Google Chrome on Citrix deep-dive

In this article, Google Chrome on Citrix deep-dive, I will show you how to deploy and configure Google Chrome on Citrix. Using a comprehensive PowerShell script we will automate the unattended installation and some initial configuration for Chrome. This article also deals with the various methods how configuring Chrome, including Microsoft Group Policies and preference files.

Change Log
22.07.2017: Correction; add lines to the master_preference file to prevent the creation of (desktop) shortcuts.
25.07.2017: Chrome adds entries to the Active Setup registry keys. Learn how to execute this command line using a VBScript.
20.09.2017: Added link to article Deploying Google Chrome extensions using Group Policy.
24.02.2018: An error occurs if the PowerShell version is not 3.0 or higher.
01.04.2018: Updated the section Google Chrome and roaming profiles.
09.04.2018: Updated the section Google Chrome and roaming profiles. Roaming profiles and the preferred method is better explained. The section Using preferences files has been updated as well. Corrected an error regarding the installation directory.
23.08.2018: Update the section Is Google Chrome supported on Citrix hosted-shared? Chrome is now officially supported!
14.01.2019: Added the section Troubleshooting and explained how the Software Reporting Tool may crash your servers.
18.01.2019: Updated article to the latest version of Chrome: 71.x released in December 2018. Before this update, this article was based on version 59 released in June 2017.

 

 

Table of Contents

Google Chrome on Citrix deep-dive (introduction)

Scripting the unattended installation of Google Chrome is a must in large environments. This article takes you through all the steps.

Fully automating your master images is best practice, whether it concerns FAT clients, VDI, or hosted-shared (e.g. Citrix XenApp, RDS, WTS). The installation and configuration of Google Chrome has always been somewhat difficult to manage though.

In May 2017, Google released the Google Chrome Enterprise Bundle. This bundle provides some improvement over past installations, but it still is not perfect. This article takes you through all the steps to successfully setup and configure Google Chrome in your environment. Also described in this article are the additional complexities when using Citrix XenDesktop, especially on hosted-shared (“XenApp”).

An overview of the Google Chrome Enterprise Bundle

The Google Chrome Enterprise Bundle includes all components required to successfully install and configure Google Chrome (as well as the plugin Legacy Browser Support) in an enterprise environment.

The latest version can be downloaded here:
https://chromeenterprise.google/browser/download

The version of Google Chrome that this article is based on is 71.x released in December 2018.

You can choose to download the 32-bit or 64-bit bundle or the 32-bit or 64-bit standalone Chrome installer. If you choose to download the standalone installer, the ADM/ADMX files for your Group Policies have to be downloaded separately. In this article, I work with the 64-bit version.

So, what exactly is included in this bundle? Well, after downloading and extracting the ZIP file GoogleChromeEnterpriseBundle64.zip, you will find three directories:

  • Configuration
    This folder contains the ADM and ADMX files, including multiple language files, which you can add to your Microsoft Group Policies. I strongly recommend using the ADMX files instead of the ADM files. In my opinion, Google added the ADM files for legacy support only. See the section Using Microsoft Group Policies (preferred) in this article for more information. The folder Configuration also contains the master_preferences file. This file contains pre-configuration settings. For more information see the section Using preference files in this article.
  • Documentation
    As the name suggests, this folder contains documentation. The PDF file README.pdf provides a general overview of how to install, deploy, and configure both Google Chrome and the Legacy Browser Support. In the various subfolders, you find detailed documentation about all possible Group Policy settings (in multiple languages).
  • Installers
    This directory contains the MSI installation files for both Google Chrome and the Legacy Browser Support (which allows users to switch automatically between Chrome and another browser). In July 2018, the new feature Endpoint Verification was introduced and a third MSI installer (EndpointVerification_%Version%.msi) was added to Chrome.

Google Chrome and Citrix

Is Google Chrome supported on Citrix hosted-shared (XenDesktop and XenApp)?

Yes!! I can wholeheartedly say that the Google Chrome browser is now supported on Citrix. For those of you who read this article before, the wording in this section has changed. In the past, it was not easy to find a definite statement from either Citrix or Google that Chrome is supported on Citrix. But this has changed. Before, I wrote the phrase “A clearer stance on the matter of support from both Google/Chromium and Citrix would be appreciated”. This clearer stance has now been given by both Citrix and Google.

In 2018, I had the opportunity to have a couple of one-on-one meetings with the Google Chrome development team. Together we came up with several improvements for Chrome concerning the installation and configuration in virtual environments. One of the improvements we came up with (albeit on a more organizational level) was to get Chrome listed as a Citrix Ready product and now it is!

Google Chrome on Citrix Deep-Dive - Chrome Citrix Ready

The following two articles also clearly state that Chrome is supported on both desktop and server operating systems as well as on Citrix XenDesktop and XenApp:

Besides the previously mentioned websites, the following support articles from both Google/Chromium.org and Citrix show that Chrome is supported on Citrix:

Roaming profiles

Google Chrome supports roaming profiles. For more information, please see the section Google Chrome and roaming profiles in this article.

Publishing Google Chrome in Citrix Studio/AppCenter

Publishing Google Chrome in Citrix Studio (Virtual Applications and Desktops / XenDesktop) or AppCenter (XenApp 6.x) works the same as with any other application. The command line contains the path and executable of Chrome (chrome.exe) and the parent folder is set as the working directory:

  • Command line: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  • Working directory: C:\Program Files (x86)\Google\Chrome\Application

According to the official Chromium article Run Chrome as a virtual application, Chrome 58 (released in April 2017) and later automatically detects if it is running in a remote desktop environment and adjusts its settings accordingly.
In case you use Chrome version 57 or below, Chrome may become unresponsive when started as a published application. To solve this issue, the chrome.exe should be started with the parameters –allow-no-sandbox-job –disable-gpu. For more information, see the Citrix article Google Chrome Becomes Unresponsive when Started as Published Application. The aforementioned Citrix article is obsolete for Chrome version 58 and higher.

Disabling Citrix API hooks for Chrome

In the previous paragraph, we saw that according to the official Chromium article Run Chrome as a virtual application, Chrome 58 and higher automatically detects if it is running in a remote desktop environment and adjusts its settings accordingly. This automatic adjustment only refers to the (now obsolete) command line switches (–allow-no-sandbox-job –disable-gpu)! It does not refer to the exclusions for hook injection. Let me explain.

Depending on your Citrix version, you may experience problems when launching Chrome. Besides the issue with the command line switches as described in the previous paragraph, you may also need to add the executables chrome.exe and nacl64.exe to the exclusion list for hooks injection as described in the Chromium article Run Chrome as a virtual application and the Citrix article How to Disable Citrix API Hooks on a Per-application (CTX107825). The official bug report (Chromium) can be read here: https://bugs.chromium.org/p/chromium/issues/detail?id=432595.

On the 24th of July 2017, Citrix released a new article called Chrome fails to launch in a published desktop. This article relates to Chrome errors such as “Aw, Snap!” page crashes and gray screens without any message. The solution to solve these errors is the same as above; the processes chrome.exe and nacl64.exe need to be excluded from the Citrix API hooks.

So what exactly does Chrome install on the local system?

