Skip to main content

Deploy Browser Guard to Chrome using Group Policy

This article guides you through deploying the Malwarebytes Browser Guard extension to Google Chrome on your endpoints using Group Policy. You need the Enterprise version of google chrome for this process: https://cloud.google.com/chrome-enterprise/browser/download/ 

You can add the Malwarebytes Browser Extension to protect your Chrome browser by downloading from the Chrome Web Store. This works for individual users, but Group Policy is required to deploy an extension to a large number of users in your organization.

 

Deploy extensions via Group Policy overview

Deploying extensions via Group Policy consists of two parts:
  1. Retrieve the extension ID and the update URL of the Chrome extension.
  2. Enable and configure Chrome extensions in a Group Policy
To add an extension to a Group Policy, two values must be known: the extension ID and an "update" URL. These two values must be entered as one string, but separated by a semicolon (;). For example, the concatenated string of the extension ID and update URL for the Malwarebytes extension version 1.0.4. is as follows:
ndjpnladcallmjemlbaebfadecfhkepb;https://clients2.google.com/service/update2/crx

 

Retrieve extension ID and update URL

To begin, manually install the extension from the Chrome Web Store on your (test) system. The URL of the Chrome extension also contains the extension's ID. You can copy it directly from the browser's address bar. The update URL is the same for all extensions, namely: https://clients2.google.com/service/update2/crx. Installing the extension on a (test) system is not necessary, but recommended. You can test the extension before deploying to your users and can check for any additional, configurable settings (options). Inform your users about these additional options.
  1. On your test system, open the extensions tab in Chrome to retrieve the extension ID. Either enter chrome://extensions in the address bar or open the extensions tab via the menu:
    Deploying-Google-Chrome-extensions-using-Group-Policy-Chrome-view-extensions.jpg
  2. Enable developer mode. The ID of each individual extension appears.
    DOC-3163-1.png
    Copy this ID in Notepad. you need this information in the next step.
  3. Chrome extensions are installed on a per-user basis. The installation directory is:
    C:\Users\%UserName%\AppData\Local\Google\Chrome\UserData\Default\Extensions
    DOC-3163-2.png
  4. The extension ID is equal to the name of the folder. Open the directory that corresponds with the ID of your extension, in our case ihcjicgdanjaechkgeegckofjjedodee (= the ID of Malwarebytes extension).
  5. Open the subdirectory representing the version of the extension. In the root of this directory you should find the file manifest.json. Open this file in Notepad.
  6. Search for the string update_url. Here you will find the update URL:
    DOC-3163-3.png
  7. Reference: https://developer.chrome.com/extensions/autoupdate
    Now you have the needed values. Copy them together in one string. Make sure to separate them using a semicolon (as shown in the beginning of this paragraph):

    ihcjicgdanjaechkgeegckofjjedodee;https://clients2.google.com/service/update2/crx

Configure Group Policy setting to deploy Chrome extension

  1. Import the template in the following: https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip
  2. Copy all .ADMX files to your local Administrative Templates store or Central Store C:\Windows\PolicyDefinitions.
  3. Copy all language file to the language folder In your local Administrative Templates Store or Central Store C:\Windows\PolicyDefinitions\en-US.
  4. To force-install extensions, open your Group Policy Management console (dsa.msc) and go to User Configuration \ Administrative Templates \ Google\  Google Chrome \ Extensions. Go to the setting Configure the list of force-installed apps and extensions and enable it.
    Deploying-Google-Chrome-extensions-using-Group-Policy-Group-Policy-enable-extensions.jpg
  5. Click the Show button and enter the string you created in the previous section:
    ihcjicgdanjaechkgeegckofjjedodee;https://clients2.google.com/service/update2/crx

    DOC-3163-4.png

Now the policy setting is configured. On the next Group Policy refresh and the users automatically receive the required extension.
 
Note: Make sure that developer mode is disabled on the extensions tab as it might prevent the extension from being installed. When you remove the extension from the Configure the list of force-installed apps and extensions policy setting, the extension is automatically removed from Chrome for all users to whom the Group Policy applies.

 

Related articles