrer.

For URL pattern examples, see the Chrome developer site.;

minimum_version_required

Chrome browser disables extensions, including force-installed extensions, with a version older than the specified minimum version.

The format of the version string is the same as the one used in the extension manifest. For details, see Chrome developer documentation.

update_url

Applies only to force_installed and normal_installed.

Specifies where Chrome browser should download an extension.

If the extension is hosted in the Chrome Web Store, enter https://clients2.google.com/service/update2/crx.

Chrome browser uses the URL that you specify for the initial extension installation. For subsequent extension updates, Chrome browser uses the URL in the extension's manifest.
override_update_url

Specifies that Chrome uses the URL in the update_url field or the update URL specified in the ExtensionInstallForcelist policy for subsequent extension updates.

If this is not set or is set to false, Chrome uses the URL specified in the extension's manifest for updates instead.

runtime_allowed_hosts

Allows extensions to interact with specified websites, even if they’re also defined in runtime_blocked_hosts.

You can specify up to 100 entries. Additional entries are discarded.

The host pattern format is similar to match patterns except you can’t define the path. For example:

  • *://*.example.com

runtime_blocked_hosts

Prevent extensions from interacting with or modifying websites that you specify. Modifications include blocking javascript injection, cookie access, and web-request modifications.

You can specify up to 100 entries. Additional entries are discarded.

The host pattern format is similar to match patterns except you can’t define the path. For example:

  • *://*.example.com
toolbar_pin

Controls if the extension icon is pinned to the toolbar. You can set it to:

  • force_pinned—The extension icon is pinned to the toolbar and visible at all times. The user can't hide it in the extension menu.
  • default_unpinned—The extension starts hidden in the extension menu, and the user can pin it to the toolbar.

If you do not set this field, it defaults to the default_unpinned behavior.

Related topics

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
true
Search
Clear search
Close search
Google apps
Main menu
14650060386008052399
true
Search Help Center
true
true
true
true
true
410864
false
false