Jamf Nation Community

shoch · ‎11-14-2017

Newbie here,

I've created a Configuration Profile with a "custom setting" to upload a plist that I created, with the help of other threads, that blocks certain Chrome Extension like Ultrasurf and Touch VPN.

These wonderful extensions allow students to get around our firewall and access things we don't want them accessing.

However, it deploys great but once deployed, all the student have to do is shut down the computer and restart Chrome, they can go right back to these extensions via the Chrome Store and they've got them.

Is there a way to "repush" if you will, the profiles? They're showing up in the students profile list but they're no longer effective.

Any ideas?

boberito · ‎11-14-2017

I'm not sure how they're removing the profiles? Because once it's pushed, it's on the computer. We're doing the same thing in fact and some other chrome settings.

Also you may want to block a few more than just those few...I've been on this cat and mouse hunt for a few years and have quite the extensive list.

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DisablePrintPreview</key> <true/> <key>CloudPrintSubmitEnabled</key> <false/> <key>CloudPrintProxyEnabled</key> <false/> <key>ExtensionInstallBlacklist</key> <array> <string>dfdhngcahhplaibahkkjhdklhihbaikl</string> <string>pohhhgpookhmdgjnngkgkbhklplbompp</string> <string>pmjekkmaahglofndgafcpcaggiobeoki</string> <string>emkajaicgpjdphehdhppleonljbjiiji</string> <string>mnfchpadaikneonajggpooeppnmdolhc</string> <string>fjkmabmdepjfammlpliljpnbhleegehm</string> <string>egnccllcfmpcmeccejlbbnmobnaglbka</string> <string>oiigbmnaadbkfbmpbfijlflahbdbdgdf</string> <string>mdnmhbnbebabimcjggckeoibchhckemm</string> <string>bacakpdjpomjaelpkpkabmedhkoongbi</string> <string>ongbjmaomfahkjompaodmfnmbfngdjnk</string> <string>pkjkehbojcndhlfcckeghclfeoimebnc</string> <string>kgghbgkigdclmealhcgnfdokfllccdmm</string> <string>fjpglcmmjcmnfigjjgpnajgiejppjfha</string> <string>lilimpfdhphnpoakbohfafgolmefboen</string> <string>gocipjldfmnlngoomddhcnnmldifjmei</string> <string>gijkmohmhpggaeehdaogomfoigeoblpe</string> <string>lmebibceegmfjcachddjmmdclfcankha</string> <string>kceedaplliiaihpoepnmbjkjhnolmifb</string> <string>ahnpmpelanacmcfbiedaghlhhjncafcc</string> <string>ipkbbcamfcnlflkedfdaokofdmfgocfp</string> <string>ekmmcigapbkblfihobadbdnadfmekfdo</string> <string>jelkafihejnbjnnpempgfmdkhaobhkih</string> <string>njdjpgffklilbojbobbfecfcgofebbco</string> <string>kecekldmfbcpjfmnnijdjhcggpcnkpbh</string> <string>hfnbbbkabnehoejfhcbbhdicagcoobji</string> <string>nabijffolhanhlbkmakkfgfeadcgkmna</string> <string>epaofkbaeebhpiklpcfbkhpkfhkcicbc</string> <string>fjdchobeoikpjadflakgacfgibmnkcfo</string> <string>jjpnjgokjliifohebndjpjakibhhgmpe</string> <string>fiddahcmipladlobggbjojeimokalcnj</string> <string>abkfaffjmlmannmlnlfheoohcnciagdl</string> <string>aehefioapkedlgdlebfnlgnmmklembnj</string> <string>fkkgljokpmadmmebdegnkbpgndgigcfc</string> <string>nkkjjehlcellolmockcplcgnmelpbkmf</string> <string>nioogmipobkondkghccpicinfgjdoklj</string> <string>bkghdibcmhbcaogjpdjonpcddpcnjelj</string> <string>ojnimdaoiapdkhjdliaijcliikjjpaal</string> <string>fcakbkpmlidimpglgiaclbpgbedlmpfl</string> <string>fnanjnnchncdkfmjghfnkpaonepbopea</string> <string>bebdhgdigjiiamnkcenegafmfjoghafk</string> <string>aajjpnimaghinaladfeongfnojpooegf</string> <string