Configuring Google Chrome

I'm interested in getting Google Chrome set up on an image where the first run and subsequent runs just opens the browser and sends the user to a homepage without prompting the user to log in or do anything else. It appears that this may not be so simple.

There have been a few posts in the past about this (one method with a manifest, the other Google Chrome Master Preference) but I haven't been able to get anything working. Would anyone be willing to share how they're doing it?

It feels like this ought to be possible.

Page 1 / 4

I gave up with the Master Preference file and took a snapshot /Users/username/Library/Application Support/Google/Chrome. Made a DMG and it works just as fine.

@jbarnes This can be a very daunting task. You have to go to /Applications/Google Chrome.app/Contents/Resources/com.google.Chrome.manifest. This is the file you need. Take this file, pop it into profile manager. Then select the options you want. Then download the manifest from profile manager, then load that manifest into JSS as a custom payload.

Master Preferences are pretty easy as a DMG deployment. From memory It's basically just two files.
Library/Google/Google Chrome Master Preferences << Text file in JSON format from memory.
Library/Google/Bookmarks << Optional If you want to import predetermined bookmarks.

The one thing I will say is the file has to be almost character perfect, one tiny mistake and it invalidates the whole file and nothing happens.
You can download a fully functioning file from google and then just edit as you like, there is also a list of every available setting as well.
So just start with the vanilla working file and add your pieces one by one making sure it works after each one.
There was when I last looked a bug where you couldn't supress the "Use chrome as the default browser" on the very first run, it's listed as being looked at so may have already been resolved. But basically every other setting I have wanted has been managed with Master Preferences.
It's nice because it sits outside the Chrome Application deployment so you can deploy a new version and it generally just picks it up.
It also is used if a user deletes just their Chrome folder from Library and relaunches Chrome (as opposed to a user template for example that only affects a new user profile).

I use two methods. One by setting some 'suggested' settings via the option in a file I believe in /Library/Application support (I'll update tomorrow if you are interested when I get into the office). This file sets some settings on a first time basis only and the user can override them with their own settings. I then lock all the settings required for my environment via a configuration profile (you could also use the legacy managed preferences method in the JSS). Basically I configured a plist file called com.google.chrome.plist (see picture attachment for a partial look at the file)
with all of the locked settings. Uploaded that into the configuration profile and applied it to the machines. It works great. Whenever I need to update settings, like whitelisting plugins or sites, I just update the plist file and re-upload it to that configuration profile.

Thanks everybody. I have tried a bunch of these methods, but haven't been able to get them going -- as of now it seems the Chrome install is ignoring my attempts, so @maxbehr I am very interested in what you're up to.

I too have had many many problems managing Chrome. My requirements:

Homepage
Skip the first run window
Prevent the yellow menu bars for updates showing

Tried policy & preference

Ended up doing a snapshot. Going to try once more.

OK so here's the update. For one time only prefs you must create a file called Google Master Preferences found at /Library/Google/Google Chrome Master Preferences. It's a simple txt file in JSON format. More details at https://www.chromium.org/administrators/configuring-other-preferences . For this I just use Composer to package the file and deploy it when I image the computers. From what I can tell it only supports a subset of the available preferences ( they are listed at the end of the page ). Like I said previously this will ONLY give defaults prefs the first time chrome is run and they are NOT locked just friendly suggestions. For the real good stuff, I deploy a Configuration Profile (Computer not User). Per JAMF's recommendation they suggest only using one configuration profile per set of preferences so mine is ONLY dedicated to Google Chrome settings. To create the settings you must create a plist file called com.google.chrome.plist. In this file I put all of the settings that must be locked down and NOT changeable by the user. The complete list of available prefs is located at https://www.chromium.org/administrators/policy-list-3

When you construct your plist it must be in the right format, see my screenshot above. Once applied via configuration profile the changes are instant. You can verify that the prefs have taken hold by typing in chrome:policy in the address bar, it will then show you a list of all the prefs that have been applied.

Thanks. That helped.

Since we do thin imaging I ended up writing script that creates the Google Chrome Master Preferences File. Here it is (let's see if this works) in case anybody searching stumbles on this:

#!/bin/bash
# Output Chrome Master Preferences to /Library/Google/Google Chrome Master Preferences
# jbarnes 4/6/2015


if [ ! -d "/Library/Google" ]
then
    mkdir "/Library/Google"
fi

(
sudo cat <<'EOD'
{
  "homepage" : "http://www.homepage.yo",
  "homepage_is_newtabpage" : false,
  "browser" : {
    "show_home_button" : true,
    "check_default_browser" : false
  },
  "bookmark_bar" : {
    "show_on_all_tabs" : false
  },
  "distribution" : {
    "suppress_first_run_bubble": true,
    "show_welcome_page" : false,
    "skip_first_run_ui" : true,
    "import_history" : false,
    "import_bookmarks" : false,
    "import_home_page" : false,
    "import_search_engine" : false
  },
  "sync_promo" : {
    "user_skipped" : true
  },
  "first_run_tabs" : [
    "http://www.homepage.yo/"
  ]
}
EOD
) > "/Library/Google/Google Chrome Master Preferences"

I used the method of importing a com.google.chrome.plist file into a configuration profile as mentioned by maxbehr and it works a treat. The full list of available options is at https://www.chromium.org/administrators/policy-list-3 (note, some preferences are only for Chromium OS, each setting is marked whether it is applicable to OS X or not).

For default settings (as opposed to enforced settings) we normally just load chrome a few times to capture all the prompts, then copy the chrome profile out of Library/Application Support into the default user template. Have tried using managed preferences but haven't had much luck getting it to work.

I know this is an old post, but maybe just maybe someone like me is stuck with Yosemite, and comes across this.

