All pages
Powered by GitBook
1 of 9

Windows

Deploying KeeperFill to Windows devices using device management platforms

There are many options to deploy the Keeper Browser Extension (KeeperFill) to browsers on Windows machines including Group Policy, SCCM and Intune.

Sample reference guides are linked below:

Group Policy Deployment - Chrome

Deploying KeeperFill via Group Policy

Deploying Keeper Chrome Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Google Chrome templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Chrome Policy Templates

On your domain controller, navigate to the URL, provided below, and download the correct 32 or 64 bit zip bundle. Extract the Google Chrome bundle to your desired location. Ex: C:\temp

https://chromeenterprise.google/browser/download

  1. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.admx file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx directory to C:\Windows\PolicyDefinitions OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx directory to C:\Windows\PolicyDefinitions

  2. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.adml file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US

NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES

Step 3: Create or Configure your Chrome Policy

  1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Chrome Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

Creating a new Policy

2. Name the policy something relevant. Ex: “Chrome Policy

Policy Name

3. Once created, right click the new policy and select Edit.

Editing a Group Policy

4. Expand out Chrome Policy -> Computer Configuration -> Policies -> Administrative Templates -> Google Chrome -> Extensions then Right click and Edit the “Configure the list of force-installed apps and extensions

If this Policy will apply to Users instead of Computers, the Edge Policies you will be expanding will be located under User Configuration -> Policies -> Administrative Templates -> Google Chrome

Configure Forced Installed Extensions

5. Tick the Enable button, and then click the Show button.

Show Forced Extensions

6. Add the following text and click OK.

bfogiafebfohielmmehodmfbbebbbpei;https://clients2.google.com/service/update2/crx
Extension Policy

7. Click Apply, and then click OK

8. Disable Chrome's Built-In Password Manager by navigating to Google Chrome -> Password manager and then Right click and Edit the “Enable saving passwords to the password manager

Disabling Chrome Built-In Password Manager

9. Tick the "Disabled" button, and then click Apply, and then click OK.

Disabled Chrome Password Manager

10. Following the same process as steps 8 - 9, direct within Google Chrome Administrative Templates Policy definitions, Disable Chrome's AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

Disable Chrome"s AutoFill Capabilities

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Google Chrome Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

Developer Tools Policy
Disallow Developer Tools

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users, and select Link an Existing GPO.

Link Forced Installed Extension to PCs

13. Select the “Chrome Policy” and click “OK

Chrome Policy Object

If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.

For any PC within that OU, the “Chrome Policy” will automatically install the Keeper Security Browser Extension, if Chrome is installed on those PCs as well as disable Chrome's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Chrome Policies

On a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

Chrome Polices

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.

You may need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.

gpupdate /force

You may need to close and reopen Google Chrome before the new policies appear.

Group Policy Deployment - Firefox

Deploying KeeperFill via Group Policy

Deploying Keeper Firefox Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Firefox Policy Templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Firefox Policy Templates

On your domain controller, download the zip file and extract the Firefox Policy Template file to your desired location. Ex: C:\temp

https://github.com/mozilla/policy-templates/releases

Step 2: Adding Firefox .admx and .adml files to Group Policy

  1. Navigate to the directory in which you extracted the Firefox Policy Template file and copy the firefox.admx file located within the \policy_templates_v.(version)\windows directory to C:\Windows\PolicyDefinitions

  2. Navigate to the directory in which you extracted the Firefox Policy Template file and copy the firefox.adml file located within the \policy_templates_v.(version)\windows\en-US directory to C:\Windows\PolicyDefinitions\en-US

NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES

Step 3: Create or Configure your Firefox Policy

  1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Firefox Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

Creating a new Policy

2. Name the policy something relevant. Ex: "Firefox Policy”

Policy Name

3. Once created, right click the new policy and select Edit.

Editing a Group Policy

4. Expand out Firefox Policy -> Computer Configuration -> Policies -> Administrative Templates -> Firefox -> Extensions then Right click and Edit the “Extensions to Install”

Configure Forced Installed Extensions

5. Tick the Enable button, and then click the Show button.

Enabling Forced Extensions

6. Add the full hyperlink to the Add-on from Mozilla, like below:

Text to be added:
https://addons.mozilla.org/firefox/downloads/latest/keeper-password-manager/latest.xpi
Adding Keeper Browser Extension App ID

7. Click Apply, and then click OK

Applying the Forced Installed Extension

8. Now proceed to right clicking and Edit the “Prevent extensions from being disabled or removed”

Prevent Keeper Browser Extension Removal

9. Add the URL again from Step 6 above in the value field.

Adding Keeper Browser Extension App ID

10. Click Apply, and then click OK

Applying the Prevent Installed Extension Removal

11. Disable the Firefox Built-In Password Manager by navigating direct within Firefox Administrative Templates Policy definitions and then Right click and edit both the Offer to save logins and Offer to save logins (default) and set to Disabled, Click Apply and then OK.

Firefox AutoFill Capabilities Policies
Disable Firefox AutoFill Capabilities

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, and select Link an Existing GPO.