>jpgljfpmoofbmlieejglhonfofmahini</string> <string>aglghfdhijkmlnflejehpgekkpkhicje</string> <string>mpbplcofnommmbeoaphdnobpdafknbcc</string> <string>hbgdaefcalonegdjkhfaeabgodpahimo</string> <string>jbhnemdhjjeheieakekfknnficfdcbbn</string> <string>feojgnhagmekcjbimbbgbdfiffigokbo</string> <string>iaidohholfjjhodbgoahlkdbikokepdl</string> <string>kcndmbbelllkmioekdagahekgimemejo</string> <string>bojjojmafbggldbgcohmpnedmimmicjf</string> <string>ibmdbhboiekjjoadjahpnmmcgdmabbdf</string> <string>cmonbbaipgkkooachioonbkjbbddclpe</string> <string>ipkbbcamfcnlflkedfdaokofdmfgocfp</string> <string>objpiipidagojpjngjgakijbejgbbiej</string> <string>eocembdiaelakgjoheclffagagbgpejg</string> <string>bojkjpnkphmkhgmpdmffcinnppaejpla</string> <string>mnfchpadaikneonajggpooeppnmdolhc</string> <string>hghdlbnadahkknlbmckfljpcoilldcoa</string> <string>aimpgiamifooknoiaiadogbbnbhckopm</string> <string>ccdkfnoabjihakogonbnoffpindmfgdi</string> <string>pkedcjkdefgpdelpbcmbmeomcjbeemfm</string> <string>oofgbpoabipfcfjapgnbbjjaenockbdp</string> <string>ggmdpepbjljkkkdaklfihhngmmgmpggp</string> <string>mnjmjnofadekgmfahkikcjbckdofddbb</string> <string>apkmkagbnjdldlchjaodkghnknglccal</string> <string>baiknijknkfpoaehpnnjnjiidjonhfbb</string> <string>idefjamndcpplnamdlbodoebjgkpdmpn</string> <string>pddlkidaibpbhpkfbhkbeolbagpmkhhn</string> <string>objkcphggobldholmnidihoibcapbmdi</string> <string>gfmpdjndpbomeamnkmjepilkkcoeicma</string> <string>idgiipeogajjpkgheijapngmlbohdhjg</string> <string>gjknjjomckknofjidppipffbpoekiipm</string> <string>omdakjcmkglenbhjadbccaookpfjihpa</string> <string>algfakihijpongolkgpmaikiicmpnnka</string> <string>mjnbclmflcpookeapghfhapeffmpodij</string> <string>ckiahbcmlmkpfiijecbpflfahoimklke</string> <string>kpiecbcckbofpmkkkdibbllpinceiihk</string> <string>fdcgdnkidjaadafnichfpabhfomcebme</string> <string>gkojfkhlekighikafcpjkiklfbnlmeio</string> <string>fcbnikgemihknccdjaihjnfbapinljpi</string> <string>nlbejmccbhkncgokjcmghpfloaajcffj</string> <string>mfoejjmlljjjiokompekfbdhaikjpijg</string> <string>enhcpffgidjhkgnnmiaeennhgjldopeh</string> <string>caaaookbdgdemjmegjgnbpmlchibhmpd</string> <string>eoeecjmgnmpnljngnagabdpmahamaaoh</string> <string>hidlnaoajnajinkabmjkdhoclkdkhbgm</string> <string>mafcnffiekamcoipelofhbnpnhjppged</string> <string>pbfcogippadlgmoiejpmcpooakejfbma</string> <string>bmafohpcljaaadcongfnhcikddlnaoin</string> <string>bohjiepdaibaajbeedilfpdniijmmccf</string> <string>odiddbcijempnhhobijfbggjogofdlgl</string> <string>fjfggdolkejgbladjgiafdfdddahiipg</string> <string>omghfjlpggmjjaagoclmmobgdodcjboh</string> <string>eelphgpfmjhndihoopgadghfonahifel</string> <string>aonncbclmineeaebnfdadmaclpbogbdl</string> <string>heajfgnegopeedndeahkdjedjkjcmnpb</string> <string>majigdgagomodbnkdkllbdmcjhmkpomo</string> <string>kfblffmcfhcclgeeialffpdamibbpkma</string> <string>bihmplhobchoageeokmgbdihknkjbknd</string> <string>oknedbefhljbabbioodiahaapfbogceg</string> <string>icpklikeghomkemdellmmkoifgfbakio</string> <string>dpplabbmogkhghncfbfdeeokoefdjegm</string> <string>padekgcemlokbadohgkifijomclgjgif</string> <string>cmgnmcnlncejehjlnhaglpnoolgbflbd</string> <string>pooljnboifbodgifngpppfklhifechoe</string> <string>gcknhkkoolaabfmlnjonogaaifnjlfnp</string> <string>dookpfaalaaappcdneeahomimbllocnb</string> <string>iilpibhiihokecnbdkaminemnmecjfed</string> <string>nbcojefnccbanplpoffopkoepjmhgdgh</