Deploy Edge v77+ (Chromium) extension 1.1.7 via group policy
Follow the steps below in order to configure a GPO that installs and enables the Impero Education Pro chrome extension for web filtering and history logging. in MS Edge.
Allow clients2.googleusercontent.com in any filtering so that the Extension can be downloaded to the device
To download the new version of MS Edge if you haven't already you can find the Enterprise version here which comes as an *.msi file which can be deployed through group policy - https://www.microsoft.com/en-us/edge/business/download
1. Download the Edge Administrative Templates from here: https://www.microsoft.com/en-us/edge/business/download
You are required to specify the required fields and click on the "GET POLICY FILES" button.
2. Open Group Policy Management.
3. Create a new GPO for the policy (or add to an existing policy).
4. Right-click on your GPO, and select “Edit”.
5. You then see the “Group policy management Editor” window.
6. Expand the Computer/User configuration tree on the left-hand side, depending on how you want to configure your policy.
7. Right-click on “Administrative templates” and select “Add/Remove Templates”.
8. Click on “Add”.
9. Browse to the templates you downloaded in step 2 and open the “msedge.adm” template that is relevant to your operating system and Language.
10. Once uploaded, expand to the following path (may vary depending on your OS) on the left of the Group policy management editor:
“Computer/User configuration > Policies > Administrative templates > Classic administrative templates > Microsoft Edge > Extensions > ”
11. On the right-hand side, select “Configure the list of force-installed extensions”
12. Right-click and select “Edit”.
13. Mark the “Enabled” button.
14. Click on the “Show…” button.
15. Under the “Value” column, enter the following:
pdmhilamamchgnnipghbjakjpbenbcdj;https://clients2.google.com/service/update2/crx (This is the Google Chrome Based extension which will also work on MS Edge v77+)
* Microsoft do not allow extensions from the Chrome store to be force installed to Edge unless the Windows machine is joined to a domain. For this reason, this policy does not work when applied locally. See https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#extensioninstallforcelist
(Please make sure you have no blank spaces in the Value Box Below)
16. Click on “OK”, followed by “Apply”.
17. You may also wish to disable “InPrivate Mode” and "guest mode".
18. In the same GPO, on the left-hand side, browse to:
“Policies > Classic Administrative Templates > Microsoft Edge”
19. On the right-hand side, locate “Configure InPrivate mode availability”
20. Right-click and select “Edit”.
21. In the new window, “Enable” this policy item.
22. From the “Configure InPrivate mode availability” drop-down list, select “InPrivate mode disabled.”
23. Click on “OK”, followed by “Apply”.
24. On the right-hand side, locate “Enable guest mode”.
25. Right-click and select “Edit”.
26. In the new window “Disable” this policy item.
27. Click on “OK”, followed by “Apply”.
28. You may want to disable the ability for users to end processes in the Browser Task Manager
As this stops logging and blocking. To do this you can navigate to the following location.
"Policies > Administrative Templates > Classic Administrative Templates > Microsoft Edge > "
Look for the following Object > "Enable ending processes in Browser Task Manager" and set to Disabled.
This allows the users to open the Browser Task Manager but disables the "End Process Button".
29. You may want to disable or block Edge notifications completely or from specific sites. To do this you can use the following policies.
User or Computer Configuration > Administrative Templates > Classic Administrative Templates > Microsoft Edge > Content Settings > Look for "Default notification setting" and set to enabled and set the setting to "Do not allow any site to show desktop notifications".
29a. You can also set specific sites not to show notifications on the following policy;
User or Computer Configuration > Administrative Templates > Classic Administrative Templates > Microsoft Edge > Content Settings > Look for "Block notifications on these sites" and set to enabled and set the list of sites you want to block.
Here is an example of what needs to be put in;
https://docs.microsoft.com/DeployEdge/microsoft-edge-policies#notificationsblockedforurls
30. Back in the Group Policy Management window, assign this policy to users/computers as normal.
31. Users affected by this GPO should now see the Edge extensions installed and enabled automatically (once the GPO has updated on their machine).
32. If running Sophos, add the following exclusion.
Comments
0 comments
Please sign in to leave a comment.