Link Forced Installed Extension to PCs

13. Select the “Firefox Policy” and click “OK”

Firefox Policy Object

If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.

For any PC within that OU, the “Firefox Policy” will automatically install the Keeper Security Browser Extension, if Firefox is installed on those PCs as well as disable Firefox's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Firefox Policies

On a target client device, open Firefox and navigate to about:policies to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

Successful KeeperFill Firefox Forced Install

You may need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.

gpupdate /force

You may need to close and reopen Firefox before the new policies appear.

Group Policy Deployment - Edge

Deploying KeeperFill via Group Policy

Deploying Keeper Edge Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Microsoft Edge templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Edge Policy Templates

  1. On your domain controller, go to the Microsoft Edge Enterprise landing page to download the Microsoft Edge policy templates file (MicrosoftEdgePolicyTemplates.cab), by clicking on "Get Policy Files" and extract the contents to your desired location. Ex: C:\temp

https://www.microsoft.com/en-us/edge/business/download
Download Policy Files

Please select and download the correct files in accordance to your organizations environment and preferences.

Accept Privacy Statement

2. Browse to the directory in which you saved the downloaded MicrosoftEdgePolicyTemplates.zip file. Extract the contents of the MicrosoftEdgePolicyTemplates.zip file to your desired location. Ex: C:\temp

Microsoft Edge Policy Template Initial Zip file

Step 2: Adding Edge .admx and .adml files to Group Policy

  1. Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.admx file located within the \windows\admx directory to C:\Windows\PolicyDefinitions

  2. Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.adml file located within the \windows\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US

NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES

Step 3: Create or Configure your Edge Policy

  1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Edge Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

Creating a new Policy

2. Name the policy something relevant. Ex: “Edge Policy”

Policy Name

3. Once created, right click the new policy and select Edit.

Editing a Group Policy

4. Expand out Edge Policy -> Computer Configuration -> Policies -> Administrative Templates -> Microsoft Edge -> Extensions then Right click and Edit the “Control which extensions are installed silently

If this Policy will apply to Users instead of Computers, the Edge Policies you will be expanding will be located under User Configuration -> Policies -> Administrative Templates -> Microsoft Edge.

Configure Forced Installed Extensions

5. Tick the Enable button, and then click the Show button.

Enabling Forced Extensions

6. Add the following text and click OK.

lfochlioelphaglamdcakfjemolpichk;https://edge.microsoft.com/extensionwebstorebase/v1/crx
Adding Keeper Browser Extension App ID

7. Click Apply, and then click OK

Applying the Forced Installed Extension

8. Disable Edge's Built-In Password Manager by navigating to Microsoft Edge -> Password manager and protection and then Right click and Edit the “Enable saving passwords to the password manager”

Disabling Edge Built-In Password Manager

9. Tick the "Disabled" button, and then click Apply, and then click OK.

Disabled Edge Password Manager

10. Following the same process as steps 8 - 9, directly within Microsoft Edge Administrative Templates Policy definitions, Disable the Edge AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

Disable Edge AutoFill Capabilities

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Microsoft Edge Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

Developer Tools Policy
Disallow Developer Tools

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users and select Link an Existing GPO.

Link Forced Installed Extension to PCs

13. Select the “Edge Policy” and click “OK

Edge Policy Object

If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.

For any PC or User within that OU, the “Edge Policy” will automatically install the Keeper Security Browser Extension, if Edge is installed on those PCs, as well as disable the Edge browser, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Edge Policies

On a target client device, open Microsoft Edge and navigate to edge://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

Edge Policies

You can also check your extension by navigating to edge://extensions and ensuring your extensions are being forcefully installed.

Forced Keeper Browser Extension Installed

You may need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.

gpupdate /force

You may need to close and reopen Microsoft Edge before the new policies appear.

SCCM Deployment - Chrome

This page describes how to deploy the Keeper Browser Extension with SCCM

Deploying Keeper Chrome Browser Extension via SCCM

This is a general guide in which describes how to utilize SCCM, against Google Chrome templates, to deploy the Keeper Browser extension to all desired PCs in your organization.

Step 1: Configuration Item

Create a new Configuration Item. This can be done within the Configuration Manager console, in the Assets and Compliance work space. Give it a suitable name, like Keeper Browser Extension, and click Next.

Configuration Wizard

Step 2: Platform Selection

Select the appropriate platforms in which this Configuration will apply to and click Next.

Select Your Desired Platforms / Operating Systems

Step 3: Create New Settings Configuration

Create a new settings configuration by clicking New.

New Settings Configuration

Configure the new settings, as shown below, and click OK.

  • Name: ExtensionInstallForcelist

  • Description: Keeper Browser Extension

  • Key Name: Software\Policies\Google\Chrome\ExtensionInstallForcelist

  • Value Name: 1 This number is unique. Are you planning on adding other extensions this way, these should be added as 1, 2, 3 and so forth

New Settings Configuration

Step 4: Create New Compliance Rule

Now click on the "Compliance Rules" tab and click on New.

