Creating Custom Configuration Profile Payload for Google Chrome

dstranathan
Valued Contributor II

Im working on my first custom payload for an OS X configuration profile. This particular profile will be for Google Chrome. I want to mange these (2) SSO settings:

AuthNegotiateDelegateWhitelist=.mycompany.org
AuthServerWhitelist=.mycompany.org

I'm looking for advice to confirm if Im understand the steps correctly:

-Manually configure up the prefences I want in Googe Chrome on a "clean" IT test Mac. Quit Chrome.
-Open the com.google.Chrome.plist file in a text editor and remove all extraneous key/value pairs that I do NOT want to manage.
-Convert the .plist file to XML (/usr/bin/plutil -convert xml1 /path/to/file)
-Create a new Configuration Profile in the JSS and chose "Custom" Payload.
-Upload the customized XML com.google.Chrome.plist file to the JSS.
- Scope the Configuration Profile accordingly, etc

Do these steps look correct?

Once created and uploaded, can I manage this profile at the computer level? Or does it have to be managed at the user level (Im asking because Chrome preferences generally exisit at the user level). Will computer level settings trump all user preferences for these specific settings?

Is this a best way to manage the Google Chrome settings, than compared to my current method of running a Policy/script that uses OS X's /usr/bin/defaults command to recursivley write these settings to each user's Google Chrome preferenes?

a89dded149994972ba7f1710ed5152cb

ae045f009289404eaad953544d4874e4

6 REPLIES 6

boberito
Valued Contributor

Not sure about that exact setting

But that's what we do to manage some settings in Chrome

We do DisablePrintPreview=true which then makes chrome use the system printing dialog vs Chrome's. And we have a bunch of extensions I block with ExtensionInstallBlacklist.

dstranathan
Valued Contributor II

Do you apply to the computer level or the user level?

boberito
Valued Contributor

Computer level so that it sets it for all potential users on the computer

milesleacy
Valued Contributor

@dstranathan Your general methodology is correct.

@boberito I'd be interested in seeing more about your ExtensionInstallBlacklist settings.

boberito
Valued Contributor

So we found kids using VPN extensions to get around our content filtering. Unfortunately, it's a cat and mouse game to block them. BUUUUUT it kind of works.

{ExtensionInstallBlacklist=[gjknjjomckknofjidppipffbpoekiipm, omdakjcmkglenbhjadbccaookpfjihpa, mjnbclmflcpookeapghfhapeffmpodij, ckiahbcmlmkpfiijecbpflfahoimklke, kpiecbcckbofpmkkkdibbllpinceiihk, fdcgdnkidjaadafnichfpabhfomcebme, gkojfkhlekighikafcpjkiklfbnlmeio, omghfjlpggmjjaagoclmmobgdodcjboh, fcbnikgemihknccdjaihjnfbapinljpi, nlbejmccbhkncgokjcmghpfloaajcffj, enhcpffgidjhkgnnmiaeennhgjldopeh, caaaookbdgdemjmegjgnbpmlchibhmpd, eoeecjmgnmpnljngnagabdpmahamaaoh, mafcnffiekamcoipelofhbnpnhjppged, pbfcogippadlgmoiejpmcpooakejfbma, bmafohpcljaaadcongfnhcikddlnaoin, bohjiepdaibaajbeedilfpdniijmmccf, odiddbcijempnhhobijfbggjogofdlgl, deoodoglhbmpafkajmlggnjnngdclnie, fjfggdolkejgbladjgiafdfdddahiipg, omghfjlpggmjjaagoclmmobgdodcjboh, eelphgpfmjhndihoopgadghfonahifel, aonncbclmineeaebnfdadmaclpbogbdl, heajfgnegopeedndeahkdjedjkjcmnpb, majigdgagomodbnkdkllbdmcjhmkpomo, kfblffmcfhcclgeeialffpdamibbpkma, bihmplhobchoageeokmgbdihknkjbknd, oknedbefhljbabbioodiahaapfbogceg, icpklikeghomkemdellmmkoifgfbakio, dpplabbmogkhghncfbfdeeokoefdjegm, padekgcemlokbadohgkifijomclgjgif, cmgnmcnlncejehjlnhaglpnoolgbflbd, pooljnboifbodgifngpppfklhifechoe, gcknhkkoolaabfmlnjonogaaifnjlfnp, dookpfaalaaappcdneeahomimbllocnb, iilpibhiihokecnbdkaminemnmecjfed, nbcojefnccbanplpoffopkoepjmhgdgh, mpmikmnnnoacchojfpdgfdgpkfgajhim], DisablePrintPreview=true}

If you go to the chrome web store and click on any of the things in there the address has the unique ID for each chrome app - for example for Polar Photo Editor - https://chrome.google.com/webstore/detail/polarr-photo-editor/djonnbgfieijldcieafgjcnhmpcfpmgg?utm_source=chrome-ntp-icon

deborahgagnon
New Contributor

I tried this but am very confused. How does the config profile I created override the default Chrome settings? More to the question - I did this and it did not do anything .... I modified the plist to change default home page etc and when I open Chrome (after I deploy my config profile) - it does NOT open to the home page I set in my plist....confused?