How to disable already installed Chrome Extensions

bcbackes
Contributor II

Looking for some help on this one. I received a list of extensions to block from my Security team. That is all fine and dandy since I can add them to the "ExtensionInstallBlacklist", which, will prevent users from installing them. However, in testing this, I found that if it's already installed before I send out the config profile it doesn't do anything with that extension.

I tested this by installing Adblock Plus (cfhdojbkjhnklbpkdaibdccddilifddb) on a Mac. I then deployed out the config profile and found Adblock Plus was still there and functioned correctly. I even closed and reopened Chrome. If I remove Adblock Plus manually, then, try to reinstall it, then, then it is blocked from reinstalling with the profile in place still.

Has anyone found a way to disable and/or remove already installed Chrome extensions via configuration profile? I even tried the "BlockExternalExtensions" setting but that did nothing. Thank you in advance!

1 ACCEPTED SOLUTION

bcbackes
Contributor II

@jorge.blandon Yes, I ended up getting this working. What did I do differently, nothing. I struggled for a bit adding it to the ExtensionInstallBlacklist and removing it. Then, readd and remove again. For whatever reason I couldn't figure out why it isn't work. I searched the web and found a document somewhere that said to disable previously installed extensions to add it to the ExtensionInstallBlacklist.

So, round 20 something I tried it again, and, it worked! Looking back on it I think the reason why it didn't work is because I had 2 or 3 other configuration policies all trying to adjust something in Chrome. So, I ended up combining them all into one. In my testing, I had AdBlock Plus installed, with no Chrome config profiles applied to the Mac. I then added AdBlock Plus to the ExtensionInstallBlacklist and deployed the config profile to the test Mac. I had Chrome open at the time and found the extension disappear from the toolbar. When I went into Extensions I saw it listed there, but, it wasn't enabled. I was able to click the button to enable it, but, when I went back out it wasn't enabled. Basically, you can flip the toggle for the extension, but, it doesn't do anything. Rebooted the Mac, closed reopened Chrome and everything was still legit.

Here's the URL to the site: https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallBlacklist

Now, I moved on to I different issue. Trying to figure out why our Chrome browsers does pass-thru authentication into our internal intranet site but not on the Macs.

Hope that helps.

View solution in original post

4 REPLIES 4

jorge_
New Contributor III

@bcbackes Did you figure this out? I am looking for this as well.

bcbackes
Contributor II

@jorge.blandon Yes, I ended up getting this working. What did I do differently, nothing. I struggled for a bit adding it to the ExtensionInstallBlacklist and removing it. Then, readd and remove again. For whatever reason I couldn't figure out why it isn't work. I searched the web and found a document somewhere that said to disable previously installed extensions to add it to the ExtensionInstallBlacklist.

So, round 20 something I tried it again, and, it worked! Looking back on it I think the reason why it didn't work is because I had 2 or 3 other configuration policies all trying to adjust something in Chrome. So, I ended up combining them all into one. In my testing, I had AdBlock Plus installed, with no Chrome config profiles applied to the Mac. I then added AdBlock Plus to the ExtensionInstallBlacklist and deployed the config profile to the test Mac. I had Chrome open at the time and found the extension disappear from the toolbar. When I went into Extensions I saw it listed there, but, it wasn't enabled. I was able to click the button to enable it, but, when I went back out it wasn't enabled. Basically, you can flip the toggle for the extension, but, it doesn't do anything. Rebooted the Mac, closed reopened Chrome and everything was still legit.

Here's the URL to the site: https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionInstallBlacklist

Now, I moved on to I different issue. Trying to figure out why our Chrome browsers does pass-thru authentication into our internal intranet site but not on the Macs.

Hope that helps.

gabester
Contributor III

Hey @bcbackes did you ever figure this part out?

Trying to figure out why our Chrome browsers does pass-thru authentication into our internal intranet site but not on the Macs.

Depending on the authentication you use in your environment it may be something like enabling Kerberos within Chrome. Windows enables this/its equivalent by default.

bcbackes
Contributor II

@gabester I reached out to my SharePoint team and found that the internal intranet site isn't setup to use Kerberos, so...... I guess that isn't going to happen at this time.