Using Microsoft Group Policy to control access to Edge policies
Most enterprises use group policy to control which extensions can be run by the Edge browser. While you can add entries locally, it is best practice to specify these settings for your entire enterprise. This article discusses how to specify the following settings:
- Adding the extension to the force install list
- Adding the extension to the allow list
- Adding the messaging host to the native messaging allow list
Installing the extension
Explicitly allow the Edge extension in the Group Policy Editor to use the Edge extension when you create or run automations in the Microsoft Edge browser. There are two ways that you can allow the extension:
Force install the extension -- Best practice is to force install the extension because that also enables the extension.
Add the extension to the Allow list -- If you add the extension to the Allow list, then end users must enable the extension when they open Edge.
Download and install the Administrative Templates for Edge for group policy before you allow the extension. Download the templates from the following website:
https://www.microsoft.com/en-us/edge/business/download
Force installing the Edge extension
Force install the Microsoft Edge extension when you create or run automations in the Microsoft Edge browser to install and enable the extension.
- In the Search box the Taskbar, enter Run.
- In the Run dialog box, enter gpmc.msc.
Run dialog box - In the Group Policy Management console, select and enable Control which extensions are installed silently.
- In the Control which extensions are installed silently dialog box, add an entry to the update.xml file a value that includes the extension ID and the path to the update.xml file for the browser extension. The following is an example:
Software\Policies\Microsoft\Edge\ExtensionInstallForcelist\1 = iodegoagldeabbkcidchfdifcghijihb;file:///C:/Program Files (x86)/Pegasystems/Pega Browser Extension/BrowserExtensions/Edge/update.xml
- Installing the Pega Browser Extension creates the update.xml
file in the Pegasystems/Pega Browser Extension/BrowserExtensions/Edge directory. You can complete this step before or after you set up the group policy setting.
Adding the Edge extension to the Allow List
Add the Microsoft Edge extension to the group policy allow list when you create or run automations in the Microsoft Edge browser to install the extension.
- From the Taskbar, enter Run.
- In the Run dialog box, enter gpmc.msc.
Run dialog box - In the Group Policy Management console, select and enable Allow specific extensions to be installed.
- In the Allow specific extensions to be installed field, add a value with the extension ID. The following is an example:
Software\Policies\Microsoft\Edge\ExtensionInstallAllowlist\1 = iodegoagldeabbkcidchfdifcghijihb
Ensuring that the Edge extension can connect to the Messaging Host
If you use a Microsoft Group Policy Object (GPO) to control Edge policies, and you enable the Configure native messaging block list setting in the Native Messaging section to block all extensions, perform the following steps to provide Robot Studio and Robot Runtime with the access they need to function correctly.
- Start the Microsoft Group Policy Management Console.
- Select Computer Configuration > Administrative Templates > Microsoft Edge > Native Messaging
- In the Control which native messaging hosts users can use setting, add the messaging-host executable so that messaging host is not blocked. The following is an example:
Software\Policies\Microsoft\Edge\NativeMessagingAllowlist\1 = pega.web.chrome.messaginghost- Save your changes and close the Group Policy Management Console.
What to do next: Enable the extension on each computer that you use to create or run automations.
Previous topic Using Microsoft Group Policy to control access to Chrome policies Next topic Robotic Process Automations and screen locking