Google Chrome and the Legacy Browser Support install the following components on your system:

  • Application files:
    • Chrome:
      • C:\Program Files (x86)\Google\Chrome, including the master_preference file located in the directory C:\Program Files (x86)\Google\Chrome\Application. The installation directory is the same for both the 32-bit and 64-bit versions of Chrome.
    • Legacy Browser Support:
      • C:\Program Files (x86)\Google\Legacy Browser Support. The installation directory is the same for both the 32-bit and 64-bit versions of the Legacy Browser Support plugin.
    • Endpoint Verification:
      • I did not check this add-on and do not know exactly which files are included.
  • User files in the directory C:\Users\%UserName%\AppData\Local\Google\Chrome.
  • A shortcut to Google Chrome on the public desktop. The path is %Public%\Desktop\Google Chrome.lnk, which by default is C:\Users\Public\Desktop.
  • Two services:
    • Google Update Service (gupdate)
    • Google Update Service (gupdatem)
      Google Chrome on Citrix deep-dive - Google Chrome services
  • Two scheduled tasks:
    • GoogleUpdateTaskMachineCore
    • GoogleUpdateTaskMachineUA
      Google Chrome on Citrix deep-dive - Google Chrome scheduled tasks
  • Computer-specific registry entries in the key HKEY_LOCAL_MACHINE\SOFTWARE\Google
  • User-specific registry entries in the key HKEY_CURRENT_USER\SOFTWARE\Google
  • Active Setup entries (see also this section in this article):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}

Scripting the unattended installation of the Google Chrome Enterprise Bundle with PowerShell

Installing Google Chrome and the Legacy Browser Support

The basic installation procedure for both the Google Chrome and the Legacy Browser Support is a piece of cake. The command line to install both components is as follows:

msiexec.exe /i “C:\GoogleChromeStandaloneEnterprise64.msi” /qn /norestart /l*v “C:\Logs\GoogleChromeStandaloneEnterprise64.log”

msiexec.exe /i “C:\LegacyBrowserSupport_5.5.0.0_en_x64.msi” /qn /norestart /l*v “C:\Logs\LegacyBrowserSupport_5.5.0.0_en_x64.log”

msiexec.exe /i “C:\EndpointVerification_0.4.21.msi” /qn /norestart /l*v “C:\Logs\EndpointVerification_0.4.21.log”

However, you still may run into some troubles when Chrome cannot reach the Internet. The installation may hang and end in an error. This can be fixed with the MSI parameter NOGOOGLEUPDATEPING=1. As per Google:

“I’m trying to install behind a firewall, and the install is timing out and failing.
The problem is that by default, Google Update is attempting to check for an update on installation and fails at the firewall. When parsing a special parameter, the installation will not do this check and should install regardless of outside connectivity. The special parameter is “NOGOOGLEUPDATEPING=1″, and is used like this:”

msiexec.exe /i “C:\GoogleChromeStandaloneEnterprise64.msi” NOGOOGLEUPDATEPING=1 /qn /norestart /l*v “C:\Logs\GoogleChromeStandaloneEnterprise64.log”

For more information concerning installation issues, please see the article Common Problems and Solutions from the Chromium projects.

Currently, I am not aware of any other available product-specific MSI parameters.

At the end of this article, I have prepared a complete installation and configuration script based on my installation template. This script does NOT include the NOGOOGLEUPDATEPING=1 parameter! This script has been created for Windows Server 2008 R2 and higher. I have tested it on Windows Server 2016 only.

To successfully install Google Chrome and the Legacy Browser Support using this script, please follow these steps:

  • Create an installation directory on the local computer or a file share (UNC path). For example: C:\Temp\Google\GoogleChrome.
  • Create a subdirectory called Files.
  • Download and extract the latest version of the Chrome Enterprise Bundle to the folder Files in the installation directory.
  • Copy the complete PowerShell script at the end of this paragraph to a new PS1 file (e.g. Install_GoogleChrome.ps1) and add this file to the root of your installation directory (not in the subdirectory Files).
  • Execute the PowerShell script:
    powershell.exe -file C:\Temp\Google\GoogleChrome\Install_GoogleChrome.ps1

In case you get a security warning, set the execution policy to allow the script to run:
powershell.exe -executionpolicy bypass -file C:\Temp\Google\GoogleChrome\Install_GoogleChrome.ps1.

To uninstall Google Chrome and the Legacy Browser Support, execute the script as follows:

powershell.exe -file C:\Temp\Google\GoogleChrome\Install_GoogleChrome.ps1 Uninstall

Log files are created in the directory C:\Logs\GoogleChrome, but you can change this to any directory you want (see lines 529 to 530).

Reference:

Deploying the “master_preferences” file

User settings can be managed using Microsoft Group Policies and preference files. The master_preference file contains pre-configuration settings (the default settings) for any new user who starts Chrome on the local computer. This paragraph explains how to deploy this file; for more information on how to use and configure the master_preferences file, please see the section Using preference files in this article.

In the previous paragraph Installing Google Chrome and the Legacy Browser Support, we created the directory C:\Temp\Google\GoogleChrome and the subdirectory Files. Add your customized master_preference to the subdirectory Files.

In the complete installation script at the end of this article, the customized master_preference file is copied to the directory C:\Program Files (x86)\Google\Chrome\Application. See line 594.

The actual function DS_CopyFile is located between lines 525 to 396 in the complete script.

Disabling services and scheduled tasks (disable auto-update)

On a Citrix worker, whether it concerns hosted-shared (“XenApp”) or VDI, applications should not automatically update themselves. There are many reasons for this:

  • Changes to your productive virtual machine and/or golden master image should be 100% in the control of the administrator. Unplanned (and especially untested) changes can cause problems. The administrator should always be aware of changes to the system for which he or she is responsible.
  • Application updates should be tested before going into production. Again, this is to ensure stability and to be able to guarantee continuity in the functionality of the application.
  • Disabling auto-updates is a must for some environments, for example when Provisioning Server is in use. Any changes to the virtual machine would end up in your RAM, assuming that’s where your write cache is pointing.

To prevent Chrome from automatically updating itself, the administrator can disable the Group Policy setting Update policy override in the section Computer Configuration \ Policies \ Administrative Templates \ Google \ Google Update \ Applications \ Google Chrome. For more information on Chrome Group Policies see the section Using Microsoft Group Policies (preferred) in this article.

Note: please be aware that Google does not recommend disabling auto-updates (as described in the article Install and update Google applications).

Even with the auto-update policy disabled, Google’s update services and scheduled tasks are still present on the local system. I choose to disable the services Google Update Service (gupdate) and Google Update Service (gupdatem) and to remove the scheduled tasks GoogleUpdateTaskMachineCore and GoogleUpdateTaskMachineUA.

The complete installation script at the end of this article disables the update services and removes both scheduled tasks.

In lines 598 to 603, the functions DS_StopService and DS_ChangeServiceStartupType are executed to stop and disable both services:

The DS_StopService (lines 183 to 245) stops the service, but the function also checks for potential depend services. In case other services depend on the service you want to stop, these services are stopped first. The last service to be stopped is the one you specified when calling the function. In this particular scenario, there are no depend services.

