PolicyPak: Manage Google Chrome using Group Policy, SCCM or your own management utility
PolicyPak: Manage Google Chrome
Hi. This is Jeremy Moskowitz, Group Policy MVP and Founder of PolicyPak Software. In this video, I’m going to show you how you can use PolicyPak Application Manager to dictate and enforce settings for Google Chrome.
If we take a look at some of the “Settings,” it turns out that Google already has a bunch of pretty good ideas preset. By way of example, if we take a look at some of the advanced settings they have this idea called “Enable phishing and malware protection.” That’s great, but a standard user can just uncheck that, close out Chrome, and there’s no enforcement of that. If you don’t use PolicyPak to enforce that, there’s really no way to lock that down. You can see that a standard user can just work around that.
Let’s take a look at “Content settings,” which are also pretty important here. One of my super all-time favorites is this idea of “Camera.” I don’t have a camera on this system, but if I did the particular camera would be available. You can see “Ask me when a site requires access to my camera and microphone.” Wouldn’t it be better if you could just dictate “Do not allow sites to access my camera and microphone” ensuring that your corporate secrets don’t fly out the building? Yeah, I think so too.
The last one is “Offer to save passwords I enter on the web.” I like this one. Maybe on my home PC it’s OK. But on my corporate PC, maybe offering to save passwords as they enter them on the web is not such a hot idea because if the bad guys get access to that corporate PC then they can just look at the history and start going around, and now those passwords are saved and they’ve got the keys to the castle. So maybe not such a hot idea. It’s on by default. Maybe we’ll set it to uncheck by default. So let’s do all those things using PolicyPak.
Using Group Policy, we’ll “Create a GPO in this domain, and link it here” over to our “East Sales Users.” We’ll call it “Manage Chrome via PPAM 1.” We’ll click “Edit,” and we’ll dive down to user side. You could do this on either the user or computer side. Just go to “New/Application” and there is “PolicyPak for Google Chrome.”
We can not only manipulate and manage settings for Chrome but also things like “Firefox,” Flash, “Java Control Panel,” “Open Office.” We have about 200-and-some-odd snap-ins or Paks that you can add in. I’m going to pick the “Google Chrome” Pak and just get started here.
I might even have a scenario where I want to dictate a set of settings for maybe my traveling sales guys and a different thing for my local sales guys or marketing or IT department. It’s very easily done using PolicyPak. I’ll go into that in a second.
The first thing is we want to go to “Advanced.” We saw that “Enable phishing and malware protection.” Let’s set it on. When we set it on, we’re going to be delivering the setting and locking it down so users can’t work around it.
We also want to ensure that “Offer to save passwords I enter on the web” is unchecked. It is checked by default. We want to uncheck it, and that’s what we’re doing right now.
If we go over to “Content Settings,” we’re looking for the “Camera” guy. Here we go, “Microphone” and “Camera.” “Do not allow sites to access my camera and microphone.” We’ll just dictate those settings and lock them down.
Now we could if we wanted to also do what’s called “Enable item level targeting” filters. We can say that this gaggle of settings is great for when my computer (“Operating System”) is a Windows 7 machine (“the operating system is Windows 7”). Or you could say when it’s a particular “User” group or they’re on an “IP Address Range” or any number of criteria. In this way, you can have one set of settings.
So maybe I will just specify that this description is “For my Win 7” machines. Then I can have another set of criteria for Google Chrome. Maybe I want to set the homepage and other various settings for when the item-level targeting is set for a particular “Security Group” like my IT members and so on. In this way, you can have two completely set unique sets of settings for different people and criteria based upon their conditions. Without PolicyPak, there’s really no way to do that.
I’m going to get rid of this entry because we don’t need it for this demonstration. We’re just dictating this to all of my computers that are Windows 7. We’ll go back over here. We’ll run “gpupdate” and we’ll just wait for Group Policy to process.
If you were using a Terminal Server, VDI, getting a new machine or logging on for the first time, you would just get this at logon time and it doesn’t add any additional processing power at logon time.
Now that that’s done, let’s take a look at “Google Chrome” here. We’ll go to “Settings” here, and let’s see what happened. Well, let’s go to advanced settings and look for the settings that we dictated. There’s the first one. “Enable phishing and malware protection” is now locked on and you can’t check it. The other one that we had was “Offer to save passwords I enter on the web.” I unchecked that. That setting was checked. I’ve now delivered uncheck, and the user can’t work around it.
If we go to the “Content settings” here, I’m looking for the “Camera” entry. There it is: “Microphone” and “Camera.” You can see it has now been set to “Do not allow sites to access my camera and microphone.” Now it’s hardcoded on.
Now what happens if the user changes job roles or the Group Policy Object no longer applies? Let’s go ahead and simulate that by right clicking over the Group Policy Object and clicking “Delete.” Now we’re pretending that the guy changed from sales to marketing, or if you were using one of those conditions like he was in the IT group and moved from IT to human resources or something, then this GPO would no longer apply.
In this case, we’ve set the Pak to revert those settings back so the user can now manipulate it. So you get some settings under control when you want them; the settings revert back when you don’t want them. We’ll go ahead and wait for Group Policy to finish, and then we’ll run Google Chrome.
We’ll see if we go to “Settings” here, that the settings that we set up in the advanced piece are now reverted. There we go. It’s now available for users to click on or click off, whatever they’re so inclined, as well as the “Offer to save passwords I enter on the web.” If we go back to the “Content settings” here, we’ll see it’s now also available for the user to manipulate the “Camera” and “Microphone” and so on.
That’s it for Google Chrome. Again, we have tons and tons of Paks to manage the applications your users use every day, and you know you need to make them more secure. If you’re interested in getting started, go ahead and sign up for a webinar or talk to our sales team. We’ll get you started with a trial. We’re looking forward to getting you on the PolicyPak train.
Thanks so much, and we’ll talk to you soon.