-
Notifications
You must be signed in to change notification settings - Fork 909
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Group Policy #1174
Comments
The code was submitted by @marcospgp |
Hello! This is a MUST because I need to implement this in VDI environments where a centralized management for all users is the ideal! If not a GPO where the settings of the Great Suspender are stored? Would it be possible to copy the configuration file or registry keys from one users to another? |
The settings described in the readme should be set directly as registry values through the group policy. When developing that feature I edited my computer's registry directly to test the effects. https://theitbros.com/add-modify-and-delete-registry-keys-using-group-policy/ |
@marospgp, thanks for coming back to us but the answer is to vague. What is the starting point of the registry setting, ie. HKCU\SOFTWARE\Google\Chrome\Extensions\klbibkeccnjlkjkiokjodocebajanakg WHITELIST contains per line sites to whitelist, ie: I tried above on my pc but my whitelist remained the same. What is the TAG version that includes support for GPO usage? I have v7.1.6 |
Forgive me, it's been a while since I last looked at this. You need to follow Chrome's instructions on setting group policy values for browser extensions: Check this https://support.google.com/chrome/a/answer/7532015?hl=en or this https://support.google.com/chrome/a/answer/7532015?hl=en for example |
Thanks for answering. I'm looking at this https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ExtensionSettings Which actually points template and to the following registry key: However this looks like just extensions permissions and where it's allowed to run and not "in extension" settings. |
@marcospgp can you share a example json string which I can enter into the GPO setting named Extension management settings |
Has anyone implemented this in a RDP environment? |
I've tried adding json to ExtensionSettings in many different formats, but none of the code I use works because ExtensionSettings seems to apply only to settings outside of the extensions (like permissions, whitelists and install locations). I cannot, for example, get the json to adjust actual in-app settings. See example json code below (note I have tried this code in MANY different variations, the best I can get is for it to tell me that the parameter isn't valid). To help others figure this out: Here are some useful links: |
Yeah as I suspected, these GPO settings are just Settings for the Extensions access permissions and urls allowed to run it. @marcospgp we need accurate examples of how to use the parameters, please. |
@marcospgp any progress been made on advising us what registry keys we need to use? |
@deanoemcke is there an option to use a command URL to update settings? I could then put this into shortcut for user and on opening Chrome the settings are updated? |
@JonathanPitre try surrounding the items in the whitelist with quotes and separating multiple items with a comma, such as Also apologies for the lack of info, but it's been a long time since I was hired to work on this and I don't remember most of the details. Should have done a better job with documentation! |
Hi @marcospgp I have already tried with "google.com" and I still don't see the URL in the whitelist. Also can you tell us if this would work for Microsoft Edge as well ? I have tried this reg key and it does not do anything. HKLM:\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\klbibkeccnjlkjkiokjodocebajanakg\policy |
@JonathanPitre I tried to using provided registry keys and it did nothing. Are the changes apparent in the TGS extension settings? To be clear I tried both paths HKLM and HKCU: Even tried to reinstall TGS to see if the settings would work only upon installing, but to no avail. |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\klbibkeccnjlkjkiokjodocebajanakg\policy
does work for me but I tested with a brand new profile. One thing I
noticed is that it takes a few minutes for the change to be visible in the
settings. Best to close the settings windows after the extension has been
installed and re-open it.
…On Thu, Jul 30, 2020 at 5:26 PM CAPA ***@***.***> wrote:
@JonathanPitre <https://github.com/JonathanPitre> I tried to using
provided registry keys and it did nothing. Are the changes apparent in the
TGS extension settings?
[image: TGS_KeyTest]
<https://user-images.githubusercontent.com/25531465/88975835-56687a80-d291-11ea-92c4-3f29c1bed14e.jpg>
To be clear I tried both paths HKLM and HKCU:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\klbibkeccnjlkjkiokjodocebajanakg\policy
HKEY_CURRENT_USER\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\klbibkeccnjlkjkiokjodocebajanakg\policy
SUSPEND_TIME REG_SZ 15
UNSUSPEND_ON_FOCUS REG_SZ true
Even tried to reinstall TGS to see if the settings would work only upon
installing, but to no avail.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1174 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ADSO5QONYTC73NOLA47GIL3R6HQSDANCNFSM4OCBE7KQ>
.
