# Group Policy Deployment - Chrome
## **Deploying Keeper Chrome Browser Extension via Group Policy Management**
This section describes how to utilize your Active Directory Group Policy Management, against Google Chrome templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.
### **Step 1: Adding Chrome Policy Templates**
On your domain controller, navigate to the URL, provided below, and download the correct 32 or 64 bit zip bundle. Extract the Google Chrome bundle to your desired location. Ex: `C:\temp`
```http
https://chromeenterprise.google/browser/download
```
1. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.admx file located within the\
**64-bit**\
`\GoogleChromeEnterpriseBundle64\Configuration\admx` directory to `C:\Windows\PolicyDefinitions` **OR**\
**32-bit**\
`\GoogleChromeEnterpriseBundle\Configuration\admx` directory to `C:\Windows\PolicyDefinitions`
2. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.adml file located within the\
**64-bit**\
`\GoogleChromeEnterpriseBundle64\Configuration\admx\en-US` directory to `C:\Windows\PolicyDefinitions\en-US` **OR**\
**32-bit**\
`\GoogleChromeEnterpriseBundle\Configuration\admx\en-US` directory to `C:\Windows\PolicyDefinitions\en-US`
{% hint style="info" %}
NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES
{% endhint %}
### **Step 3: Create or Configure your Chrome Policy**
1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Chrome Policies, proceed to right clicking on Group Policy Objects and create a New Policy.
2\. Name the policy something relevant. Ex: “**Chrome Policy**”
3\. Once created, right click the new policy and select **Edit**.
4\. Expand out Chrome Policy -> **Computer Configuration -> Policies -> Administrative Templates -> Google Chrome -> Extensions** then Right click and Edit the “**Configure the list of force-installed apps and extensions**”
{% hint style="info" %}
If this Policy will apply to **Users** instead of Computers, the Edge Policies you will be expanding will be located under **User Configuration -> Policies -> Administrative Templates -> Google Chrome**
{% endhint %}
5\. Tick the **Enable** button, and then click the **Show** button.
6\. Add the following text and click **OK**.
```
bfogiafebfohielmmehodmfbbebbbpei;https://clients2.google.com/service/update2/crx
```
Extension Policy
7\. Click Apply, and then click **OK**
8\. Disable Chrome's Built-In Password Manager by navigating to **Google Chrome -> Password manager** and then Right click and Edit the “**Enable saving passwords to the password manager**”
9\. Tick the "**Disabled**" button, and then click Apply, and then click **OK**.
10\. Following the same process as steps 8 - 9, direct within Google Chrome Administrative Templates Policy definitions, Disable Chrome's AutoFill capabilities by editing both "**Enable AutoFill for addresses**" and "**Enable AutoFill for credit cards**" and setting them to **disabled**.
11\. **(Optional)** If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Google Chrome Administrative Templates Policy definitions, disable Developer Tools by editing "**Control where developer tools can be used**" end setting it to "**Enabled**" and select the Options value of "**Don't allow using the developer tools**" and click **OK**.
12\. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users, and select **Link an Existing GPO**.
13\. Select the “Chrome Policy” and click “**OK**”
{% hint style="info" %}
If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.
{% endhint %}
For any PC within that OU, the “Chrome Policy” will automatically install the Keeper Security Browser Extension, if Chrome is installed on those PCs as well as disable Chrome's, less secure, built-in password manager and AutoFill capabilities.
### **Step 4: Check Your Chrome Policies**
On a target client device, open Google Chrome and navigate to **chrome://policy** to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.
You can also check your extension by navigating to **chrome://extensions** and ensuring your extensions are being forcefully installed.
{% hint style="info" %}
You may need to run **gpupdate /force**, in an elevated command prompt, to apply this new group policy to the PCs.
{% endhint %}
```
gpupdate /force
```
You may need to close and reopen Google Chrome before the new policies appear.
