Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Using Microsoft Group Policy to control access to Chrome policies

Suggest edit Updated on November 10, 2022

Most enterprises use group policy to control which extensions can be run by the Chrome browser. While you can add entries locally, it is best practice to specify these settings for your entire enterprise. This article discusses how to specify the following settings:

    Installing the extension

    Explicitly allow the Chrome extension in the Group Policy Editor to use the Chrome extension when you create or run automations in the Google Chrome browser. There are two ways that you can allow the extension:

    • Force installing the extension -- Best practice is to force install the extension because that also enables the extension.
    • Add the extension to the Allow list -- If you add the extension to the Allow list, then your end users must enable the extension when they open Chrome.

    Download and install the Administrative Templates for Chrome for group policy before you allow the extension. Download the templates from the following website:

    https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

    Force installing the Chrome extension

    Force install the Google Chrome extension when you create or run automations in the Google Chrome browser to install and enable the extension.

    1. In the Search box the Taskbar, enter Run.
    2. In the Run dialog box, enter gpmc.msc.
       
      Starting the Group Policy Management console
      Run dialog box
    3. In the Group Policy Management console, select Administrative Templates > Google > Google Chrome > Extensions and enable Configure the list of force-installed apps and extensions.
    4. In the Configure the list of force-installed apps and extensions dialog box, add an entry to the update.xml file a value that includes the extension ID and the path to the update.xml file for the browser extension. The following is an example:
    iodegoagldeabbkcidchfdifcghijihb;file:///C:/Program Files (x86)/Pegasystems/Pega Browser Extension/BrowserExtensions/Chrome/update.xml
    1. Installing the Pega Browser Extension creates the update.xml file in the following directory:

      Pegasystems/Pega Browser Extension/BrowserExtensions/Chrome
      Note: You can complete this step before or after you set up the group policy setting.

    Adding the Chrome extension to the Allow List

    Add the Google Chrome extension to the group policy allow list when you create or run automations in the Google Chrome browser to install the extension.

    1. From the Taskbar, enter Run.
    2. In the Run dialog box, enter gpmc.msc.
       
      Starting the Group Policy Management console
      Run dialog box
    3. In the Group Policy Management console, select Administrative Templates > Google > Google Chrome > Extensions and enable Configure extension installation allow list.
    4. In the Configure extension installation allow list dialog box, add a value with the extension ID. The following is an example:
    Software\Policies\Google\Chrome\ExtensionInstallAllowlist\1 = iodegoagldeabbkcidchfdifcghijihb

    What to do next: Enable the extension on each computer that you use to create or run automations.

    Ensuring that the Chrome extension can connect to the Messaging Host

    If you use a Microsoft Group Policy Object (GPO) to control Chrome policies, and you enable the Configure native messaging block list setting in the Native Messaging section to block all extensions, perform the following steps to provide Robot Studio and Robot Runtime with the access they need to function correctly.

    1. Start the Microsoft Group Policy Management Console.
    2. Select Computer Configuration > Administrative Templates > Google > Google Chrome > Native Messaging.
    3. In the Configure native messaging allowlist setting, add the messaging-host executable so that messaging host is not blocked. The following is an example:
    Software\Policies\Google\Chrome\NativeMessagingAllowlist\1 = pega.web.chrome.messaginghost
    1. Save your changes and close the Group Policy Management Console.
    Did you find this content helpful? YesNo

    Have a question? Get answers now.

    Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

    We'd prefer it if you saw us at our best.

    Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

    Close Deprecation Notice
    Contact us