In lines 607 to 610 the scheduled tasks are removed:

Removing scheduled tasks requires two functions. The function DS_GetAllScheduledTaskSubFolders retrieves all functions in all (sub)folders. The function DS_DeleteScheduledTask deletes the scheduled task (see lines 433 to 519). Part of the code I got from the Microsoft Script Center repository (https://github.com/jaapbrasser/SharedScripts/tree/master/Get-ScheduledTask). The code of the two functions is as follows:

Removing the public desktop shortcut

The complete installation script at the end of this article includes the removal of the public desktop shortcut. The shortcut, Google Chrome.lnk, is located in the directory %Public%\Desktop, which by default points to C:\Users\Public.

In line 615 I execute the function DS_DeleteFile:

The DS_DeleteFile function contains detailed logging and error handling, but the main command within this function is a simple one:

The shortcut (the name of which is stored in the variable $File) is deleted.

For most applications, this action would be sufficient to prevent the desktop shortcut from being created for new users. Unfortunately, not for Google Chrome (many thanks to Tommy Kozlowski for bringing this to my attention).

Some lines need to be added to the master_preferences file to prevent shortcuts from being created for new users:

  • “create_all_shortcuts”: false,
  • “do_not_create_desktop_shortcut”: true,
  • “do_not_create_quick_launch_shortcut”: true

According to one comment I received (thanks Robert!), the following line is also required:

  • “do_not_create_taskbar_shortcut”:true

On a side note, adding the following line will prevent the “First Use” browser wizard from launching:

  • “suppress_first_run_default_browser_prompt”: true

Here is a screenshot of the custom master_preferences file shipped with Chrome 59, including the three aforementioned lines.

Google Chrome on Citrix deep-dive - master_preferences prevent creation of shortcuts

I have added two blue arrows to remind you to correctly set the commas. All grouped items within a JSON segment end with a comma; except for the last item in the segment.

Seamless applications, Active Setup, StubPath and logon script

Note: many thanks to Bruce Spies for bringing this issue to my attention!

Google Chrome adds a command line to the Active Setup registry keys, located here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath

The command line, shipped with Chrome version 71, is as follows:

“C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe” –configure-user-settings –verbose-logging –system-level

A command line in a StubPath registry entry (located within the Active Setup registry keys) is executed at logon. However, when starting a seamless application, the Active Setup keys are not executed. The same goes when you have disabled Active Setup, for example by renaming the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components.

So how to solve this issue? One way is to use a logon script. The following example is a small VBScript that you can execute by itself or add to your own logon script. For logon scripts, I recommend using VBScript because it loads faster than a PowerShell script. What this script does is the following:

  • Read the command line from the Chrome StubPath entry in Active Setup. The main reason for this is that the command line contains the Chrome version. By reading the command line directly from the registry, the command line is not hard-coded in the VBScript, keeping it flexible for future updates of Chrome.
  • Execute the command line.
  • Write a flag entry in the user’s registry (HKEY_CURRENT_USER) to ensure that the command line is only executed once.

The VBScript does not contain true logging; please replace the lines starting with “wscript.echo” with your own logging function. The error handling is all there.

To change the location of the flag entry, please change lines 23 to 25.

Execute the script using cscript.exe, for example: cscript.exe C:\InitializeGoogleChrome.vbs

Different ways to configure Google Chrome

There are three ways to manage Google Chrome settings:

 

Using Microsoft Group Policies (preferred)

The recommended method to manage Chrome settings is through Microsoft Group Policy. As per Google: “For Windows, it is recommended to use Group Policy vs. preferences files because only Group Policy can be enforced”. The same statement is made in the Chrome Deployment Guide: “Use Windows Group Policies (GPO policies) and cloud policy over preferences when possible. Unlike policies, preferences do not apply to previous installations of Chrome and are only applied to a single profile. Policies also override any preferences settings for a feature. Also, note that the master_preferences file can be changed and not enforced as group policies can”.

The use of preference files is explained two sections below.

Google provides both ADM and ADMX files to manage its various products. I strongly recommend you use the ADMX files only. Before you can use Microsoft Group Policies to configure Google Chrome, you first need to import the Google Chrome ADMX files in your Group Policy Central Store.
The ADMX files, as well as the ADMX language files, (*.ADML) can be found in the directory Configuration\admx of the Chrome Enterprise Bundle (after extraction of the ZIP file).

In case you are not familiar with the Central Store for Group Policies or you require more detailed information, please see the official Microsoft article How to create and manage the Central Store for Group Policy Administrative Templates in Windows.

Google provides the following six ADMX files:

  • chrome.admx
  • ChromeUASwitcher.admx
  • google.admx
  • GoogleUpdate.admx
  • LegacyBrowserSupport.admx
  • PasswordAlert.admx

The purpose of most of these ADMX files is quite self-explanatory, except for the ADMX file google.admx. This file only has one purpose, which is to define the shared “Google” folder in the Group Policy editor. This folder ensures that all Google policy settings (whether for Chrome or another Google product) are grouped under one header.

Google Chrome on Citrix deep-dive - Google Chrome Microsoft group policies

The Group Policy Central Store is located on your domain controllers. The ADMX files are located in the root of the store and the language files, the ADML files, are located in a language-specific subdirectory:

  • Central store root (containing the ADMX files):
    \\%LogonServer%\sysvol\#DomainName#\Policies\PolicyDefinitions

    Google Chrome on Citrix deep-dive - Group Policy Central Store
  • Central store subdirectories for the language files:
    \\%LogonServer%\sysvol\#DomainName#\Policies\PolicyDefinitions\#language-country#

Copy the ADMX files here:Google Chrome on Citrix deep-dive - Group Policy Central Store ADMX files

Copy the English ADML files here:Google Chrome on Citrix deep-dive - Group Policy Central Store ADML files

Make sure to copy non-English ADML files to their appropriate directories. The correct directory name for your specific language can be found in the directory Configuration\admx of the Chrome Enterprise Bundle (after extraction of the ZIP file).

Now that you have copied all required files, you can start configuring your settings using a Group Policy editor (such as the Group Policy Management Console).

In case you do not want to update your central store right away, you can first perform some tests by using the local ADMX repository on a server. The local repository on a Windows server is located here: C:\Windows\PolicyDefinitions. The same procedure for copying the ADMX and ADML files applies as with the central store. Use the local Group Policy editor to configure your settings (gpedit.msc).

Important: future versions of Chrome will have updated ADMX and ADML files. Please remember that your Group Policy settings are NOT affected when you update ADMX files. Your settings are stored in different files within each Group Policy itself:

  • Registry.pol -> contains group policy settings
  • *.xml (e.g. Files.xml) contains your group policy preference settings

The path to an individual group policy is as follows:
\\%LogonServer%\sysvol\#DomainName#\Policies\#PolicyGUID#

After configuring your Chrome settings you can see if your Chrome policies are being applied by entering chrome://policy in the Chrome address bar. This will show you all Chrome settings that are applied for your machine and user.

Google Chrome on Citrix deep-dive - Chrome applied policy overview

User settings can either be mandatory or recommended. Mandatory user settings are configured here:

User Configuration \ Administrative Templates \ Google \ Google Chrome

Recommended user settings are configured here:

User Configuration \ Administrative Templates \ Google \ Google Chrome – Default Settings (users can override)

On the local server or client, the Chrome computer and user policies are stored in the following registry keys:

  • HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Google \ Chrome
  • HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ Google \ Chrome

For more information concerning the centralized managing of Chrome extensions please see the article Deploying Google Chrome extensions using Group Policy.

