Group Policy Deployment - Chrome

Deploying KeeperFill via Group Policy

Deploying Keeper Chrome Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Google Chrome templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Chrome Policy Templates

On your domain controller, navigate to the URL, provided below, and download the correct 32 or 64 bit zip bundle. Extract the Google Chrome bundle to your desired location. Ex: C:\temp
  1. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.admx file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx directory to C:\Windows\PolicyDefinitions OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx directory to C:\Windows\PolicyDefinitions

  2. Navigate to the directory in which you extracted the Google Chrome Bundle and copy the chrome.adml file located within the 64-bit \GoogleChromeEnterpriseBundle64\Configuration\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US OR 32-bit \GoogleChromeEnterpriseBundle\Configuration\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US

NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES

Step 3: Create or Configure your Chrome Policy

  1. Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Chrome Policies, proceed to right clicking on Group Policy Objects and create a New Policy.

2. Name the policy something relevant. Ex: “Chrome Policy

3. Once created, right click the new policy and select Edit.

4. Expand out Chrome Policy -> Computer Configuration -> Policies -> Administrative Templates -> Google Chrome -> Extensions then Right click and Edit the “Configure the list of force-installed apps and extensions

If this Policy will apply to Users instead of Computers, the Edge Policies you will be expanding will be located under User Configuration -> Policies -> Administrative Templates -> Google Chrome

5. Tick the Enable button, and then click the Show button.

6. Add the following text and click OK.


7. Click Apply, and then click OK

8. Disable Chrome's Built-In Password Manager by navigating to Google Chrome -> Password manager and then Right click and Edit the “Enable saving passwords to the password manager

9. Tick the "Disabled" button, and then click Apply, and then click OK.

10. Following the same process as steps 8 - 9, direct within Google Chrome Administrative Templates Policy definitions, Disable Chrome's AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.

11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Google Chrome Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.

12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users, and select Link an Existing GPO.

13. Select the “Chrome Policy” and click “OK

If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.

For any PC within that OU, the “Chrome Policy” will automatically install the Keeper Security Browser Extension, if Chrome is installed on those PCs as well as disable Chrome's, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Chrome Policies

On a target client device, open Google Chrome and navigate to chrome://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.

You can also check your extension by navigating to chrome://extensions and ensuring your extensions are being forcefully installed.

You may need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.

gpupdate /force

You may need to close and reopen Google Chrome before the new policies appear.

Last updated