--
Jonathan Pitre
|
I tested manually in my machine, not via GPP.(Which would give the same result) |
Nothing special really, are you using a STRING value? yes in my case the extension is being installed by GPO as well |
@JonathanPitre can you export your working registry settings to file and share so we can test with these? Feels like we are getting close and it will make my day when we can get this working, Ultimately the two most important options I need to work are WHITELIST and SUSPEND_TIME. |
Yes i'm using string(REG_SZ) as type. @carl039 have you tried what Jonathan did? |
@JonathanPitre When you say you started with a new profile was that a new Chrome Profile or Windows Profile ? I was hoping just doing this in the F12 Console view would have been enough to reset TSG back to factory default. Here is the registry setting I have for SUSPEND_TIME set to 30 but it doesn't work: What am I missing? |
@carl039 I meant Windows Profile |
@JonathanPitre tried with new Windows profile and it didn't work. Seems to be overly complicated and even if that had worked the next hurdle to overcome would to make it work with existing Windows profile. |
Trying to get this working in our environment as well, and it's not functional. My basic question is, does this work with the version in the Chrome extension store or do I need to figure out how to build it manually? I know people are saying they did nothing special to install it...I am running the version from the Chrome extension store, and when I put in chrome://policy it does not show the Great Suspender as supporting policies. Since the version I have (7.1.6 according to the About page) doesn't seem to support policies, the process above doesn't work. Looking at this more, I see the extension files I installed on a new workstation today do not include the file:: managed-storage-schema.json This file is responsible for the policies and is required....simply adding the file didn't work to get the policies working, so I assume it also needs to be loaded from somewhere. Can the devs clarify this? @marcospgp @deanoemcke |
It seems to me the front page should be updated to remove mention of this functionality until someone can tell us how it actually works. |
Just an idea if its time/money to get it fixed what is the cost to just to get it done? |
For those of you wondering... I've not worked on browser extensions before, but it looked to me the latest Chrome Web Store version of the extension was not "registering" on chrome://policy to be able to access managed storage - and neither were any of other releases which I tested from this Github repo. Wasted hours blindly trying to amend the latest release, only to find that the latest repo code (showing as v7.1.8) already has the required code to get the extension to work with Chrome managed storage (manifest, JSON schema, etc) little bit of a shame that nobody here bothered to mention that in any of the replies above...!? Anyway, to get this working...
As pointed out by someone above, documentation is missing basic information...
Alas, after all this I won't be rolling out the extension as it hasn't yet been updated on the Chrome Web Store.... (edit: v7.1.8 is now live on Web Store! 👍) |
@aciidic great job. TGS updated to v7.1.8 just now on my pc. When I have some spare time I am going to revisit this to see if its now working. Fingers crossed... |
@aciidic now that's some consistent information! Thank you very much. |
Not sure if it matters, but I use REG_DWORD insead of REG_SZ for the boolean options, and yes either 1 or 0 for true or false. Check in your chrome://policy to see if it's listed? |
Just the small issue now that settings take a couple of attempts to be reflected in TGS settings.
Just read @aciidic original comments and it was reported the same as me with settings only taking on 2nd chrome reload. |
Here are the registry default registry settings for HKCU, copy paste into file and then import the .reg file. Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\klbibkeccnjlkjkiokjodocebajanakg\policy] |
@carl039 Same behaviour that I experienced, however regarding SUSPEND_TIME this does need to be a string (REG_SZ) The only times to use REG_DWORD is for the boolean options - I haven't personally tested if REG_SZ and REG_DWORD can be used interchangeably - as the settings I found in post #1174 (comment) worked as intended |
Any ideas how to get Group Policy to update TGS extension as users are currently on 7.1.0 and only method I have found to get them to upgrade to 7.1.9 is to force manual update in Chrome using this method: I am using the Chrome GPO user setting: Configure the list of force-installed apps and extensions to force the TGS extension onto users chrome. This has been live for a few years and turns out its not been updating itself for some time. I was hoping Chrome would have just done it but seems not in our RDS environment. Also is anyone working on a ADM or ADMX template? |
My attempt to remove tracking, notifications & permissions from the latest v7.1.8, for those interested in testing a privacy-preserving version of this plugin. |
Abandoned TGS. |
I see that TGS now supports Group Policy according to the readme page here but doesn't tell you how to use it. Can you advise if there is an ADMX file to download?
The text was updated successfully, but these errors were encountered: