[German]Small information/reminder for administrators who use Google Chrome in corporate environments on Windows and manage the installation of Chrome Extensions by users via group policies. As of Chrome 86, the naming of a policy has changed – those who have not considered the ADMX entries in question are walking into a trap – users can install arbitrary extensions in Chrome.
Advertising
Block list Chrome extensions
Google provides administrators with policies to manage the Google Chrome browser on Windows. For example, in order to manage the extensions that users are allowed to install on Chrome, there was a policy "Configure block list for installing extensions", which refers to the keys:
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
and was managed via Software\Policies\Google\Chrome\ExtensionInstallBlacklist. However, Google has deemed this policy to be outdated, it should no longer be used.
Caught in the trap
The whole thing has already changed with Chrome version 86 – so should be known to administrators. But the following tweet from Julian Mooren (Senior Consultant Citrix Technology) caught my eye.
Mooren was surprised that Google Chrome users could suddenly install all Chrome extensions from the store in Virtual Desktops. He had defined a nice blacklist via group policy. When he looked it up, he found out that Google had renamed the policy with build 86 of the Chrome browser. Instead of ExtensionInstallBlacklist the key is now called ExtensionInstallBlocklist.
Advertising
Only one letter in the name has changed – easy to overlook. As a result, extensions are no longer blocked. Those who use the updated ADMX files for Chrome can use the new blacklist policy. But probably all this is known for a long time.
Advertising