Using parameters

Google provides a very long list of command line switches for the chrome.exe executable file. These switches allow an administrator to change the behavior of the application.

For a complete list of all available switches, please see the following article: https://peter.sh/experiments/chromium-command-line-switches.This article seems to be the official list since this link is referred to in the Chromium article Run Chromium with flags.

I do recommend caution when using these switches because they can only be used together with shortcuts. In case users have other ways of starting Chrome (e.g. via the command line), no shortcuts are used and therefore no switches will be applied. This can result in unplanned behavior.

Using preference files

The main and preferred method to manage Chrome settings is through Microsoft Group Policies. However, Chrome also includes a so-called master_preferences file which contains settings that are either not supported by a policy or settings you as an administrator may want to pre-configure at installation time.

Individual user settings are stored in a file called Preferences, stored in the user’s profile. This Preferences file is created on first use of Chrome. By default, this file is located in the directory C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data\Default. User-specific settings are stored in the Preferences file.

As per Google/Chromium: “When users start Chromium / Google Chrome for the first time, they do not yet have any Preferences file. A file named master_preferences located next to chrome.exe or chromium executable, is used as a template for what becomes the user’s Preferences file. On a system with Chrome installed from an MSI, this will be C:\Program Files\Google\Chrome\Application\master_preferences“.

Note: I found the above statement not to be true. First of all, the contents of the user’s Preferences file is completely different from the master_preferences file. Even if the master_preferences file serves as a template for the user’s Preferences file, this is not obvious when comparing the two files.

Secondly, the installation directory C:\Program Files is not correct. Having tested both the installation of the 32-bit and 64-bit MSI installers, the installation in both cases was C:\Program Files (x86).

When do you as an administrator configure user settings using a preference file or Group Policies? First of all, in most cases, it will not be necessary to change anything in the master_preferences file. For most configurations, you will use the preferred method Group Policies to manage your settings.
For the most part, you will only need to modify and deploy the master_preferences file if you want to configure certain initial settings, for example, if you want to prevent shortcuts from being created. Please see the article Configuring Other Preferences for more information.

The master_preferences file and the user-specific Preferences file are just text files that contain JSON markup. JSON is similar to XML but with various advantages such as being lightweight, easily readable for humans, and language-independent. For a quick overview, please see the following article. You can use any text editor (e.g. Notepad) if you want to change the configuration of the default master_preferences file. The default file is located in the directory Configuration of the Chrome Enterprise Bundle (after extraction of the ZIP file). See the Chromium article Default user preferences for more information.

According to Google, policies always take precedence over preference files. In my experience, however, I had some issues with my user-specific Preferences file and the Chrome user policies which users can override.

Google Chrome on Citrix deep-dive - Chrome policies default settings users can override

You see, the settings in the “normal” Chrome user policies, in the section Google Chrome, above Google Chrome – Default Settings (users can override), cannot be changed by the user. These are true policies. The settings in the section Google Chrome – Default Settings (users can override) are preferences. They are not mandatory and can be overridden by the user.

The issue I had was the following. I enabled the setting Show Home button on toolbar in the section where the user can override this setting. I did not have this setting enabled anywhere else (e.g. in a local machine policy). The home button never appeared in my browser. In both Chrome (chrome://policy) and the resultant set of policy (gpresult /r) I saw that the policy setting was applied, but I did not see the home button. I then checked my Preferences file in my user directory and discovered that show_home_button was set to false (in the screenshot it is set to true). As soon as I set the value to true in the Preferences file all worked fine.

Google Chrome on Citrix deep-dive - Chrome user preference file extract

I have to honestly admit that I am still not sure why this problem occurred, but in case you experience similar issues, please make sure to check the user-specific Preferences file.

Disable Google Chrome auto-updates

Please see the section Disabling services and scheduled tasks (disable auto-update) in this article regarding disabling Chrome updates.

Google Chrome and roaming profiles

The combination of Google Chrome and roaming profiles is a bit of a confusing topic. So far, I have discovered three ways to roam user settings.

Google Account

Creating a Google account allows a user to sign in to Chrome on any device where it may be installed. This is the preferred method according to the article Common Problems and Solutions (see the section Can I store my users’ Chrome profiles on a Roaming Profile?).

By default, the following user-specific settings are stored and synchronized:

  • Apps
  • Autofill
  • Bookmarks
  • Extensions
  • History
  • Passwords
  • Settings
  • Themes & Wallpapers
  • Open Tabs
  • Credit cards and addresses using Google Pay

The user can modify these settings in the menu.

Google roaming profile (the Profile.pb file)

Google Chrome offers a special option to be used in combination with roaming profiles. As explained in the article Using Chrome on roaming user profiles, settings such as bookmarks, auto-fill data, passwords, per-computer browsing history, browser preferences, and installed extensions can be stored in a file called profile.pb. This file is stored in the directory:
C:\Users\%UserName%\AppData\Roaming\Google\Chrome\User Data.

By default, all profile solutions synchronize the directory C:\Users\%UserName%\AppData\Roaming (= %AppData%), thus ensuring that the file profile.pb is synchronized as well. However, the Profile.pb file can be stored in a different directory as well, even outside of the user’s profile directory.

There are three methods to create the profile.pb file:

  • Enable the Group Policy setting Enable the creation of roaming copies for Google Chrome profile data in User or Computer Configuration \ Policies \ Administrative Templates \ Google \ Google Chrome.
  • Set the registry value RoamingProfileSupportEnabled to 00000001 in the registry key HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome or HKEY_CURRENT_USER\Software\Policies\Google\Chrome as described in the section RoamingProfileSupportEnabled in the article Policy List on Chromium.org.
  • Add the command line flag –enable-local-sync-backend to the Chrome.exe in the Chrome shortcut. See the article Using Chrome on roaming user profiles for more information.

There are three methods to change the default directory of the profile.pb file:

  • Enable the Group Policy setting Set the roaming profile directory in User or Computer Configuration \ Policies \ Administrative Templates \ Google \ Google Chrome.
  • Add the profile directory to the registry value RoamingProfileLocation in the registry key HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome or HKEY_CURRENT_USER\Software\Policies\Google\Chrome as described in the section RoamingProfileLocation in the article Policy List on Chromium.org.
  • Add the command line flag –local-sync-backend-dir=<directory> to the Chrome.exe in the Chrome shortcut. See the article Using Chrome on roaming user profiles for more information.

Roaming profiles

If Google accounts are not supported in your organization and you are not able to use the Profile.pb file for some reason, use the standard Windows or Citrix roaming profile method.

 

 

By default, Google Chrome stores all user data in the directory C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data (see also the Chromium article User Data Directory).

This directory should be synchronized with your roaming profile. The Citrix User Profile Manager includes this directory by default. Please take note that Citrix recommends to exclude the following four subfolders:

  • !ctx_localappdata!\Google\Chrome\User Data\Default\Cache=
  • !ctx_localappdata!\Google\Chrome\User Data\Default\Cached Theme Images=
  • !ctx_localappdata!\Google\Chrome\User Data\Default\JumpListIcons=
  • !ctx_localappdata!\Google\Chrome\User Data\Default\JumpListIconsOld=

As stated in the article Common Problems and Solutions, Chrome user profiles are not backward-compatible. If you try to use mismatched profiles and Chrome versions, you may experience crashes or data loss. This mismatch can often occur if a Chrome profile is synced to a roaming profile or network drive across multiple machines that have different versions of Chrome. In short, do not mix different versions of Chrome into one single roaming profile. Instead, create separate roaming profiles.

