Deploying Keeper Chrome Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Google Chrome templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Chrome Policy Templates

On your domain controller, navigate to the URL, provided below, and download the correct 32 or 64 bit zip bundle. Extract the Google Chrome bundle to your desired location. Ex: C:\temp

https://chromeenterprise.google/browser/download

1. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.admx file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx directory to C:\Windows\PolicyDefinitions OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx directory to C:\Windows\PolicyDefinitions

2. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.adml file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US

Step 3: Create or Configure your Chrome Policy

1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Chrome Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

2. Name the policy something relevant. Ex: “Chrome Policy”

3. Once created, right click the new policy and select Edit.

4. Expand out Chrome Policy -> Computer Configuration -> Policies -> Administrative Templates -> Google Chrome -> Extensions then Right click and Edit the “Configure the list of force-installed apps and extensions”

5. Tick the Enable button, and then click the Show button.

6. Add the following text and click OK.

bfogiafebfohielmmehodmfbbebbbpei;https://clients2.google.com/service/update2/crx

7. Click Apply, and then click OK

8. Disable Chrome's Built-In Password Manager by navigating to Google Chrome -> Password manager and then Right click and Edit the “Enable saving passwords to the password manager”

9. Tick the "Disabled" button, and then click Apply, and then click OK.

10. Following the same process as steps 8 - 9, direct within Google Chrome Administrative Templates Policy definitions, Disable Chrome's AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Google Chrome Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users, and select Link an Existing GPO.

13. Select the “Chrome Policy” and click “OK”

For any PC within that OU, the “Chrome Policy” will automatically install the Keeper Security Browser Extension, if Chrome is installed on those PCs as well as disable Chrome's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Chrome Policies

On a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.

gpupdate /force

You may need to close and reopen Google Chrome before the new policies appear.

1. In Azure, open Intune and then select Devices.
2. Select Configuration profiles.
3. Select + Create profile.
4. For Platform, select Windows 10 and later. For Profile type, select Templates. For Template name, select Administrative templates. Select Create.
5. For Name, enter "Keeper-Chrome". For Description, enter "Keeper Web Extension for Chrome Browser". Select Next.

6. In Configuration settings, open the Google folder by double-clicking it.
7. Open the Google Chrome folder by double-clicking it.
8. Open the Extensions folder by double-clicking it.
9. Open the Configure the list of force-installed apps and extensions setting by double-clicking it.
10. For Support on: Microsoft 7 or later, select Enabled. For Extension/App IDs and update URLs to be silently installed, paste "bfogiafebfohielmmehodmfbbebbbpei;https://clients2.google.com/service/update2/crx". Select OK.
11. Make sure that the State for your setting is Enabled, and then select Next.
12. Select Next

13. Select Add Groups

14. Select the group that you are deploying the Keeper Extension to. Example: KeeperUsers

15. Make sure that Groups lists all groups you want to deploy to and select Next.
16. Select Create

The policy is now active. If a plan member hasn't enrolled with Intune, they'll be prompted to do so when they sign in on a managed device. After they enroll, the Keeper web extension is installed automatically.

There are many options to deploy the Keeper Browser Extension (KeeperFill) to browsers on Windows machines including Group Policy, SCCM and Intune.

Sample reference guides are linked below:

• Group Policy Deployment - Chrome

• Group Policy Deployment - Firefox

• Group Policy Deployment - Edge

• SCCM Deployment - Chrome

• Intune - Edge

• Intune - Chrome

• Edge Settings Policy

• Chrome Settings Policy

Deploying Keeper Chrome Browser Extension via SCCM

This is a general guide in which describes how to utilize SCCM, against Google Chrome templates, to deploy the Keeper Browser extension to all desired PCs in your organization.

Step 1: Configuration Item

Create a new Configuration Item. This can be done within the Configuration Manager console, in the Assets and Compliance work space. Give it a suitable name, like Keeper Browser Extension, and click Next.

Step 2: Platform Selection

Select the appropriate platforms in which this Configuration will apply to and click Next.

Step 3: Create New Settings Configuration

Create a new settings configuration by clicking New.

Configure the new settings, as shown below, and click OK.

Step 4: Create New Compliance Rule

Now click on the "Compliance Rules" tab and click on New.

Configure the new compliance rules, as shown below, and click OK.

Click OK to create the new compliance rule.

Click Close to finish the new configuration item wizard.

Step 5: Configuration Baseline

In order to deploy this Configuration item, you need a baseline unless you have an existing baseline you would rather use.

Create a new Configuration Baseline in the Configuration Manager console, in the Asset and Compliance work space. Give it a suitable name and click Add > Configuration Item.

Add your newly created Keeper Browser Extension Configuration Item, shown within the Available Configuration Items pane and click OK.

Finish creating the new Configuration Baseline by clicking on OK.

Step 6: Deployment

Finally!!!! The Configuration Baseline containing the Keeper Browser Extension Configuration Item needs to be deployed. When deploying a baseline, remember to tick ON the Remediate noncompliant rules when supported. Also, consider how often the compliance should be evaluated. For ex: Group policies updates, by default, every 90 minutes. If this is replacing a GPO, consider to lower the policies update interval. Click OK to complete the configuration baseline.

Step 7: End user experience

Once the SCCM client has updated its policies, per device, and the Configuration Baseline has run, on a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.

