Using Microsoft Group Policy to control access to Chrome policies
Most enterprises use group policy to control which extensions can be run by the Chrome browser. While you can add entries locally, it is best practice to specify these settings for your entire enterprise. This article discusses how to specify the following settings:
- Adding the extension to the force install list
- Adding the extension to the allow list
- Adding the messaging host to the native messaging allow list
Installing the extension
Explicitly allow the Chrome extension in the Group Policy Editor to use the Chrome extension when you create or run automations in the Google Chrome browser. There are two ways that you can allow the extension:
- Force installing the extension -- Best practice is to force install the extension because that also enables the extension.
- Add the extension to the Allow list -- If you add the extension to the Allow list, then your end users must enable the extension when they open Chrome.
Download and install the Administrative Templates for Chrome for group policy before you allow the extension. Download the templates from the following website:
https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
Force installing the Chrome extension
Force install the Google Chrome extension when you create or run automations in the Google Chrome browser to install and enable the extension.
- In the Search box the Taskbar, enter Run.
- In the Run dialog box, enter gpmc.msc.
Run dialog box - In the Group Policy Management console, select and enable Configure the list of force-installed apps and extensions.
- In the Configure the list of force-installed apps and extensions dialog box, add an entry to the update.xml file a value that includes the extension ID and the path to the update.xml file for the browser extension. The following is an example:
iodegoagldeabbkcidchfdifcghijihb;file:///C:/Program Files (x86)/Pegasystems/Pega Browser Extension/BrowserExtensions/Chrome/update.xml
Installing the Pega Browser Extension creates the update.xml file in the following directory:
Pegasystems/Pega Browser Extension/BrowserExtensions/Chrome
Adding the Chrome extension to the Allow List
Add the Google Chrome extension to the group policy allow list when you create or run automations in the Google Chrome browser to install the extension.
- From the Taskbar, enter Run.
- In the Run dialog box, enter gpmc.msc.
Run dialog box - In the Group Policy Management console, select and enable Configure extension installation allow list.
- In the Configure extension installation allow list dialog box, add a value with the extension ID. The following is an example:
Software\Policies\Google\Chrome\ExtensionInstallAllowlist\1 = iodegoagldeabbkcidchfdifcghijihb
What to do next: Enable the extension on each computer that you use to create or run automations.
Ensuring that the Chrome extension can connect to the Messaging Host
If you use a Microsoft Group Policy Object (GPO) to control Chrome policies, and you enable the Configure native messaging block list setting in the Native Messaging section to block all extensions, perform the following steps to provide Robot Studio and Robot Runtime with the access they need to function correctly.
- Start the Microsoft Group Policy Management Console.
- Select Computer Configuration > Administrative Templates > Google > Google Chrome > Native Messaging.
- In the Configure native messaging allowlist setting, add the messaging-host executable so that messaging host is not blocked. The following is an example:
Software\Policies\Google\Chrome\NativeMessagingAllowlist\1 = pega.web.chrome.messaginghost- Save your changes and close the Group Policy Management Console.
Previous topic Pega Browser Extension FAQ Next topic Using Microsoft Group Policy to control access to Edge policies