MB Enterprise

Menu
Admin

AWS setup instructions

Contents:

Deploying Chrome Extensions and Browser configurations with Active Directory GPO
Deploying Chrome Extensions and DNS over HTTPS (DoH) Using Windows Group Policy (GPO)
1. Introduction
2. Environment Setup
Prerequisites:
Environment Details:
3. Deploying Chrome Extensions via Group Policy 3
Step 1: Import Chrome ADMX Templates
Step 2: Configure Group Policy for Chrome Extension Deployment
Step 3: Apply the GPO
Verification:
4. Configuring DNS over HTTPS (DoH) Using Group Policy
Step 1: Configure DoH Settings in Group Policy
Step 2: Apply the GPO
Verification:
5. Restricting Other Browsers via Group Policy
6. Testing and Validation
Testing Chrome Extension Deployment:
Testing DoH:
7. Compliance and Reporting
Compliance Reports:
Screenshots:
8. Conclusion
Summary:
Future Recommendations:

Deploying Chrome Extensions and DNS over HTTPS (DoH) Using Windows Group Policy (GPO)

1. Introduction

  •  Purpose: This guide outlines the deployment of a Chrome extension and DNS over HTTPS (DoH) configuration using Windows Group Policy (GPO).
  • Scope: Applies to Windows Server environments utilizing Group Policy Management for domain-joined devices.

2. Environment Setup

Prerequisites:

  • Windows Server: A Windows Server 2019 or later with Group Policy Management installed.
  • End-User Devices: Windows 10/11 domain-joined systems.
  • Google Chrome ADM/ADMX Files: Download and import the Chrome ADMX files from Google Policy Templates.

Environment Details:

  • Server: Windows Server 2019, acting as the Group Policy host.
  • Client Devices: Windows 10/11 devices joined to the domain.
  • Chrome Version: Ensure the same Chrome version across all systems for consistency.

3. Deploying Chrome Extensions via Group Policy

Step 1: Import Chrome ADMX Templates

  1. Download the latest Chrome policy templates from the official website.
  2. Copy the ADMX files to:
    • %SYSTEMROOT%\PolicyDefinitions on the domain controller.
  3. Copy the ADML files to:
    • %SYSTEMROOT%\PolicyDefinitions\<language> (e.g., en-US).

Step 2: Configure Group Policy for Chrome Extension Deployment

  1. Open Group Policy Management Console (GPMC).
  2. Right-click your desired Organizational Unit (OU) and select Create a GPO in this domain and link it here.
  3. Name the GPO (e.g., “Chrome Extension Deployment”).
  4. Edit the GPO:
  • Navigate to:
    User Configuration > Administrative Templates > Google > Google Chrome > Extensions.
  • Enable Configure the list of force-installed apps and extensions.

Add the extension ID in the following format:
bash
Copy code
mhkgegcmcapcgmnnloigolapjkajgfmd;https://clients2.google.com/service/update2/crx

5. Save and close the GPO editor.

Step 3: Apply the GPO

  • Ensure the GPO is linked to the target OU containing the relevant user accounts or devices.

Verification:

    • On client devices, open Chrome and navigate to chrome://extensions.
    • Confirm the extension is installed and active.

4. Configuring DNS over HTTPS (DoH) Using Group Policy

Step 1: Configure DoH Settings in Group Policy

  1. Open the previously created GPO or create a new one.
  2. Navigate to:
    User Configuration > Administrative Templates > Google > Google Chrome > DNS.
  3. Configure the following settings:
    • Enable DNS over HTTPS (DoH): Set to Enabled.
    • Set the DoH templates:

Use the following JSON:
json
Copy code
{

  “DnsOverHttpsMode”: “Secure”,

  “DnsOverHttpsTemplates”: “https://dns.mbsmartservices.net/pprox2.php/nv-xxxcOFTAnQPql-lfX3YNtKEC”

Step 2: Apply the GPO

    • Link the GPO to the appropriate OU.

Verification:

    • Open Chrome and navigate to chrome://settings/security.
    • Ensure that DoH is enabled.
    • Use tools like chrome://net-internals/#dns or external sites (e.g., 1.1.1.1/help) to verify the configuration.

5. Restricting Other Browsers via Group Policy

Block Non-Chrome Browsers:

    • Create a new GPO.
    • Navigate to:
      Computer Configuration > Policies > Administrative Templates > System > Application Compatibility.
    • Enable Block access to specific applications.
    • Add executables of other browsers (e.g., firefox.exe, msedge.exe).

6. Testing and Validation

Testing Chrome Extension Deployment:

    1. Verify that the extension is force-installed on target devices.
    2. Open chrome://extensions to check if the extension is active.

Testing DoH:

    1. Use chrome://net-internals/#dns to ensure that DoH is resolving DNS queries.
    2. Test with external tools like 1.1.1.1/help to validate DoH functionality.

6. Testing and Validation

Testing Chrome Extension Deployment:

    1. Verify that the extension is force-installed on target devices.
    2. Open chrome://extensions to check if the extension is active.

Testing DoH:

    1. Use chrome://net-internals/#dns to ensure that DoH is resolving DNS queries.
    2. Test with external tools like 1.1.1.1/help to validate DoH functionality.

7. Compliance and Reporting

Compliance Reports:

    • Use the Windows Event Viewer to check GPO application logs under Applications and Services Logs > Microsoft > Windows > GroupPolicy > Operational

Screenshots:

      1. Capture screenshots from:
        • chrome://extensions for extension deployment.
    • chrome://settings/security for DoH activation

8. Conclusion

Summary:

    • Successfully deployed Chrome extensions and DoH settings via GPO.
    • Validated the configuration on both virtual and physical machines.

Future Recommendations:

      • Periodically update Chrome ADMX templates to ensure compatibility with new policies.
      • Consider scripting GPO compliance checks using PowerShell for large environments.
Scroll to Top