Help

Block all Google Chrome extensions except approved ones

sahmed
New Contributor II

Posted on ‎06-06-2018 06:46 AM

Hi,

I am trying to get a config to block all chrome extensions and allow only approved ones as I keep finding.
I found some examples online but I am not too familiar how to proceed, I know the way to setup is in Configuration Profile and Custom Settings, but I don't know the exact way to set that up. here is an example I found but can someone show me how to implement it.

thanks

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DeveloperToolsDisabled</key> <false/> <key>ExtensionInstallBlacklist</key> <array> <string>*
</string> </array> <key>ExtensionInstallWhitelist</key> <array> <!--Docs--> <string>aohghmighlieiainnegkcijnfilokake</string> <!--sheets--> <string>felcaaldnbdncclmgdcncolpebgiejap</string> <!--slides-->
</array>
</dict>
<!--Updated 2018-06-05 Syed-->
</plist>

0 Kudos
Reply
5 REPLIES 5

bumbletech
Contributor III

Posted on ‎06-06-2018 07:20 AM

That looks about right. You'll need to save that as a file named "com.google.Chrome.plist", create a new Configuration Profile, and then upload your "com.google.Chrome.plist" file as a part of the "Custom Settings" payload.

0 Kudos
Reply

sepiemoini
Contributor III
Contributor III

Posted on ‎06-06-2018 07:34 AM

We're using this approach and identically to how @bumbletech explained it. Hope this helps :)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>DeveloperToolsDisabled</key>
    <false/>
    <key>ExtensionInstallBlacklist</key>
    <array>
        <!-- ID for Google Chrome Extension - Storyful Multisearch -->
        <string>chjbobecfbckiecmjcfacofliogmekcm</string>
    </array>
</dict>
</plist>

636f099982074c37801f144ff2977592

Reply

vcparra
New Contributor
In response to sepiemoini

Posted on ‎07-15-2022 01:24 PM

Goal: Force install a, b, c + Uninstall and block future installs of d.

Using this script, I hoped to achieve that but although it completed in Jamf, it did not uninstall d. Any suggestions?

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ExtensionInstallForcelist</key>
	<array>
		<string>hdokiejnpimakedhajhdlcegeplioahd</string>
		<string>glnpjglilkicbckjpbgcfkogebgllemb</string>
		<string>kgjfgplpablkjnlkjmjdecgdpfankdle</string>
	</array>
<key>DeveloperToolsDisabled</key>
    <false/>	
<key>ExtensionInstallBlockList</key>
	<array>
		<string>kbfnbcaeplbcioakkpcpgfkobkghlhen</string>
	</array>
</dict>
</plist>

 

0 Kudos
Reply

kgam
Contributor

Posted on ‎09-12-2022 07:09 AM

I haven't tried the force install yet but "ExtensionInstallBlocklist" will successfully block (although not uninstall) the specified extensions.

Tested it with this example and it works as expected to block already installed extentions and block future installs from the Chrome web store.

Note: The name of the key has changed since the original post.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>ExtensionInstallBlocklist</key>
        <array>
            <!-- ID for Google Chrome Extension - LastPass -->
            <string>hdokiejnpimakedhajhdlcegeplioahd</string>
            <!-- ID for Google Chrome Extension - ProKeys -->
            <string>ekfnbpgmmeahnnlpjibofkobpdkifapn</string>
            <!-- ID for Google Chrome Extension - Speedtest -->
            <string>pgjjikdiikihdfpoppgaidccahalehjh</string>
        </array>
    </dict>
</plist>

 

0 Kudos
Reply

Jasminpatel
New Contributor

Posted on ‎06-27-2024 04:56 AM

You can whitelist Chrome extensions using a configuration profile. The provided code blocks all extensions by default and allows specific ones (Docs, Sheets, Slides in the example) through their IDs (found in the Chrome Web Store URL). Save this code as a .plist file and import it into your MDM tool (recommended) or a configuration profile creator app. Deploy the profile to your devices to enforce the whitelist. Remember to update the whitelist with any new approved extensions.

0 Kudos
Reply