Please take note that native Windows roaming profiles by default exclude the folder C:\Users\%UserName%\AppData\Local. See the registry value ExcludeProfileDirs in the registry key HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.

Google Chrome on Citrix Deep-Dive - Windows Profiles excluded directories

In case you use Windows roaming profiles in your environment, you have to specifically include the path C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data to synchronize the user’s Chrome settings.

Troubleshooting

Software Reporting Tool may crash your servers

I recently had an issue with the Google Chrome Software Reporting Tool, part of Chrome’s Cleanup Tool, on my virtual machines in Azure. This tool caused unexpected, random server crashes, which meant that users were losing their data and that all of their applications were abruptly terminated.

Note: in the article Analyzing system crashes on non-persistent machines I explain how I investigated this issue using dump files and the tool Windows Debugger.

The process behind the Software Reporting Tool is software_report_tool.exe and can be found in the following directory that resides in the user profile:

C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data\SwReporter\%ToolVersion%

This tool is:

  • Automatically downloaded by Chrome;
  • Installed in the user profile (where the user has write access);
  • Installed in a subdirectory whose name carries the version of the tool.

After determining that the Software Reporting Tool was causing this, I had to somehow prevent this process from running. I am aware of three options for how to do this:

Option 1: disable the Chrome Cleanup and Reporting Tool using a Chrome group policy

From Chrome version 68 (released in July 2018) the ADMX files for Google Chrome contain the settings Enable Chrome Cleanup on Windows and Control how Chrome Cleanup reports data to Google. These settings can be found here:

Computer Configuration \ Policies \ Administrative Template \  Google \ Google Chrome

Deep-dive automating and configuring Google Chrome - Group policy disable chrome Cleanup Tool and Reporting

Disabling these settings prevents both the Chrome Cleanup Tool and the Software Reporting Tool from running.

These settings are also described in the official Chromium Policy List:

Thanks to Max for bringing this to my attention!

Option 2: disable the Chrome Cleanup and Reporting Tool by modifying the registry

The settings described in option 1 can also be configured directly in the registry:

  • HKLM\SOFTWARE\Policies\Google\Chrome
    • ChromeCleanupEnabled -> DWORD 00000000
    • ChromeCleanupReportingEnabled -> DWORD 00000000

Deep-dive automating and configuring Google Chrome - Registry disable chrome Cleanup Tool and Reporting

These settings are also described in the official Chromium Policy List:

Thanks to Max for bringing this to my attention!

Option 3: Use an AppLocker policy to prevent the Software Reporting Tool from running

Use an AppLocker policy to block all executables in the following path:

%OSDRIVE%\Users\*\AppData\Local\Google\Chrome\User Data\SwReporter

You find the AppLocker policies in the Microsoft Group Policy Management Console under Computer Configuration \ Policies \ Windows Settings\ Security Settings\ Application Control Policies.

Set the permissions to Deny for all Users.

Deep-dive automating and configuring Google Chrome - Software Reporting Tool AppLocker policy permissions

Create a path condition.

Deep-dive automating and configuring Google Chrome - Software Reporting Tool AppLocker policy conditions

Define the path you want to block. Use the AppLocker internal variables and wildcards (environment variables do not work).

Deep-dive automating and configuring Google Chrome - Software Reporting Tool AppLocker policy path

In case you are using Citrix Workspace Environment Manager (WEM), create a new rule in the Application Security section.

Deep-dive automating and configuring Google Chrome - Software Reporting Tool AppLocker Citrix WEM

Complete script for installing and (partially) configuring Google Chrome

In case you use my installation template, this is what the complete script, including logging and error handling, looks like.

This script has been created for Windows Server 2008 R2 and higher. I have tested it on Windows Server 2016 only.

You can change the base logging directory and the package name (which is used to construct the log file name) in lines 529 to 530.

Make sure to prepare for the installation directory as described in the section Installing Google Chrome and the Legacy Browser Support.

Important: when running this script on Windows 7 or Windows Server 2008 R2, please make sure that the PowerShell version is at least 3.0 or higher (and not the default version that was shipped with these operating systems, which is 2.0). Otherwise, an error occurs, because in line 533 I use the automatic variable $PSScriptRoot to find the current directory. This variable was first introduced in PowerShell 3.0. If you cannot update to a newer version of PowerShell, please replace $PSScriptRoot with the actual directory name (e.g. C:\Temp\MyApp) in line 533.

Execute the script as follows like this:
powershell.exe -executionpolicy bypass -file C:\Temp\Google\GoogleChrome\Install_GoogleChrome.ps1

Log files are created in the directory C:\Logs\GoogleChrome, but you can change this to any directory you want (see lines 529 to 530).

Conclusion

Scripting the unattended installation of Google Chrome is not easy, but manageable. I hope this article helps you to get your own installation and configuration up and running without any headaches.

87 thoughts on “Google Chrome on Citrix deep-dive

    • Thanks a lot for the link, but in all honesty, I already found and read that article. It certainly seems that Citrix and especially “hosted-shared” is supported, but unfortunately I cannot find any official confirmation. To me, “official” means a clear confirmation of support on either google.com, chromium.org or citrix.com. Thanks once again for your input! I appreciate it.

  1. Pingback: Detailed Change Log – Carl Stalhood

  2. Pingback: EUC Weekly Digest – July 15, 2017 – Carl Stalhood

  3. Hi Dennis,
    This is a great article !

    However, the desktop icons are still created, even when deleting the link from the Public profile.
    You will need to use the master_preferences file for this and add these lines :
    “create_all_shortcuts”: false,
    “do_not_create_desktop_shortcut”: true,
    “do_not_create_quick_launch_shortcut”: true,

  4. What do you suggest for the scenario where Chrome is published as a seamless application (XA 6.5) and Active Setup’s do not run? there is an Active Setup being added by the installer, and that will not run unless the Desktop is loaded. I would normally disable that, and replace it with something in the login script to run the command (just once). However the stubpath for this new active setup points to a version specific folder, which tells me it could change as Chrome is updated and then my login script ‘hack’ would stop working. That is just a guess but I think a risk.

    Thanks!

    • Hi Bruce,

      First of all, thanks a lot for your input. I completely missed the Active Setup keys I must admit. I have just updated my article with this input. I think that you will be especially interested in the VBScript I added. The way to solve your issue is to directly read the command line from the registry (from the StubPath value). This way, you do not have to add the command line hard-coded into your logon script, which means no issues with future versions of Chrome.

      You can find the updated section here: https://dennisspan.com/google-chrome-on-citrix-deep-dive/#StubPath

      Good luck!

  5. Hi Dennis,

    We are having performance related issues with our XenDesktop VDI’s. Will excluding Chrome exe’s improve this at all? The external articles refers more to XenApp.

    • Hi Yusuf, my apologies for the late reply. I was on holiday. Perhaps you can be more precise on the kind of performance issues you are experiencing. Is the Chrome.exe consuming too much CPU? Or RAM? Do you have GPU acceleration enabled? Excluding the Chrome.exe from the Citrix API hooks can help to solve certain issues (also on VDI), but I doubt that you will experience a better performance. But give it a try I would say.