string> <string>mpmikmnnnoacchojfpdgfdgpkfgajhim</string> <string>gacdmhaofgobmfldefkjoiokkbojcjfj</string> <string>hpfbfcdoiipkblfeknfggcmfppacjife</string> <string>heajfgnegopeedndeahkdjedjkjcmnpb</string> <string>mbnapgdcalopgfpleapnelndfhlebpmg</string> <string>iamifmhbkeeccbjkaenolpghohlpnioi</string> <string>pfehgnkigcnjefhopdgoflpjmacpackg</string> <string>keodbianoliadkoelloecbhllnpiocoi</string> <string>gdimmaaieipnldcnbjjndmchlialjcle</string> <string>mmkcdaeapbebfkoigbpgfhaoefemohkg</string> <string>nicidmbokaedpmoegdbcebhnchpegcdc</string> <string>cjnfcmkfdcoeckplikldabeggcohmbmj</string> <string>kpiecbcckbofpmkkkdibbllpinceiihk</string> <string>higioemojdadgdbhbbbkfbebbdlfjbip</string> <string>bfidboloedlamgdmenmlbipfnccokknp</string> <string>dbdbnchagbkhknegmhgikkleoogjcfge</string> <string>coceddmfagjgcihkbikbhpfnoomaebim</string> <string>aadhbdhoolgcjfdplbjpfmmobcjmhklf</string> <string>dakpkmgihjbkmcecmiofaolmnfepeeok</string> <string>gkicmebfnjalhhmhljadbocnjgblkbil</string> <string>cehipmfoippkmfeaclgpifclkokjoapl</string> <string>enohomemkecjkggiceggbfgbafbneblh</string> <string>eeaamfdobkkonlndpdjhdjkikidlbpca</string> <string>albbiglcfndaaphglmeaejkhepckkfgf</string> <string>bihmplhobchoageeokmgbdihknkjbknd</string> <string>jhilaocgbpkchpomekiejhldihlmhikd</string> <string>omghfjlpggmjjaagoclmmobgdodcjboh</string> <string>hoapmlpnmpaehilehggglehfdlnoegck</string> <string>hnmpcagpplmpfojmgmnngilcnanddlhb</string> <string>iaddbcgfmhnpdmpaocehjdjkcddjojel</string> <string>deoodoglhbmpafkajmlggnjnngdclnie</string> <string>mpcaainmfjjigeicjnlkdfajbioopjko</string> <string>aikkpomhgnaciipbediihdakbbbmdfil</string> <string>bblcccknbdbplgmdjnnikffefhdlobhp</string> <string>bibmocmlcdhadgblaekimealfcnafgfn</string> <string>jopjlpjeekmmnpdiplggikdjkgkfklno</string> <string>pdnfnkhpgegpcingjbfihlkjeighnddk</string> <string>keffjnnjjpeemgobbiemjhpdmbbkedmh</string> <string>ojedkepkekklpjcgdfiahladdbopbooh</string> <string>nkjfdcbhcglpgcfchigbdelajmlomdem</string> <string>joofaijfnhkhlpoippikblmnpcgfbnlf</string> <string>afeiopohodampmlfjjildanioclfhhel</string> <string>nijebgacophnpgohfblkmdbjbmfcjagd</string> <string>angbhbjbplfpkbcijbkhecjfcfgjbjoc</string> <string>jbamdbmfnnbibcemncjljnhdmdejecni</string> <string>icklgohmolmmdagbigdkhhcgdechbeje</string> <string>ilohnaeinfedeplnmehaljcojghkaibh</string> <string>hfcjancjclmdfadhgiibjillbgebchnh</string> <string>ghfbbjimolmcijjfnohefkggjgnpmmcg</string> <string>mpkfdighbiofcihjekcjnmkglkhalgol</string> <string>kkcgohjaclhbnopkjmeajmbhkgdamgck</string> <string>dmjoccepbcaemodiijjkpenalpicgeaf</string> <string>onjefhfjfboidfdggfoagbbpmlkkinib</string> <string>amgdkfbdpibcpbcmglmphcaebblkddab</string> <string>naeeohopejehgjckpkmbdojogdipklbj</string> <string>lledpflfnanamkogoclkgaggfdgoalok</string> <string>ncmnhiijmdhplkmkpejmmbpjiojchefe</string> <string>hgchgdfelliaigmoclcefcabaoipgonc</string> <string>ghnkmkmapecgbfdildhocbmcbadggfmc</string> <string>ijlialnlfikejomacaneioebmlmbphoe</string> <string>ojagfgibjiofppmilfbgmipfelkhcccn</string> <string>johnlmmilpdeggdcdbgepopajkbmbheh</string> <string>cocfojppfigjeefejbpfmedgjbpchcng</string> <string>oiaahapngnjijjgplpikimpaepddnfae</string> <string>hbgknjagaclofapkgkeapamhmglnbphi</string> <string>jljopmgdobloagejpohpldgkiellmfnc</string> <string>bblcccknbdbplgmdjnnikffefhdlobhp</string> </array> </dict> </plist>

