Posted on 03-09-2017 11:30 AM
Our organization has a need to set user policy settings in chrome. Currently I'm handling this by using this single command - "sudo -u $currentuser defaults write com.google.Chrome AuthServerWhitelist "*serverhere.com"
While this works, new users who sign into the machine do not get this setting unless we re-run the script.
Is there a way to configure this using a configuration profile and apply it to all users?
Posted on 03-09-2017 11:44 AM
Run the script once per computer per login and you'll be set.
Edit: And trigger the policy with Login.
Posted on 03-09-2017 01:46 PM
To answer your question about making that into a Configuration Profile, here are steps you can take. This generally works pretty well when you need to create a one off CP that contains one or a few specific settings in it.
defaults write ~/Desktop/com.google.Chrome.plist AuthServerWhiteList "serverhere.com"
AuthServerWhiteList
setting in it.plutil -convert xml1 ~/Desktop/com.google.Chrome.plist
Hope the above helps.
Posted on 03-09-2017 02:43 PM
I'm going to try your suggestion now. I also found that part of the issue is that if the user never ran Chrome, the .plist file would not exist, causing the script to fail. I'm hoping the configuration profile will fix this.
Another question -- if I wanted to include multiple settings in one plist, what would the syntax be?
I'm also running into similar issues with Firefox.. if the script ran before Firefox was launched at least once, there's no config files to modify.
Posted on 03-09-2017 02:49 PM
Your defaults write command shouldn't be failing just because the file doesn't exist. It should create the plist file and add AuthServerWhitelist to it.
I'm using a very similar process and running it at login works perfect, even for new users who have never launched Chrome.
#!/bin/bash
defaults write /Users/$3/Library/Preferences/com.google.Chrome.plist AuthServerWhitelist "*.domain.com"
chown $3 /Users/$3/Library/Preferences/com.google.Chrome.plist
Posted on 03-09-2017 02:57 PM
@cbrewer Let me try what you're doing. I'm using "sudo -u $currentuser defaults write com.google.Chrome AuthServerWhiteList "settingshere" and it's not creating the .plist file.
I'm also pushing at recurring check-in. Our users hardly ever log out and log in, and all use laptops which seem to not check-in on logout /logoff while on the wifi.
Posted on 03-09-2017 03:19 PM
@cbrewer Just confirmed yours is working. I wonder why mine wasn't creating the file...
Edit:: It creates the .plist file, but the actual settings don't take effect when I view them in about://policy
Here's what I put in a script and ran
defaults write /Users/$3/Library/Preferences/com.google.Chrome.plist AuthServerWhitelist "iwa.xxxxx.com"
defaults write /Users/$3/Library/Preferences/com.google.Chrome.plist AuthNegotiateDelegateWhitelist "iwa.xxxxxx.com"
chown $3 /Users/$3/Library/Preferences/com.google.Chrome.plist
exit 0