      • Hi Dennis,

        I hope you had a nice holiday. Yes, as suggested chrome.exe is hammering the RAM. Also some users are getting infamous “Aw snap” errors.

        The GPU acceleration is already disabled.

        Best regards
        Yusuf

        • Hi Yusuf,

          Thanks, the holiday was great!

          I am sure that you already searched for a possible solution using Google. There are many articles out there describing a great number of potential solutions. In my experience, one of the main causes for extensive RAM usage relates directly to the number of tabs simultaneously opened in Chrome. In my case, the extension called “The Great Suspender” helps a lot, because it suspends open tabs. The plugin can be downloaded from the Chrome Web Store (https://chrome.google.com/webstore/detail/the-great-suspender/klbibkeccnjlkjkiokjodocebajanakg). You can configure the time after which an open tab is suspended. I did a test with 20 open tabs, using up 1,1 GB of RAM. After the plugin suspended these tabs, only 335 MB of RAM was used. This is quite a significant reduction.
          Use the Windows Task Manager and the internal Chrome task manager (Settings \ More Tools \ Task Manager) to monitor the RAM usage. Install the aforementioned plugin and do some tests of your own. In case the plugin solves the issue, you can use a Group Policy to distribute the plugin to your users (https://support.google.com/chrome/a/answer/188453?hl=en).
          As I said before, there are many other tweaks you can use to try to minimize Chrome’s RAM usage, but you can easily find these with a search on Google.

          Regarding the “Aw Snap” errors, there is an official Google page with some potential solutions: https://support.google.com/chrome/answer/95669?co=GENIE.Platform%3DDesktop&hl=en. Also watch out not to mix default roaming profiles with various versions of Chrome (see also the section in my article https://dennisspan.com/google-chrome-on-citrix-deep-dive/#GoogleChromeRoamingProfiles). Also check your Microsoft EMET settings in case you are using EMET. You may have to exclude Chrome.

          I hope my suggestions are of help to you. Good luck!

          Bye,

          Dennis

          • Hi Yusuf, one more thing, regarding the “Aw Snap” errors, Citrix released the following new article on the 24th of July: “Chrome fails to launch in a published desktop” (https://support.citrix.com/article/CTX226044). The solution is to exclude the processes “chrome.exe” and “nacl64.exe” from the Citrix API hooks. Please don’t be fooled by the description in the section “Problem Cause”. This description is not accurate; excluding Chrome from the Citrix API hooks and adding the parameters “–allow-no-sandbox-job –disable-gpu” to your published application are two different things. You may be confused in thinking that Chrome version 58 and higher automatically includes these two processes in the registry, which is not true. What is new in Chrome 58 and higher is that you can publish the “chrome.exe” without adding the parameters “–allow-no-sandbox-job –disable-gpu”.

  6. Pingback: Site Updates – July 2017 – Carl Stalhood

  7. Pingback: Deploying Google Chrome extensions using Group Policy - Dennis Span

  8. Pingback: Published Applications – Carl Stalhood

  9. Hi dennis. I also try chrome in citrix. For me it is not clear how to deploy extensions for all users. I try adblock i add extension id in gpo but what is with the downloaded installer for the extension? Have you here also a good docu. Thx for the great article. Regards frank

  10. Hi,

    I am trying to deploy Google Chrome for Enterprise for XenApp within Windows 2008R2 – VDA 7.6 CU3. For normal windows roaming profile users, no problem. But for some Citrix users with UPM – I get the following message. “Your profile can not be used because it is from a newer version of Google Chrome. Some features may be unavailable. Please specify a different profile directory or use a newer version of Chrome”. The current version installed on XenApp is 58.

    Would I also need to add the API hooks on the XenApp gold image?

  11. I am attempting to run your script as posted without changing anything, and am receiving the following error when running on a test box:
    Join-Path : Cannot bind argument to parameter ‘Path’ because it is null.
    At C:\Temp\Google\GoogleChrome\Install_GoogleChrome.ps1:566 char:26
    + $FileFullPath = Join-Path <<<< $StartDir $FileSubfolder
    # Concatenate the two directories $StartDit and $InstallFileFolder

    • Hi Louis,

      In line 566, where the error occurs, two directories are concatenated (merged); the directory defined in the variable $StartDir and the directory defined in the variable $FileSubfolder. The variable $StartDir is automatically determined by the script in line 533. The $FileSubfolder variable is defined in line 565. By default, this directory is called “Files”. I assume that this subdirectory is missing in your installation path or called differently. In case you used a different name, enter the correct name in line 565 (replacing the value “Files”). That should fix your problem. Good luck!

  12. Hi Dennis,

    I’m also having the same problem, and my directory structure is as as follow:

    Powerscript location:
    “E:\Apps\Chrome\Install.ps1”

    Installation MSI location:
    “E:\Apps\Chrome\Files\googlechromestandaloneenterprise64.msi”
    “E:\Apps\Chrome\Files\LegacyBrowserSupport_5.1.0.0_en_x64.msi”

    But when executing the below command in command prompt:

    E:\Apps\Chrome>powershell.exe -executionpolicy bypass -file E:\Apps\Chrome\Install.ps1

    I’m also seeing the below message:

    Join-Path : Cannot bind argument to parameter ‘Path’ because it is null.
    At E:\Apps\Chrome\Install.ps1:566 char:26
    + $FileFullPath = Join-Path <<<< $StartDir $FileSubfolder
    # Concatenate the two directories $StartDir and $InstallFileFolder
    + CategoryInfo : InvalidData: (:) [Join-Path], ParentContainsErro
    rRecordException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,M
    icrosoft.PowerShell.Commands.JoinPathCommand

    Am I missing something here? Thanks.

    • Hi Grant,

      I am sorry to hear that the script is not working for you. I could not detect any obvious issue from the text in the command. Could you perhaps send me the log file? If you did not make changes to lines 529 and 530, you should have a log file in the directory C:\Logs\GoogleChrome. Please send it to dennis@dennisspan.com and I will get back to you shortly. Thanks!

  13. Pingback: Deploy Google Chrome Add-Ins via Group Policy – IT Stuff

  14. Hello,

    In Google Chrome for Enterprise in a Citrix VDI (Windows 7 Environment) I’ve noticed extensions do not download and I get a (COULD_NOT_GET_TEMP_DIRECTORY) when I try a test Webex to download the extension.

    If I create a UserDataDir registry to point somewhere, it works. What is the best place to point this? What information does it contain. In a XenApp session, this seems to work and I have the same group policy applied, it just looks like I have to create an exception for windows 7 VDI (with mounted personal vDisk)

    We do not use Roaming profile and use Citrix UPM so in Active Directory (its blank), we also have disabled Google Sync for security reasons.

    • Hi Rikesh,

      The default path to the Google Chrome User Data directory is “C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data”. Among other things, this directory contains the (per user installed) extensions in the subdirectory “Default\Extensions”. Please also see my article https://dennisspan.com/deploying-google-chrome-extensions-using-group-policy/ for more information. The error COULD_NOT_GET_TEMP_DIRECTORY indicates that the user data directory is not set or not reachable/writable for some reason. You can use a Chrome policy to configure this directory, or you can set a registry key (e.g. using a script or a Group Policy Preference), or you can add the switch –user-data-dir=”%UserDataDir%” to the Chrome shortcut. The cause for this issue may be many things. Perhaps the cause is the Personal vDisk. By default, the Citrix user profiles are stored there. Is this drive perhaps not visible to users? Or is this drive mapped without a drive letter? In some older forum entries people mention possible causes, such as drives without drive letters. There also seems to be a problem when the disk on which the user profile is stored is set to ‘dynamic’ and not to ‘basic’. Also make sure that the user has write permissions on the “%AppData%\local” path. I hope some of these suggestions help you. I strongly recommend to check your Personal vDisk first. Good luck!

