Deploying Google Chrome extensions using Group Policy

This article is about deploying Google Chrome extensions using Group Policy. Find out how to retrieve the extension ID and update URL.

Before reading this article, I recommend you to read the article Google Chrome on Citrix deep-dive to gain an in-depth understanding of all facets of Google Chrome for both Citrix and traditional environments.

Deploying Google Chrome extensions using Group Policy

A user can add extensions to the Chrome browser by downloading them from the Chrome Web Store:

Deploying Google Chrome extensions using Group Policy - Chrome Web Store

This works great for individual users, but what if you want to deploy an extension to a large number of users in your organization? The solution is to deploy the extension via Group Policy.

Deploying extensions via Group Policy consists of two parts:

  1. Retrieve the extension ID and the update URL of the Chrome extension
  2. Enable and configure Chrome extensions in a Group Policy

Retrieve the extension ID and update URL of the Chrome extension

To be able to add an extension to a Group Policy, two values need to be known: the extension ID and an "update" URL. These two values have to be entered as one string, but separated by a semicolon (;). For example, the concatenated string of the extension ID and update URL for the Office Online extension version 1.5.2. is as follows:


The first thing to do, is to manually install the extension directly from the Chrome Web Store on your (test) system. You need to do this, otherwise you will not be able to retrieve the ID and update URL.

Note: the URL of the Chrome extension also contains the extension's ID, so technically speaking you could copy it directly from the browser's address bar. Secondly, the update URL seems to be the same for all extensions, namely: What I am saying is that installing the extension on a (test) system is not absolutely necessary, but I still recommend it. At the very least, you will be able to test the extension before deploying it to your users and you can check if any additional settings (options) can be configured. You may want to inform your users about these additional options.

The extension ID can be retrieved by opening the extensions tab in Chrome. Either enter chrome://extensions in the address bar or open the extensions tab via the menu:

Deploying Google Chrome extensions using Group Policy - Chrome view extensions

Enable developer mode. Now the ID of each individual extension is shown.

Deploying Google Chrome extensions using Group Policy - Chrome view extensions and retrieve the ID

Copy this ID somewhere (for example in Notepad); you will need this information in the next step.

Chrome extensions are installed on a per-user basis. The installation directory is:

C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data\Default\Extensions

Deploying Google Chrome extensions using Group Policy - Chrome view extensions in file directory

The extension ID is equal to the name of the folder. Open the directory that corresponds with the ID of your extension, in our case ndjpnladcallmjemlbaebfadecfhkepb (= the ID of the Office Online extension). Open the subdirectory representing the version of the extension. In the root of this directory you should find the file manifest.json. Open this file in your favorite text editor (e.g. Notepad). Search for the string update_url. Here you will find the update URL:

Deploying Google Chrome extensions using Group Policy - Extension manifest.json update URL


Now you have the values you need. Copy them together in one string and make sure to separate them using a semicolon (as shown in the beginning of this paragraph):


In the following paragraph you will enter this string in a Group Policy setting.

Configure the Group Policy setting to deploy the Chrome extension

Before you continue reading, please make sure that you have imported the Google Chrome ADMX files in your environment as described in the section Using Microsoft Group Policies (preferred) in the article Google Chrome on Citrix deep-dive.

To force-install extensions, open your Group Policy Management console (dsa.msc) and go to User Configuration \ Administrative Templates \ Google\  Google Chrome \ Extensions. Go to the setting Configure the list of force-installed apps and extensions and enable it.

Deploying Google Chrome extensions using Group Policy - Group Policy enable extensions

Click the Show button and enter the string you created in the previous paragraph:


Deploying Google Chrome extensions using Group Policy - Group Policy configure extensions

Now the policy setting is configured. On the next Group Policy refresh the user will automatically receive the required extension. To summarize, this policy will automatically install one or more extensions for all users to whom the Group Policy applies. The installation is executed silently and without user interaction.

As stated in the previous paragraph, after the extension has been installed you will find it in the directory C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data\Default\Extensions.

Note: make sure that developer mode is disabled on the extensions tab. During my tests, extensions were not automatically installed with developer mode enabled.

Please be aware that when you remove the extension from the Configure the list of force-installed apps and extensions policy setting, the extension is automatically removed from Chrome for all users to whom the Group Policy applies.

Future updates of the extension are automatically installed through the update URL specified in the manifest file.

Unfortunately I was not able to come up with a solution concerning the centralized management of Chrome extension settings. Some extensions, for example The Great Suspender, come with additional options for the user to configure. As said, I was not able to find a way how to manage or configure these centrally.

Share this post:
Dennis Span on EmailDennis Span on LinkedinDennis Span on Twitter
Dennis Span
Dennis Span
Dennis Span works as a Senior Citrix Architect for a large insurance company in Vienna, Austria. He holds multiple certifications such as CCE-V, CCIA and CCEA. In 2017, Dennis became a Citrix Technology Advocate (CTA). Besides his interest in virtualization technologies and blogging, he loves spending time with his family as well as snowboarding, playing basketball and rowing. He is fluent in Dutch, English, German and Slovak and speaks some Spanish.

8 thoughts on “Deploying Google Chrome extensions using Group Policy

  1. Pingback: Google Chrome on Citrix deep-dive - Dennis Span

  2. The ADMX files I downloaded on 3-Oct-2017, under Computer Configuration/Administrative Templates/Google/Google Update/Applications/Google Chrome, do not have the options you show. I only have:

    Allow installation
    Target version prefix override
    Update policy override

    I checked under all 53 nodes and not see the settings for Chrome Extensions. All 53 nodes have the same three settings listed above.

  3. I see what the difference is. If you download just the ADM/ADMX bundle, you do not get all the admx files. You have to download the Chrome Bundle to get all the needed ADMX files.

    The ADMX download is just google.admx and googleupdate.admx. The Chrome Bundle gives you:


    • Hi Carl,

      Nice to see you visiting my blog! 🙂 You are right, there is a difference in the downloads. Does it work for you now after you downloaded the Chrome Bundle?

      • Worked perfectly. Your instructions were crystal clear and easy to follow. I am working with a customer this morning who is having issues installing Chrome extensions for users on his XenApp servers. They will be pleased to see they do not have to alter the master image.

        I will have to make sure their user profile solution is tracking the necessary folder.

        BTW, I figured out my issue on the ADMX downloads. There are two links for "Download Chrome ADM/ADMX Templates". The bottom one does NOT work. I clicked the "Download Google Update ADMX template" assuming that was what I needed. Obviously not. The top "Download Chrome ADM/ADMX Templates" link does work.

        Thanks for your very clear and easy to understand and follow articles on the Chrome stuff.

        • Hi Carl. I am happy to hear that all went well and that the instructions were clear. I like the Chrome browser a lot, but the installation and configuration can be a bit tricky, especially in an enterprise environment and especially on Citrix hosted-shared or VDI. But I guess you realized that already. 😉

Leave a Reply

Your email address will not be published.