This article is about deploying Google Chrome extensions using Group Policy. Find out how to retrieve the extension ID and update URL.
Before reading this article, I recommend you to read the article Google Chrome on Citrix deep-dive to gain an in-depth understanding of all facets of Google Chrome for both Citrix and traditional environments.
A user can add extensions to the Chrome browser by downloading them from the Chrome Web Store:
This works great for individual users, but what if you want to deploy an extension to a large number of users in your organization? The solution is to deploy the extension via Group Policy.
Deploying extensions via Group Policy consists of two parts:
- Retrieve the extension ID and the update URL of the Chrome extension
- Enable and configure Chrome extensions in a Group Policy
To be able to add an extension to a Group Policy, two values need to be known: the extension ID and an "update" URL. These two values have to be entered as one string, but separated by a semicolon (;). For example, the concatenated string of the extension ID and update URL for the Office Online extension version 1.5.2. is as follows:
The first thing to do, is to manually install the extension directly from the Chrome Web Store on your (test) system. You need to do this, otherwise you will not be able to retrieve the ID and update URL.
|Note: the URL of the Chrome extension also contains the extension's ID, so technically speaking you could copy it directly from the browser's address bar. Secondly, the update URL seems to be the same for all extensions, namely: https://clients2.google.com/service/update2/crx. What I am saying is that installing the extension on a (test) system is not absolutely necessary, but I still recommend it. At the very least, you will be able to test the extension before deploying it to your users and you can check if any additional settings (options) can be configured. You may want to inform your users about these additional options.|
The extension ID can be retrieved by opening the extensions tab in Chrome. Either enter chrome://extensions in the address bar or open the extensions tab via the menu:
Enable developer mode. Now the ID of each individual extension is shown.
Copy this ID somewhere (for example in Notepad); you will need this information in the next step.
Chrome extensions are installed on a per-user basis. The installation directory is:
The extension ID is equal to the name of the folder. Open the directory that corresponds with the ID of your extension, in our case ndjpnladcallmjemlbaebfadecfhkepb (= the ID of the Office Online extension). Open the subdirectory representing the version of the extension. In the root of this directory you should find the file manifest.json. Open this file in your favorite text editor (e.g. Notepad). Search for the string update_url. Here you will find the update URL:
Now you have the values you need. Copy them together in one string and make sure to separate them using a semicolon (as shown in the beginning of this paragraph):
In the following paragraph you will enter this string in a Group Policy setting.
Before you continue reading, please make sure that you have imported the Google Chrome ADMX files in your environment as described in the section Using Microsoft Group Policies (preferred) in the article Google Chrome on Citrix deep-dive.
To force-install extensions, open your Group Policy Management console (dsa.msc) and go to User Configuration \ Administrative Templates \ Google\ Google Chrome \ Extensions. Go to the setting Configure the list of force-installed apps and extensions and enable it.
Click the Show button and enter the string you created in the previous paragraph:
Now the policy setting is configured. On the next Group Policy refresh the user will automatically receive the required extension. To summarize, this policy will automatically install one or more extensions for all users to whom the Group Policy applies. The installation is executed silently and without user interaction.
As stated in the previous paragraph, after the extension has been installed you will find it in the directory C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data\Default\Extensions.
|Note: make sure that developer mode is disabled on the extensions tab. During my tests, extensions were not automatically installed with developer mode enabled.|
Please be aware that when you remove the extension from the Configure the list of force-installed apps and extensions policy setting, the extension is automatically removed from Chrome for all users to whom the Group Policy applies.
Future updates of the extension are automatically installed through the update URL specified in the manifest file.
Unfortunately I was not able to come up with a solution concerning the centralized management of Chrome extension settings. Some extensions, for example The Great Suspender, come with additional options for the user to configure. As said, I was not able to find a way how to manage or configure these centrally.