Comment on page

Group Policy Deployment - Edge

Deploying KeeperFill via Group Policy

Deploying Keeper Edge Browser Extension via Group Policy Management

This section describes how to utilize your Active Directory Group Policy Management, against Microsoft Edge templates, to deploy the Keeper Browser extension to all PCs in your organization. Please note this is a general guide.

Step 1: Adding Edge Policy Templates

  1. 1.
    On your domain controller, go to the Microsoft Edge Enterprise landing page to download the Microsoft Edge policy templates file (, by clicking on "Get Policy Files" and extract the contents to your desired location. Ex: C:\temp
Download Policy Files
Please select and download the correct files in accordance to your organizations environment and preferences.
Accept Privacy Statement
2. Browse to the directory in which you saved the downloaded file. Extract the contents of the file to your desired location. Ex: C:\temp
Microsoft Edge Policy Template Initial Zip file

Step 2: Adding Edge .admx and .adml files to Group Policy

  1. 1.
    Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.admx file located within the \windows\admx directory to C:\Windows\PolicyDefinitions
  2. 2.
    Navigate to the directory in which you extracted the Microsoft Edge Templates zip file and copy the msedge.adml file located within the \windows\admx\en-US directory to C:\Windows\PolicyDefinitions\en-US
NOTE: If a different language is desired instead of en-US, please navigate to the directory for the correct language of your choosing. Ex: es-ES

Step 3: Create or Configure your Edge Policy

  1. 1.
    Open Group Policy Manager on your domain controller and expand out your domain -> Group Policy Objects. If you currently do not have a Group Policy created in which you want to utilize for Edge Policies, proceed to right clicking on Group Policy Objects and create a New Policy.
Creating a new Policy
2. Name the policy something relevant. Ex: “Edge Policy”
Policy Name
3. Once created, right click the new policy and select Edit.
Editing a Group Policy
4. Expand out Edge Policy -> Computer Configuration -> Policies -> Administrative Templates -> Microsoft Edge -> Extensions then Right click and Edit the “Control which extensions are installed silently
If this Policy will apply to Users instead of Computers, the Edge Policies you will be expanding will be located under User Configuration -> Policies -> Administrative Templates -> Microsoft Edge.
Configure Forced Installed Extensions
5. Tick the Enable button, and then click the Show button.
Enabling Forced Extensions
6. Add the following text and click OK.
Adding Keeper Browser Extension App ID
7. Click Apply, and then click OK
Applying the Forced Installed Extension
8. Disable Chrome's Built-In Password Manager by navigating to Microsoft Edge -> Password manager and protection and then Right click and Edit the “Enable saving passwords to the password manager”
Disabling Edge Built-In Password Manager
9. Tick the "Disabled" button, and then click Apply, and then click OK.
Disabled Edge Password Manager
10. Following the same process as steps 8 - 9, directly within Microsoft Edge Administrative Templates Policy definitions, Disable the Edge AutoFill capabilities by editing both "Enable AutoFill for addresses" and "Enable AutoFill for credit cards" and setting them to disabled.
Disable Edge AutoFill Capabilities
11. (Optional) If you would like to disable Developer Tools, to further secure against users attempting to unmask a masked password / credential, still within the Microsoft Edge Administrative Templates Policy definitions, disable Developer Tools by editing "Control where developer tools can be used" end setting it to "Enabled" and select the Options value of "Don't allow using the developer tools" and click OK.
Developer Tools Policy
Disallow Developer Tools
12. Exit the Group Policy Management Editor, Right Click the OU of your choice, in which contains your Computers or Users and select Link an Existing GPO.
Link Forced Installed Extension to PCs
13. Select the “Edge Policy” and click “OK
Edge Policy Object
If you have more than one OU (Organizational Unit) that you would like to Link this new Group Policy to, repeat steps 12 - 13.
For any PC or User within that OU, the “Edge Policy” will automatically install the Keeper Security Browser Extension, if Edge is installed on those PCs, as well as disable the Edge browser, less secure, built-in password manager and AutoFill capabilities.

Step 4: Check Your Edge Policies

On a target client device, open Microsoft Edge and navigate to edge://policy to see all policies that are applied. If you applied policy settings on the local computer, policies should appear immediately.
Edge Policies
You can also check your extension by navigating to edge://extensions and ensuring your extensions are being forcefully installed.
Forced Keeper Browser Extension Installed
You may need to run gpupdate /force, in an elevated command prompt, to apply this new group policy to the PCs.
gpupdate /force
You may need to close and reopen Microsoft Edge before the new policies appear.