sdagley · ‎11-14-2017

@boberito That's an impressive extension blacklist, and will make a good start for my site. I don't suppose you have a version of the list that includes the human readable names of the extension you could post so I can tell what's there without doing a search in the Chrome Web Store?

boberito · ‎11-14-2017

Unfortunately no. Some may not even exist on the Chrome store anymore. I just kept searching for "vpn", "anonymous", "proxy", "unblocker" and some other key words.

pkerobinson · ‎01-24-2018

We use a similar profile, except that we white list the ones that we allow. I'd rather add to that list when requested than "not know what I don't know" about what new VPN extensions may have been released.

However, I've just found that this is all moot with Google Canary. This profile appears to have no effect on extensions that are installed there. Has anyone found a solution to that?

shoch · ‎02-27-2018

That's what I'm seeing too. I love Chrome but hate that students can get around our firewall with these ridiculous extensions. I haven't had much luck at all with blacklisting all extensions.

I wonder if there's a way to simply delete the extensions folder all the way around. However does it make a difference where the student places the Chrome App?

boberito · ‎02-27-2018

You can restrict and block ALL extensions, that's an option. We decided that would do more harm than good since there's a lot of good ones.

CasperSally · ‎02-27-2018

We whitelist necessary extensions via config profile & all others are blocked. No issues.

pkerobinson · ‎02-28-2018

Below is the Chrome plist file we push to all our student laptops. As you can see we start by blacklisting all and then whitelist extensions as they are requested and we check them out to make sure they're not doing anything we don't want. It seems to limit the problems. We did also find that we needed to clone the Config Profile and also apply it to com.google.chrome.canary. This was after we noticed that a lot of students were suddenly using Chrome Canary and were therefore able to load all the extensions they wanted.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>DeveloperToolsDisabled</key> <false/> <key>ExtensionInstallBlacklist</key> <array> <string>*</string> </array> <key>ExtensionInstallWhitelist</key> <array>  <string>aohghmighlieiainnegkcijnfilokake</string>  <string>felcaaldnbdncclmgdcncolpebgiejap</string>  <string>aapocclcgogkmnckokdopfmhonfmgoek</string>  <string>inoeonmfapjbbkmdafoankkfajkcphgd</string>  <string>gbchcmhmhahfdphkhkmpfmihenigjmpp</string>  <string>aapbdbdomjkkjkaonfhkkikfgjllcleb</string>  <string>lhiccpgcnopcjjdobhoddnplkebplfaj</string>

</array>
</dict>

</plist>

dmccandless · ‎03-28-2018

Did you put that plist in script or make a file and push it?

pkerobinson · ‎03-28-2018

I uploaded the file to my JSS as a custom settings payload in a Config Profile with the pref domain set to com.google.chrome.

shoch · ‎01-16-2019

Great info and help everyone!

I am running into a problem though. I can get this plist to deploy perfectly and block ALL extensions on my test machines, however when I try to deploy it to a few student machines in the real world, it doesn't go into their "preferences" folder and work.

I've even tried to manually copy the plist (com.google.chrome) into the "preferences" folder but there it sits. It doesn't affect Chrome like on my test machines. On the test machines it kills the extensions in a matter of seconds and removes any ability to reinstall them.

Any ideas?

Jamf Nation Community

Configuration Profile to block Chrome Extensions