  15. Hallo Herr Span,
    können Sie mir eine Info zum Software_Reporter_Tool geben. Dieses wird bei Google Chrome sporadisch im Hintergrund ausgeführt. Eventuell sind Sie während des “deep dive” damit in kontakt gekommen. Wir würden uns wünschen, dass diese Software nicht ausgeführt wird.
    Vielen Dank

  16. Hi Dennis,

    Thanks very much for the update and advice, I confirm we can deploy the script across to all our Win7 endpoints without the need to first update PowerShell 3.0, that no doubt save a lot of time!

    Grant

      • Hi Dennis,

        I have another questions, based on my understanding, 32bit programs should go to “Program Files (x86)” and 64 bit should go to “Program Files”, it is noted that from both of your article and installation results of a 64bit chrome msi, it is being installed to “Program Files (x86)”, just want to confirm if this is the result of your script or if it is done by the msi installation.

        Thanks again,

        Grant

        • Hi Grant. You are right and I made a mistake in my article. The installation directory is always C:\Program Files (x86), no matter whether you use the 32-bit or 64-bit installer. I do not modify the installation directory in the PowerShell script. I have updated the article accordingly. Thanks for pointing it out to me!

  17. Hello Dennis,

    thx for your fine articel!
    In my case i needed one more setting to the master_preferences to get get rid of the shortcuts:
    “do_not_create_taskbar_shortcut”:true
    i also added this not to get the default browser wizzard:
    “suppress_first_run_default_browser_prompt”: true

    Robert

  18. Cool Article, thank you.
    In a scenario with
    -local or mandatory profile
    -roaming enabled with the profile.pb on a redirected folder
    I found it difficult to supress all welcome screens.
    This thread helped me:
    http://www.edugeek.net/forums/enterprise-software/178319-google-chrome-welcome-screen-4.html

    Important is to really disable DefaultBrowserSettingEnabled and WelcomePageOnOSUpgradeEnabled and PromotionalTabsEnabled.

    Its still not possible to open with a users home page at first run. Chrome will show the google search page (with an optional user design from profile.pb;)
    And there is still the option to set first start pages via GPO.

    This is my GPO
    ====
    Computer
    Software\Policies\Google\Chrome
    RoamingProfileLocation
    SZ:H:\\……\\chrome

    Computer
    Software\Policies\Google\Chrome
    RoamingProfileSupportEnabled
    DWORD:1

    Computer
    Software\Policies\Google\Chrome
    WelcomePageOnOSUpgradeEnabled
    DWORD:0

    Computer
    Software\Policies\Google\Chrome
    DefaultBrowserSettingEnabled
    DWORD:0

    Computer
    Software\Policies\Google\Chrome
    PromotionalTabsEnabled
    DWORD:0

    Computer
    Software\Policies\Google\Chrome
    HardwareAccelerationModeEnabled
    DWORD:0

    Computer
    Software\Policies\Google\Chrome
    BackgroundModeEnabled
    DWORD:0

    Computer
    Software\Policies\Google\Chrome\ExtensionInstallForcelist
    *
    DELETEALLVALUES

    Computer
    Software\Policies\Google\Chrome\ExtensionInstallForcelist
    1
    SZ:hdppkjifljbdpckfajcmlblbchhledln;https://clients2.google.com/service/update2/crx
    ========master_preferences
    {

    “browser”:{
    “show_home_button”: true
    },
    “distribution”: {
    “msi”:true,
    “system_level”:true,
    “verbose_logging”:true,
    “msi_product_id”:”8CAEA0A0-B65B-3773-912B-AD4AB10564A6″,
    “allow_downgrade”:false,
    “do_not_create_any_shortcuts”:true

    }
    }

  19. Hi Dennis, great article!

    I’m seeing an issue on 2016 + VDA software where Chrome is pretty slow to launch, even with the Citrix Hooks excluded. – Procmon shows a couple of 3-5 second gaps where nothing really seems to happen. – Is this something you’ve come across?

    Installation on a non-VDA, launch is instantaneous and ready to go within 3 seconds. On the VDA it’s 10-15 seconds before the default launch page appears.

    • Hi Omar,

      My apologies for the late reply. I was on holiday. I have not come across this issue. Some thoughts from my side. First of all, did you install the 32-bit or 62-bit version of Chrome? I recommend to use the 64-bit on Windows 2016. Second of all, I read somewhere that Chrome may be slow due to the setting “Use hardware acceleration when available” (https://www.cnet.com/how-to/a-quick-fix-for-your-slow-chrome-browser/). Also check all other settings that Chrome has to offer. Perhaps there you find something that should be configured differently. Another thought is to make sure that no executables other than “chrome.exe” are allowed to run. Chrome also installs executable files in the user’s %AppData% directory, such as the Software Reporting Tool. Make sure that users are not allowed to run any of these executables (https://dennisspan.com/google-chrome-on-citrix-deep-dive/#SoftwareReportingTool).

  20. Hi,

    if we use Google roaming profile (the Profile.pb file). Is it nessacary to sync “C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data” also or can this folder excluded with UPM when we are using the profile.pb?

    I have one more question: I added the “AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions” folder (https://support.citrix.com/article/CTX238525) to the folders to mirror. Then, logging off a user takes 60 seconds instead of 8 seconds. Is this a normal behavior when a folder is mirrored and not synchronized?

    Thanks.
    Markus

    • Hi Markus,

      My apologies for the late reply. I was on holiday. You should be able to exclude the directory “C:\Users\%UserName%\AppData\Local\Google\Chrome\User Data”. By default, the “profile.pb” file is stored in the “AppData\Roaming” directory unless you specified a different directory. All the user’s preferences will be included in the “profile.pb” file.

      Concerning your second question. I think the answer to your question can be found in a cool article by CTP Matthias Schlimm (https://eucweb.com/blog/1397). In it, he writes: “Citrix recommend to enable mirroring. With enabled Mirroring no exclusions of files or folders inside the mirrored folder are processed.” This means that any exclusions you have set for Chrome are ignored when you enable mirroring. This will probably be the reason for the slow log off. Also, I assume that you disabled Active Write-Back, which is a recommended practice. This means that nothing is written back to the profile store during the user’s session, so everything is done at logoff. I know that concerning Chrome there was an issue with Windows 10 version 1809. This is the reason for Matthias to write the article. I remember discussing this issue with him standing in Cologn Airport.
      Please also read the short but informative article called “Synchronize vs Mirror” by Citrite Daniel Feller (https://virtualfeller.com/2019/01/15/synchronize-vs-mirror/).

  21. Hi Dennis,

    We’re seeing some strange behaviour in a new non-persistent XenDesktop environment. We’re installing onto Win 10 1308 OS. Chrome takes a few seconds to launch (grey screen) and hangs for a few seconds on each new tab. The internet speed is fine as IE/Edge are both much faster. CPU usage is all ok, any idea what could be causing the slow tab/launch behaviour?