Compliance Rule

Configure the new compliance rules, as shown below, and click OK.

  • Name: Keeper Security Extension Compliance Rule

  • Description: Keeper Browser

  • Within the "the following values:" field, add the value "bfogiafebfohielmmehodmfbbebbbpei;https://clients2.google.com/service/update2/crx" without the quotes.

  • Tick ON Remediate noncompliant rules when supported and Report noncompliance if this setting instance is not found

New Compliance Rules Configuration

Click OK to create the new compliance rule.

Click Close to finish the new configuration item wizard.

Configuration Wizard Complete

Step 5: Configuration Baseline

In order to deploy this Configuration item, you need a baseline unless you have an existing baseline you would rather use.

If you have an existing baseline you would rather use, proceed to ?.

Create a new Configuration Baseline in the Configuration Manager console, in the Asset and Compliance work space. Give it a suitable name and click Add > Configuration Item.

Create Configuration Baseline

Add your newly created Keeper Browser Extension Configuration Item, shown within the Available Configuration Items pane and click OK.

Add Keeper Browser Extension Configuration Item

Finish creating the new Configuration Baseline by clicking on OK.

Complete New Configuration Baseline

Step 6: Deployment

Finally!!!! The Configuration Baseline containing the Keeper Browser Extension Configuration Item needs to be deployed. When deploying a baseline, remember to tick ON the Remediate noncompliant rules when supported. Also, consider how often the compliance should be evaluated. For ex: Group policies updates, by default, every 90 minutes. If this is replacing a GPO, consider to lower the policies update interval. Click OK to complete the configuration baseline.

Step 7: End user experience

Once the SCCM client has updated its policies, per device, and the Configuration Baseline has run, on a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

SCCM Google Chrome Extension Policies

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.

Forced Chrome Keeper Browser Extension.

Intune - Chrome

Deploy the Keeper browser extension to Google Chrome using Microsoft Intune

(1) Go to the Intune Portal

(2) In the portal, navigate to Devices > Configuration.

(3) Select Manage Devices > Configuration

(4) On the Policies tab, click Create > New Policy.

New Policy

(5) Under Platform, select Windows 10 and later.

(6) Under Profile Type, choose Settings Catalog, then click Create.

(7) On the next screen, enter a Name for the configuration profile and an optional Description, then click Next.

(8) In the Configuration Settings tab, select + Add settings.

(9) Search for Google, then select Configure the list of force-installed apps and extensions.

(10) Enable Configure the list of force-installed apps and extensions, then paste the following on separate lines: Line 1 : bfogiafebfohielmmehodmfbbebbbpei

Line 2 : https://clients2.google.com/service/update2/crx

(11) In the Scope Tags section, click + Select scope tags and enter any applicable tags.

(12) In the Assignments section, add groups then click Next.

(13) Review the configuration settings, then click Create to finalize.

(14) Navigate back to “Devices | Configuration” > Hit Refresh

(15) Your newly Created Policy Name will then be listed

The policy is now active. If a plan member has not yet enrolled with Intune, they will be prompted to do so upon signing in to a managed device. Once enrolled, the Keeper browser extension will be installed automatically.

Intune - Edge

Deploy the Keeper browser extension to Microsoft Edge using Microsoft Intune

(1) Go to the Intune Portal

(2) In the portal, navigate to Devices > Configuration.

(3) Select Manage Devices > Configuration

(4) On the Policies tab, click Create > New Policy.

(5) Under Platform, select Windows 10 and later.

(6) Under Profile Type, choose Settings Catalog, then click Create.

(7) On the next screen, enter a Name for the configuration profile and an optional Description, then click Next.

(8) In the Configuration Settings tab, select + Add settings.

(9) Search for Edge, then select Configure the list of force-installed apps and extensions.

(10) Enable Configure the list of force-installed apps and extensions, then paste the following on separate lines: Line 1 : lfochlioelphaglamdcakfjemolpichk

Line 2 : https://edge.microsoft.com/extensionwebstorebase/v1/crx

(11) In the Scope Tags section, click + Select scope tags and enter any applicable tags.

(12) In the Assignments section, add groups then click Next.

(13) Review the configuration settings, then click Create to finalize.

(14) Navigate back to “Devices | Configuration” > Hit Refresh

(15) Your newly Created Policy Name will then be listed

The policy is now active. If a plan member has not yet enrolled with Intune, they will be prompted to do so upon signing in to a managed device. Once enrolled, the Keeper browser extension will be installed automatically.

Edge Settings Policy

Configuration settings for Edge Browser Extension

The behavior and settings of the Microsoft Edge extension can be customized through the ExtensionSettings policy on Microsoft Windows devices.

Please see the below link to learn about the various settings can be applied:

LogoDetailed guide to the ExtensionSettings policydocsmsft

Chrome Settings Policy

Configuration settings for Chrome Browser Extension

The behavior and settings of the Chrome extension can be customized through the ExtensionSettings policy on Windows, Mac and Linux.

Please see the below link to learn about the various settings can be applied:

LogoConfigure ExtensionSettings policy - Google Chrome Enterprise Help