Deploying Keeper Edge Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Microsoft Edge templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Edge Policy Templates

1. On your domain controller, go to the Microsoft Edge Enterprise landing page to download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab), by clicking on "Get Policy Files" and extract the contents to your desired location. Ex: C:\temp

https://www.microsoft.com/en-us/edge/business/download

2. Browse to the directory in which you saved the downloaded MicrosoftEdgePolicyTemplates.zip file. Extract the contents of the MicrosoftEdgePolicyTemplates.zip file to your desired location. Ex: C:\temp

Step 2: Adding Edge .admx and .adml files to Group Policy

1. Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.admx file located within the \windows\admx directory to C:\Windows\PolicyDefinitions

2. Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.adml file located within the \windows\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US

Step 3: Create or Configure your Edge Policy

1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Edge Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

2. Name the policy something relevant. Ex: “Edge Policy”

3. Once created, right click the new policy and select Edit.

4. Expand out Edge Policy -> Computer Configuration -> Policies -> Administrative Templates -> Microsoft Edge -> Extensions then Right click and Edit the “Control which extensions are installed silently”

5. Tick the Enable button, and then click the Show button.

6. Add the following text and click OK.

lfochlioelphaglamdcakfjemolpichk;https://edge.microsoft.com/extensionwebstorebase/v1/crx

7. Click Apply, and then click OK

8. Disable Edge's Built-In Password Manager by navigating to Microsoft Edge -> Password manager and protection and then Right click and Edit the “Enable saving passwords to the password manager”

9. Tick the "Disabled" button, and then click Apply, and then click OK.

10. Following the same process as steps 8 - 9, directly within Microsoft Edge Administrative Templates Policy definitions, Disable the Edge AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Microsoft Edge Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users and select Link an Existing GPO.

13. Select the “Edge Policy” and click “OK”

For any PC or User within that OU, the “Edge Policy” will automatically install the Keeper Security Browser Extension, if Edge is installed on those PCs, as well as disable the Edge browser, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Edge Policies

On a target client device, open Microsoft Edge and navigate to edge://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by navigating to edge://extensions and ensuring your extensions are being forcefully installed.

gpupdate /force

You may need to close and reopen Microsoft Edge before the new policies appear.

1. In Azure, open Intune, and then select Devices.
2. Select Configuration profiles.
3. Select + Create profile.
4. For Platform, select Windows 10 and later. For Profile type, select Templates. For Template name, select Administrative templates. Select Create.
5. For Name, enter "Keeper-Edge". For Description, enter "Keeper Web Extension for Edge Browser". Select Next.

6. In Configuration settings, open the Microsoft Edge folder by double-clicking it.
7. Open the Extensions folder by double-clicking it.
8. Open the Configure which extensions are installed silently setting by double-clicking it.
9. For Support on: Microsoft Windows 7 or later, select Enabled. For Extension/App IDs and update URLs to be silently installed, paste "lfochlioelphaglamdcakfjemolpichk;https://edge.microsoft.com/extensionwebstorebase/v1/crx". Select OK.
10. Make sure that the State for your setting is Enabled, and then select Next.
11. Select Next.
12. Select Add groups.
13. Select the Azure AD Groups that you are deploying the Keeper browser extension to. In this example, the group is called "KeeperUsers". Select Next.

14. Make sure that Groups lists all groups you want to deploy to and select Next.
15. Select Create.

The policy is now active. If a plan member hasn't enrolled with Intune, they'll be prompted to do so when they sign in on a managed device. After they enroll, the Keeper web extension is installed on Microsoft Edge automatically.

Deploying Keeper Firefox Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Firefox Policy Templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Firefox Policy Templates

On your domain controller, download the zip file and extract the Firefox Policy Template file to your desired location. Ex: C:\temp

https://github.com/mozilla/policy-templates/releases

Step 2: Adding Firefox .admx and .adml files to Group Policy

1. Navigate to the directory in which you extracted the Firefox Policy Template file and copy the firefox.admx file located within the \policy_templates_v.(version)\windows directory to C:\Windows\PolicyDefinitions

2. Navigate to the directory in which you extracted the Firefox Policy Template file and copy the firefox.adml file located within the \policy_templates_v.(version)\windows\en-US directory to C:\Windows\PolicyDefinitions\en-US

Step 3: Create or Configure your Firefox Policy

1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Firefox Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

2. Name the policy something relevant. Ex: "Firefox Policy”

3. Once created, right click the new policy and select Edit.

4. Expand out Firefox Policy -> Computer Configuration -> Policies -> Administrative Templates -> Firefox -> Extensions then Right click and Edit the “Extensions to Install”

5. Tick the Enable button, and then click the Show button.

6. Add the full hyperlink to the Add-on from Mozilla, like below:

https://addons.mozilla.org/firefox/downloads/latest/keeper-password-manager/latest.xpi

7. Click Apply, and then click OK

8. Now proceed to right clicking and Edit the “Prevent extensions from being disabled or removed”

9. Add the URL again from Step 6 above in the value field.

10. Click Apply, and then click OK

11. Disable the Firefox Built-In Password Manager by navigating direct within Firefox Administrative Templates Policy definitions and then Right click and edit both the Offer to save logins and Offer to save logins (default) and set to Disabled, Click Apply and then OK.

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, and select Link an Existing GPO.

13. Select the “Firefox Policy” and click “OK”

For any PC within that OU, the “Firefox Policy” will automatically install the Keeper Security Browser Extension, if Firefox is installed on those PCs as well as disable Firefox's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Firefox Policies

On a target client device, open Firefox and navigate to about:policies to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

gpupdate /force

You may need to close and reopen Firefox before the new policies appear.

The behavior and settings of the Chrome extension can be customized through the ExtensionSettings policy on Windows, Mac and Linux.

Please see the below link to learn about the various settings can be applied:

The behavior and settings of the Microsoft Edge extension can be customized through the ExtensionSettings policy on Microsoft Windows devices.

Please see the below link to learn about the various settings can be applied: