Disable Chrome Updates

TCBIW
New Contributor III

I know this has been asked about a thousand times, but I wanted to try asking to see if there is info out there that I don't have.

I SPECIFICALLY would like to get chrome on mac to say "Updates are disabled by your administrator." I do not want it to error out, or anything weird like that. I want to know if there is a definitive way on Mac to mimic what I am able to do with Chrome on windows.

I get this on Windows with 1 registry key. I would LOVE to see this exact message on Mac devices.
0a4332805e7f4d26a18c04719884f684

Thanks,
Tim

1 ACCEPTED SOLUTION

sirsir
Contributor

I take out the KeystoneRegistration from the following path: "Google Chrome > Contents > Versions > 66.xx > Google Chrome Framework > Versions > A > Frameworks" and then package it up. It takes out Chrome's ability to update automatically. When you go to Chrome > About it only says the version number, nothing else.

View solution in original post

15 REPLIES 15

Cornoir
Contributor II

I use the Restricted Software option in the JSS to disable Google Chrome being able to update.
Process Name: GoogleSoftwareUpdateAgent.app
Check ; Restrict exact process name Kill process

Users going to About Google Chrome will see the following:00680b37285043079d0b0e4637982094

sirsir
Contributor

I take out the KeystoneRegistration from the following path: "Google Chrome > Contents > Versions > 66.xx > Google Chrome Framework > Versions > A > Frameworks" and then package it up. It takes out Chrome's ability to update automatically. When you go to Chrome > About it only says the version number, nothing else.

TCBIW
New Contributor III

@SirSir that is brilliant. I'm going to copy that method - will look way nicer to my end users.

Thanks!

c_archibald
Contributor II

Go like a pro!

Tommi
New Contributor

Which registry key did you use to stop chrome auto updates? I want to disable chrome updates on windows pc, but i have never found the right way to do it

kburns
New Contributor III

@SirSir Your way definitely works. Tested and confirmed. Thanks!

I did find another supported method from Google that they seem to hide for whatever reason. This way is done with a configuration profile. Just figured I'd throw out another option for people that might want an alternative method.

https://support.google.com/chrome/a/answer/7591084?hl=en

Setting your UpdateDefault integer in the com.google.Keystone.plist to 3 results in the following. It's not the prettiest, but it works.

06d061b958d24ab2857c07b624a093d6

donmontalvo
Esteemed Contributor III

@kburns we tested that and it works fine, the added plus is it is supported by Google (or whatever the heck they call themselves now).

--
https://donmontalvo.com

nessts
Valued Contributor II

link to the google docs anyway... https://www.jamf.com/jamf-nation/discussions/28055/disable-chrome-updates

spotte15
New Contributor

@kburns & @donmontalvo

I'm struggling to get this working as I have followed the Google Article with NO success.

Would you be so kind to share how y'all got it to work or even share your CF??

Thanks!!

rqomsiya
Contributor III

Hi all,

I use this script to kill the keystone. I just add this as a script to run AFTER install of Chrome pkg.

#!/bin/sh

rm /Applications/Google Chrome.app/Contents/Versions/*/Google Chrome Framework.framework/Versions/A/Frameworks/KeystoneRegistration.framework/KeystoneRegistration

exit 0

smpotter
New Contributor III

@kburns & @donmontalvo - I'm struggling to get this to work with a CF, would you mind sharing more info or the CF itself?

nessts
Valued Contributor II

here is my profile

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>PayloadContent</key> <array> <dict> <key>PayloadContent</key> <dict> <key>com.google.Keystone</key> <dict> <key>Forced</key> <array> <dict> <key>mcx_preference_settings</key> <dict> <key>updatePolicies</key> <dict> <key>com.google.Chrome</key> <dict> <key>TargetVersionPrefix</key> <string>70.</string> <key>UpdateDefault</key> <integer>3</integer> </dict> <key>com.google.Chrome.canary</key> <dict> <key>UpdateDefault</key> <integer>2</integer> </dict> <key>global</key> <dict> <key>DownloadPreference</key> <string>cacheable</string> <key>UpdateDefault</key> <integer>3</integer> </dict> </dict> </dict> </dict> </array> </dict> </dict> <key>PayloadEnabled</key> <true/> <key>PayloadIdentifier</key> <string>MCXToProfile.11822e9e-d7be-47a4-9a07-dba52417ba56.GoogleSoftwareUpdate.9092f47f-b06a-43de-b137-d157f1996441</string> <key>PayloadType</key> <string>com.apple.ManagedClient.preferences</string> <key>PayloadUUID</key> <string>9092f47f-b06a-43de-b137-d157f1996441</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </array> <key>PayloadDescription</key> <string>Included custom settings:com.google.Keystone</string> <key>PayloadDisplayName</key> <string>Google Chrome Update Policies</string> <key>PayloadIdentifier</key> <string>com.google.Keystone</string> <key>PayloadOrganization</key> <string></string> <key>PayloadRemovalDisallowed</key> <true/> <key>PayloadScope</key> <string>System</string> <key>PayloadType</key> <string>Configuration</string> <key>PayloadUUID</key> <string>11822e9e-d7be-47a4-9a07-dba52417ba56</string> <key>PayloadVersion</key> <integer>1</integer> </dict> </plist>

SlidewaysF30
New Contributor III

@SirSir Have you still had luck with this method? I recently tried it in my environment and it appeared to work great for about a week or so and now they are all going back to auto-update.

EDIT: Actually to clarify, as I seem to have jumped the gun, some of the machines are reverting back to auto-update. So far I have seen it on two 10.12 and two 10.13 machines. A couple of my VM's still have auto-update disabled, but I think they may end up getting enabled as well...I wonder if Google is forcing it to re-activate somehow.

McMike
New Contributor

Chrome just moved the location of the KeystoneRegistration.framework directory with 75.0.3770.90.

It is no longer here:
/Applications/Google Chrome.app/Contents/Versions/"$ChromeVersion"/Google Chrome Framework.framework

They stuck it here:
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/"$ChromeVersion"/Frameworks/KeystoneRegistration.framework

I'm assuming with each update they will add a versioned directory like before, so the script I use will still work.

This is the script I add to the package we use to install Chrome. No editing required, it will work with each new version (until Google changes this file structure again)

#!/bin/sh

ChromeVersion=$(/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --version | awk '{print $3}')
sudo rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/"$ChromeVersion"/Frameworks/KeystoneRegistration.framework

jamf_sam
Moderator
Moderator

The Chrome for Enterprise Team has published a new kBase on Managing Chrome Browser Updates with Jamf Pro (macOS). This takes advantage of Jamf's Application and Custom Settings Payload.