Run the following lines in a login script to set the browser as default for each user.

Assuming Chrome is already installed:

open -a "Google Chrome" --args --make-default-browser
sleep 1
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "REPLACE INTO access VALUES('kTCCServiceAccessibility','com.apple.loginwindow',0,1,1,NULL);" 
osascript -e 'tell application "System Events" to tell process "CoreServicesUIAgent" to tell window 1 to click button 1' >/dev/null 2>&1
sqlite3 /Library/Application Support/com.apple.TCC/TCC.db "delete from access where client='com.apple.loginwindow';"

Very subtle solution and works quite nicely.

Kamal

@maxbehr Hi Max i've been following your method by deploying a configuration profile, and it's a great success. so i've deployed a bookmark folder to user chrome without hurting their existing bookmark. but one question, it seems i can't change the name of "Managed Bookmarks", even though i tried add <key>name</key>
<string>test</string>
at the end of dictionary, but its name still Managed Bookmarks, didn't change to test. you have any idea how to change it?

@Dalmatian it does not look like there is a way to rename the Managed Bookmarks. Looking at the Chromium docs appears that Managed Bookmarks is the default name and I could not find a way to change it.

@maxbehr Thanks for your hard work on this. Can you tell me where this com.google.Chrome.plist file needs to live on a computer? I've built the plist using Xcode and now I want to test the plist before deploying it with a configuration profile. Also, will this overwrite the rest of the settings in user's plist configuration? I just want to block some plugins using your method you've described.

Thanks!!

@danhutchings, When using managed preferences / configuration profiles the file is placed in /Library/Managed Preferences so you should be able to put it in /Library/Preferences or in ~/Library/Preferences to test. Like most managed preferences the settings are additive to any settings the user has already set UNLESS you are overriding something that the user has set, then the managed preferences or /Library/Preferences take precedence over ~/Library/Preferences

Thanks for the reply @maxbehr !

I was able to apply my preferences. I took the com.google.Chrome.manifest file and saved it to my desktop. I then made the changes to the file. I copied it to the managed preferences path you mentioned. I then renamed the file to com.google.Chrome.plist and it worked just fine. The struggle I have now is uploading the manifest file to the JSS. It tells me there is a format issue. How can I convert this manifest file so that it will work with the JSS in a configuration profile?

Thanks!

More than likely you need to convert the plist to a text file from a binary. Try running

plutil -convert xml1 /path_to_plist

And then try uploading.

I was able to upload the file now! So that is a plus. However, when I upload it, it just gives me the attached screenshot. Let me know what you think.

Thanks!

Sorry for the delayed response, That is indeed odd. If I had to guess the plist is malformed in some way. Could you try copying and pasting the text into your response so I could see the raw plist?

@maxbehr You might be able to help me out here...I'm having difficulty with google as there are no directories outside of the user account for chrome in OS X. I have tried the JAMF process with the configuration profile, using the manifest file and options there yet it effectively does nothing on the client machine. I have switched to manual manipulation of the manifest file and converting it to a plist file...yet still no enforcement/changes. What I am attempting to do is forced the user to log in under the provided domain account for our google apps for education and deny access to a personal log in - i.e. gmail or others. We are running 10.10.5 and up (I am building a workflow and wanted to incorporate this to the new image flow.)

Just as a note I have edited the manifest using this page: https://www.chromium.org/administrators/policy-list-3 utilizing the *@domain restriction pattern

Thanks for any input on this
-Nate

@Npooter229

Nate, unfortunately it looks like those two policy options are Chrome OS only. If you notice each preference setting has a Supported On clause, only the ones that list Chromium (Mac OS X) will work on the Mac. Those with Chrome OS will only work on Chrome OS devices (Chrome book, etch…). The only policy I can think of would be the SyncDisabled preference but that only restricts whether a user can login to a google account to sync across devices, there is no way I know to further restrict which accounts (personal or institutional) they can use…sorry.

@maxbehr

I could really use some help on this...I seem to be doing everything posted here and get no errors, but Chrome just isnt reading/applying the policies

I have a very simple plist (for testing):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>AllowOutdatedPlugins</key>
    <false/>
    <key>defaultgeolocationsetting</key>
    <integer>2</integer>
   <key>IncognitoModeAvailability</key>
   <integer>1</integer>
</dict>
</plist>

I'm uploading that to jss for a preference domain named com.google.chrome.plist and the file uploads and shows each setting and value pair correctly.
It is set for Computer
And I can easily verify the file is being created in /Library/Managed Preferences on the scoped client
But chrome://policy shows nothing!
after reloading and rebooting

Any help would be greatly appreciated!!

Thx

Two things, first (don't know if capitalization matters) try DefaultGeolocationSetting instead of defaultgeolocationsetting . Second the preference domain should be com.google.chrome no .plist

in the preference domain. Also are you doing this via Managed Preferences or a Configuration Profile

@maxbehr Thanks for the fast response!!
I am doing this via configuration profile...? Is that right ?

Also, how do I force jamf to update configuration profiles??
The scoped machine is stuck on pending even though it just checked in
(I made the change in name)

@branthyatt Either will work I think, Configuration Profile is the preferred method. I know of no way of forcing the client to reconnect to Apple's Push Service Network. Configuration profiles require use of Apple's Push Service. The JSS needs access to 17.0.0.0/8 via ports 2195 and 2196. And the client needs access to 17.0.0.0/8 via port 5223.

If you don't have access to those ports or you just want to test the easiest method is to download your config profile, there is a download button on the configuration profile edit screen, from the JSS and then manually install it on the client.

@maxbehr

Thanks!!!
Working now (via download...assuming it will work via push eventually) and Yes capitalization does matter!

Thanks again...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded