Chrome ExtensionInstallForcelist - Help
Paul Knotts
ExtensionInstallForcelist
Configure the list of force-installed apps and extensions
Data type:
List of strings
Windows registry location:
Software\Policies\Chromium\ExtensionInstallForcelist
Mac/Linux preference name:
ExtensionInstallForcelist
Supported on:
· Chromium (Linux, Mac, Windows) since version 9
· Chromium OS (Chromium OS) since version 11
Supported features:
Dynamic Policy Refresh: Yes, Per Profile: Yes
Description:
Specifies a list of apps and extensions that are installed silently, without user interaction, and which cannot be uninstalled by the user. All permissions requested by the apps/extensions are granted implicitly, without user interaction, including any additional permissions requested by future versions of the app/extension. Furthermore, permissions are granted for the enterprise.deviceAttributes and enterprise.platformKeys extension APIs. (These two APIs are not available to apps/extensions that are not force-installed.)
This policy takes precedence over a potentially conflicting ExtensionsInstallBlacklist policy. If an app or extension that previously had been force-installed is removed from this list, it is automatically uninstalled by Chromium.
For Windows instances that are not joined to an Active Directory domain, forced installation is limited to apps and extensions listed in the Chrome Web Store.
Note that the source code of any extension may be altered by users via Developer Tools (potentially rendering the extension dysfunctional). If this is a concern, the DeveloperToolsDisabled policy should be set.
Each list item of the policy is a string that contains an extension ID and an "update" URL separated by a semicolon (;). The extension ID is the 32-letter string found e.g. on chrome://extensions when in developer mode. The "update" URL should point to an Update Manifest XML document as described at https://developer.chrome.com/extensions/autoupdate. Note that the "update" URL set in this policy is only used for the initial installation; subsequent updates of the extension employ the update URL indicated in the extension's manifest.
For example, gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx installs the Chrome Remote Desktop app from the standard Chrome Web Store "update" URL. For more information about hosting extensions, see: https://developer.chrome.com/extensions/hosting.
If this policy is left not set, no apps or extensions are installed automatically and the user can uninstall any app or extension in Chromium.
Example value:
Windows:
Software\Policies\Chromium\ExtensionInstallForcelist\1 = "gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx"
Bartosz Fabianowski
configured are for Chromium.
What does chrome://policy say for your user?
On 11/06/2015 07:59 PM, Paul Knotts wrote:
> I am attempting to install a Chrome extension on Windows machines using
> group policy (the user's are denied access to the Chrome store by
> enterprise policy).
>
> The documentation is vague, but I have developed a reg file to test
> before actually deploying through group policy.
>
> [HKEY_LOCAL_MACHINE\Software\Policies\Chromium\ExtensionInstallForcelist]
> "1"="hehijbfgiekmjfkfjpbkbammjbdenadd;https://clients2.google.com/service/update2/crx"
>
> Additionally, I am also adding the extension ID to the
> ExtensionInstallWhitelist in HKCU.
>
> The extension is not appearing for my test user. Any recommendations?
>
> Here is the documentation provided by Google:
>
> Configure the list of force-installed apps and extensions
>
>
> List of strings
>
> *Windows registry location:*
>
> Software\Policies\Chromium\ExtensionInstallForcelist
>
> *Mac/Linux preference name:*
>
> ExtensionInstallForcelist
>
> *Supported on:*
>
> ·Chromium (Linux, Mac, Windows) since version 9
> ·Chromium OS (Chromium OS) since version 11
>
> Dynamic Policy Refresh: Yes, Per Profile: Yes
>
> Windows:
>
> Software\Policies\Chromium\ExtensionInstallForcelist\1 =
> "gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx"
>
> --
> Chromium Discussion mailing list: chromium...@chromium.org
> View archives, change email options, or unsubscribe:
> http://groups.google.com/a/chromium.org/group/chromium-discuss
>
Paul Knotts
In that case, would I substitute the Chrome key where Chromium is specified?
The Whitelist is the only policy currently deployed, and that displays as expected. I will deploy the Forcelist as soon as I get the regkeys correct.
Bartosz Fabianowski
> I am configuring for Chrome.
> In that case, would I substitute the Chrome key where Chromium is specified?
https://www.chromium.org/administrators/policy-templates
> The Whitelist is the only policy currently deployed, and that displays
> as expected. I will deploy the Forcelist as soon as I get the regkeys
> correct.
without whitelisting it.
> initial
> > installation; subsequent updates of the extension employ the
> update URL
> > indicated in the extension's manifest.
> >
> > For example,
> >
> gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx
> <https://clients2.google.com/service/update2/crx>
> > installs the Chrome Remote Desktop app from the standard Chrome Web
> > Store "update" URL. For more information about hosting
> extensions, see:
> > https://developer.chrome.com/extensions/hosting
> > If this policy is left not set, no apps or extensions are installed
> > automatically and the user can uninstall any app or extension in
> Chromium.
> >
> > *Example value:*
> >
> > Windows:
> >
> > Software\Policies\Chromium\ExtensionInstallForcelist\1 =
> >
> "gbchcmhmhahfdphkhkmpfmihenigjmpp;https://clients2.google.com/service/update2/crx
> <https://clients2.google.com/service/update2/crx>"
> >
> > --
> > --
> > Chromium Discussion mailing list: chromium...@chromium.org
> > http://groups.google.com/a/chromium.org/group/chromium-discuss