Since I posted about using a Windows GPO to manage Google Chrome’s extensions, I didn’t want to leave out OS X admin’s from Google Chrome management fun.
Before we dive in too deep let’s get this out of the way. Google offers two options for managing Chrome’s settings:
- Master Preferences (Think of these as default settings or suggestions)
- User and Machine Policy (These are NOT changeable by the user. This will block or uninstall any extension added to this list). This is what I will focus on in this article.
To use policy on a Mac, Google provides each copy of Google Chrome with a Managed Preference Manifest file buried deep within the application bundle:
(Yes, that’s two /Contents/Resources/com.google.Chrome.manifest’s deep. Don’t ask me why)
However, Google decided to leave out many of the description field (pfm_title) so if you pull this into your Casper Server (Or Workgroup Manager, etc) you will either be presented with an error or have a long list of blank preferences. Luckily Ben Courtade was kind enough to update all these fields and upload them to JAMFNation for download here: Google Chrome Managed Preference Manifest.
If you have enabled Managed Preference This can easily be imported in the JSS as a Manual Setting in a Managed Preference profile.
First, create a new Managed Preference by logging in, clicking on the Computers top tab, then the Managed Preference side tab. Once in the Managed preference window, click the (+) sign next to New to begin.
Then, scroll all the way down in the options to find the Custom tab. Click the (+) sign next to Upload Manifest and upload the downloaded Google Chrome manifest into the new manifest window.
You will then be presented with all of the options that Google allows to be managed through a preference manifest. The one we are interested in is ExtensionBlacklist. Tap the (+) sign and then the (+) next to Add ExtensionBlacklist to configure further.
From here, you can do one of two things:
- Disable plugins completely. Simply type in an asterisk “*“
- Configure individual blocked plugins by Extension ID
How do you find the extension id? It’s fairly easy. Take this extension for example:
The highlighted section of the URL is the Extension ID. It’s that simple. Find the unwanted Extension, copy the last part of the URL into the Managed Preference and apply to your managed machines.
You can have multiple extensions in this list. Just compile the ID’s, click edit and add all that you need.
My only complaint is you will have to keep an external list to keep a human-readable list of which ID’s go with with extensions.
The next thing that has been added to my to-do list is to try converting this to a Configuration Profile using Tim Sutton’s MCX to Profile utility. I will post an update when/if I get around to testing this more thoroughly.
Edit: It appears there are some issues with Yosemite and managed preferences with mobile directory accounts. I haven’t verified this on my own setup at this time, but be aware it is out there.