So this thread has been a big help in trying to get our Chrome install under control, but there are still a couple of settings that aren't quite working right.

I'm using a Google Chrome Master Preferences file, and a com.google.chrome.plist file. (I have the plist in /Library/Preferences as I want those settings to apply to all users, but for them to be able to override as needed.) What I'm left with is a bit of underisable first-run behavior -- specifically, "Google Chrome isn't your default browser" and "Google Chrome may not be able to keep itself updated" bars:

What settings am I missing? I went through the Chrome policy list and added what I thought would be applicable. That update bar is interesting too since I'm not setting anything related to that.

My Google Chrome Master Preferences settings:

{ "homepage": "https://www.mydomain.whatever", "homepage_is_newtabpage": false, "browser": { "show_home_button": true, "check_default_browser": false }, "session": { "restore_on_startup": 4, "startup_urls": [ "https://www.mydomain.whatever" ] }, "bookmark_bar": { "show_on_all_tabs": true }, "sync_promo": { "show_on_first_run_allowed": false }, "distribution": { "import_bookmarks": false, "import_history": false, "import_home_page": false, "import_search_engine": false, "ping_delay": 60, "do_not_launch_chrome": true, "make_chrome_default": false, "make_chrome_default_for_user": false, "suppress_first_run_default_browser_prompt": true, "suppress_first_run_bubble": true, "show_welcome_page": false, "skip_first_run_ui": true, "system_level": true, "verbose_logging": true }, "first_run_tabs": [ "https://www.mydomain.whatever" ] }

...and my com.google.chrome.plist:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AutoFillEnabled</key> <false/> <key>DefaultBrowserSettingEnabled</key> <false/> <key>ExtensionInstallForcelist</key> <array> <string>cjpalhdlnbpafiamejdnhcphjbkeiagm;https://clients2.google.com/service/update2/crx</string> </array> <key>PasswordManagerEnabled</key> <false/> <key>RestoreOnStartup</key> <integer>4</integer> <key>RestoreOnStartupURLs</key> <array> <string>https://www.mydomain.whatever</string> </array> <key>SyncDisabled</key> <true/> </dict> </plist>

For disabling updates (assuming thats what you want to do) you should do that in the plist with the key DeviceAutoUpdateDisabled. If you want auto-update to work then you need to make sure you install the pieces in /Library that chrome installs to make that happen. Easiest way to do that is to use composer, and then click that setup up automatic updates.

As for the checking of the default browser you should use the key DefaultBrowserSettingEnabled set to false

@maxbehr I dig your profile picture! Anyways, I have been following this feature request:

Enterprise Option to Enforce Chrome Sign-in

Q2 has long passed and no update has been provided. However, I have recently found this page:

Force users to sign in to Chrome Browser

It would seem as though this is now supported on macOS? So far I have tried manipulating this setting in a fresh com.google.Chrome.manifest then changing it to com.google.Chrome.plist and finally uploading it as a custom setting to Jamf. I get no sign in prompts on the client and I can use the browser as normal. Am I doing this wrong or is it still just not yet supported on macOS?

@mhatt thanks! According to the Chromium policy site, it should force sign in on version 70 or greater. Looking at that second link I don't think the sample code is correct. I do not think there should be a <dict> after the preference key.

Try the following

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>BrowserSignin</key>
    <integer>2</integer>
</dict>
</plist>

I am looking to utilize this option to Enforce Chrome Sign-In as well. I I have created the following plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>DisablePrintPreview</key>
    <true/>
    <key>BrowserSignin</key>
    <integer>2</integer>
    <key>RestrictSigninToPattern</key>
    <array>
        <string>domain.com</string>
        <string>domain.net</string>
    </array>
    <key>IncognitoModeAvailability</key>
    <integer>1</integer>
    <key>BrowserGuestModeEnabled</key>
        <false/>
</dict>
</plist>

In addition to forcing the sign-in, I also wanted to restrict what domains were available. I then put this plist into the /Library/Preferences folder as com.google.Chrome.plist. This worked when all we were doing was using the DisablePrintPreview option. However, these restrictions don't seem to be taking effect. Is there some step we are missing?

Tim

I recently did created a plist for Chrome so the companies Intranet page is set and is greyed out so no additional pages can be added or deleted.

Is there a setting where I can still keep the Intranet page but at the same time if the end users want to add additional homepages it will not affect that

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>HomepageIsNewTabPage</key> <array> <string>false</string> </array> <key>HomepageLocation</key> <string>http://christiesintranet</string> <key>RestoreOnStartup</key> <integer>4</integer> <key>RestoreOnStartupURLs</key> <array> <string>http:intranet</string> </array> <key>ShowHomeButton</key> <array> <string>true</string> </array> <key>StartupURLs</key> <array> <string>intranet</string> </array>
</dict>
</plist>