Google Chrome Extensions Whitelist

jarredondo
New Contributor II

I was able to get the Google Chrome Extension Blacklist up and running without issue, and it is working great. The second I block one extension, the students move on to another, so I am hoping to do the reverse and block everything and allow just a few. I thought that it would be an easy fix to change the key from <ExtensionInstallBlacklist> to <ExtensionInstallWhitelist>, but that isn't working. Has anyone had success with a specific script that you could share? I have spent time browsing the community posts, and most are from several years ago.

Just for reference, this is the Blacklist Script I am using:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>DeveloperToolsDisabled</key> <true/> <key>ExtensionInstallBlacklist</key> <array> <string>mkccemimdjbojildcllapppfhphcfmkn</string> <string></string> </array>
</dict>
</plist>

Thanks in advance for any help, I am newer to JAMF and took over for someone that was let go and left things a bit of a mess.

15 REPLIES 15

a_hebert
New Contributor III

What version of Jamf Pro are you on?

jarredondo
New Contributor II

@a.hebert 10.19.0-t1580394015

a_hebert
New Contributor III

@jarredondo You can use a schema in 10.19 in a config profile to blacklist all extensions and then you can set a whitelist for them. it is easier to use this than to have to rewrite the plist file for every extension. https://github.com/Jamf-Custom-Profile-Schemas/Ahebert76
That is my small json that can be put into the config profile.

jarredondo
New Contributor II

@a.hebert Thank you so much for sharing this. I really appreciate it. I got it set up to the point where I enter the entries. This is probably a really stupid question, but do I put the extension ID in this field for the whitelist? What do I put in the blacklist to 59be9279daaa41428ac283b7ce642bf8
block all of them? Again, so sorry for the dumb questions and thanks for the help.

a_hebert
New Contributor III

@jarredondo So for the Blacklist add a value and put an asterisk (*) in the entry field. That will blacklist everything. For the extensions put the extension ID. 9ed017460dbb4b92949d892527d59ccc

jarredondo
New Contributor II

@a.hebert This is a game-changer! Thank you so much for all of your help!

a_hebert
New Contributor III

@jarredondo You are welcome! It was a gamechanger for us also

jorge_
New Contributor III

Hi @jarredondo would you have something like this for firefox as well?
also, if you run this script after the extension has already been installed by the user, how would you handle removing them?

Zeek
Contributor

Hey @jarredondo I have the same question as @jorge.blandon. How do you removed the existing extensions installed by the user?

ckruter
New Contributor II

@a.hebert 70966d6087e949e4a38b23049621728f
This JSON is great! I am guessing that putting an asterisk for the other items like "Allow Outdated Plugins" will not allow them in the same way it will block "everything"?
Will this also work for Google Chrome Applications? We'd like to Whitelist those as well. If I am wrong in that deduction please feel free to correct me :)

Thank you in advance!

kcranford
New Contributor II

I must be doing something wrong with this. I setup a whitelist and put in an asterisk for the blacklist but it still allows users to install any extensions. Has anyone else had this issue?

kcranford
New Contributor II

Never mind my recent post I found out that we had another policy conflicting with this one. Wish I could just delete the post.

ckulesza
New Contributor III

It is definitely Monday... I have this configured and used the asterisk in the black and white list as our InfoSec wants all blocked for now. I am still able to install Extensions... What the heck am I doing wrong? Thanks

cc_rider
New Contributor III

I just did a quick test and you are right - the * (asterisk) is NOT blocking anymore. What was changed, because it drives me nuts when something like this is happening?

WS
New Contributor II

Chrome updated the names for the extension block/white/allow lists. Edit the Schema file to change the names, then add the new categories using the 'add/remove properties' button.

ExtensionInstallBlacklist = ExtensionInstallBlocklist

ExtensionInstallWhitelist = ExtensionInstallAllowlist

ExtensionInstallForcelist can force extensions to all computers