    Thanks,

    Joseph

  22. What is your thought on the Code Cache directory \AppData\Local\Google\Chrome\User Data\default\Code Cache.
    In my environment we are seeing around 15 – 30K of files in that directory and its slowing down log on time.

    • Hi Samuel,

      Thanks for your comment. It is true that this directory can grow quite large in size and can contain many thousands of files. Have you tried excluding this directory in your profile solution (e.g. Citrix UPM)? A few minutes ago I sent an e-mail to the Google Chrome development team asking them for more information about this directory and more importantly, whether or not it can be safely excluded, since this would solve your issue. I will keep you informed of any information I receive.

      Kind regards,

      Dennis

    • Hi Samuel,

      That went faster than I thought. I already received an answer from the Chrome team. They say that you can exclude the “Code Cache” folder with minimum to no impact to the users. In case you use Citrix UPM make sure to add the following folder exclusion:

      AppData\Local\Google\Chrome\User Data\Default\Code Cache

      Also, here is the answer to my question concerning the purpose of the Code Cache folder: “Code caching is a cache of generated JavaScript code”.

  23. We started excluding that folder a few months ago, as it was getting large, not really in size per se but the number of files to be copied in a roaming profile was ridiculous. I googled this as well and found some people saying it was safe. I tried deleting it and launching chrome, and it seemed fine. My understanding is these files are copies of javascript websites use, so it makes the web experience snappier. But, I figure is the faster login more important than a snappy web experience? for me that is a good trade. Users will complain to me about login times. They will just shrug if a website takes an extra moment to load.

  24. Hey Dennis,
    maybe you have an idea to solve our problem. We are working with Citrix, having multiple Servers (seperated in ms office and special applications). The AppData is redirected to a shared drive.
    Since there are some applications which need also a chrome installed on the same server instance we got a problem for some users. Working with chrome on the default server (office) and on a special application server is not possible since chrome only allows to use one “session” at a time. Working on two servers with chrome and using only one “UserDataDir” is not possible.
    Do you have a hint how to solve this? Is the Profile.pb the right way?

    • Hi Max,

      In this case I recommend to use different profiles per server type / silo. This should solve your problem. Using the “profile.pb” file is also an option, but also here you may want to use separate “profile.pb” files per silo (instead of one “profile.pb” file for both silos).

      • Hey Dennis,
        using different profiles will cause issues when for example adding some favorites. It will be missing in the other session or do i miss something?

        • Hi Max, yes, you are right. Two possible options are to redirect the user data directory, e.g. using the Group Policy Computer Configuration \ Policies \ Administrative Templates \ Google \ Google Chrome – >”Set user data directory” or by launching Chrome using the parameter –user-data-dir: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –user-data-dir=”H:\appdata\local\Google\Chrome\User Data”.

          Just make sure that the version of both the OS as well as Google Chrome are the same in both silos, otherwise you may experience problems. As per Chromium.org:

          “Chrome profiles are not backwards compatible, so storing the user profile on a network drive and using it with different versions of Chrome can cause crashes and data loss”
          https://www.chromium.org/administrators/policy-list-3/user-data-directory-variables.

          • Hey Dennis, the “UserDataDir” is the setting we are using at the moment. The Problem we have is, that when chrome is startet a second time in a different silo, it wont come up.

          • Hi Max,

            I guess I am not helping you here, am I? 🙂 I think only now I really understand your problem. It is also written in the article https://support.google.com/chrome/a/answer/7349337:
            “A user might want to run Chrome Browser simultaneously on multiple machines on your organization’s network. But if they use Roaming User Profiles, profile changes they make in one Chrome session will not sync with other sessions. So we recommend never running simultaneous Chrome sessions when you use Roaming User Profiles.”

            Is it an option for you to use a Google (Sync) Account to synchronize user settings (https://dennisspan.com/google-chrome-on-citrix-deep-dive/#GoogleAccount)? This would also help you mitigate potential problem should the situation arise whereby the Chrome versions on both silos do not match.

  25. Hey Dennis,
    help is not always giving the right solution, it is also the exchange about the topic. I had the hope you had seen that problem (with a solution) at one of your jobs. Sometimes there is more possible then the vendors are telling us 😉
    Thank you so far

  26. Fantastic! I loved reading your blogs and the way it has been written. My name is Vidit Sehgal, I truly appreciate on what the blogs you have posted on a regular basis and its meaningful deliverance before the internet users.

  27. Hi Dennis,

    Great Article! but I was really hoping for some best practices when running Chrome on PVS. I have a very heavy chrome user base and there seems to be some issues with their chrome behaviour and the cache drive filling up. PVS Server has 16 GB of RAM, overflow to a 20 GB disk (8 GB used for pagefile) … On a reboot, I can see in Procmon the many many writes to the %appdata%\Local\Google\Chrome\User Data\Default\Cache folder as the d: cache drive fills up. This has gotten to the point where the server will freeze after less than a day of use at times. Any ideas?

  28. Hi Dennis,

    in my case, ater installing Chrome enterprise, and then get below error :

    No internet
    Try:
    Checking the network cables, modem, and router
    Reconnecting to Wi-Fi
    Running Windows Network Diagnostics
    DNS_PROBE_FINISHED_NO_INTERNET
    Actaully there is no issue with other browser like IE, and Firefox in the server 2016.

  29. Pingback: Counting the Cost of Chrome: Bad News for the Chrome Browser on Citrix Workspaces | Citrix Professionals - ctxPRO.com

  30. Hi Dennis,

    Great Article! and Thanks for taking the time to share these informative posts. I am little bit new to this citrix and need one help from your end. I need to install one particular extension in Chrome and Edge both browser for all users without using any Group policies. Could you refer any step by step article\help me on this.

    Thanks in Advance

    • Hi Suraj, on which types of devices do you want to install the Chrome extension? These devices must be managed devices, otherwise, you will not be able to roll out anything to your users. If these are Chromebooks for example, you can manage the ChromeOS as well as user settings using Chrome Enterprise. If they are Windows devices and they are domain joined, you can use Group Policies. I am not sure if Intune can be used to roll out Chrome extensions. Please keep in mind that Chrome extensions are stored in the user context and not per machine!

  31. Hi Dennis,

    I have been using your PowerShell script to deploy Chrome many times over the years and it works great.

    However, on Windows 10 22H2, I noted the following error, which looks like something to do with the new PowerShell versions?

    D:\Apps\Chrome>powershell.exe -executionpolicy bypass -file D:\Apps\Chrome\install.ps1
    New-Item : The device is not ready.
    At D:\Apps\Chrome\install.ps1:540 char:29
    + … t-Path $LogDir)) { New-Item -Path $LogDir -ItemType directory | Out-N …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : WriteError: (E:\Apps\Chrome\Logs\GoogleChrome:String) [New-Item], IOException
    + FullyQualifiedErrorId : CreateDirectoryIOError,Microsoft.PowerShell.Commands.NewItemCommand

  32. Hi,

    I wonder if anyone have a copy of MSI bundle for version 109.0.5414.120 which is the last Chrome version supporting server 2012? Currently, Google removed the repositories for the download. Greatly appreciate it if anyone can share it. Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.