Unfortunately disabling the password manager does not remove existing stored passwords. So that is how you can easily apply a GPO to a specific group of users. When I open the chrome browser under this user’s login the chrome password manager is enabled. You can see in the screenshot below the GPO “User – Chome Settings” was not applied (denied). Now I’ll log into the computer as “Alan Keys” a user that is not part of the security group. When I open the chrome browser the password manager is disabled. I’ll use the gpresult command to verify the GPO is being applied.Ībove you can see the “User – Chrome Settings” GPO is applied. I’ll log into a computer as “Adam S Reed” (the user is a member of the configured security group). Any user that is a member of the group will get the GPO applied, all other users will be denied (security filtered) the GPO. Now the GPO is configured to only apply to the configured security group. Select “Authenticated Users” and uncheck Allow for “Apply group policy” Next, click the advanced button in the lower right. Then, click the delegation tab at the top. For me, this is my “GPO-disable-chrome-password” group. Next, add the security group created from step 1. On the scope tab of the GPO click the “Add” button under Security Filtering. Step 2: Add The Security Group to the GPO Security Filtering. I added three users from various departments. Next, add the users to the group that you want the GPO to be applied to. Step 1: Create a new Active Directory security group.įor example, I’ll create a new security group called “GPO-Disable-Chrome-Password”. The only difference in this example is that I’m using GPO Security Filtering to limit which users the GPO applies to. Note: I’m using the same GPO policy from the previous example. If you want to disable chrome password saving for specific users or groups then follow these steps. GPO Disable Chrome Password Saving For Specific Users With it disabled via GPO the user will not be able to save passwords in the browser or turn on the password manager. Here is a screenshot showing the browser password manager enabled, this is before applying the GPO.Īfter applying the GPO, I’ll check chrome and see if the password manager is disabled. With the GPO created run gpupdate on a computer or reboot it for the policy to apply. Import saved passwords from default browser on first run set to disabled.ĭisable synchronization of data with google set to enabled. User Configuration -> Policies -> Administrative Templates -> Google ChromeĮnable AutoFill for credit cards set to disabled.User Configuration -> Policies -> Administrative Templates -> Google Chrome -> Password managerĮnable AutoFill for addresses set to disabled.Set the following user configuration policies:Įnable saving passwords to the password manager set to disabled. I’ve called mine “User – Chrome Settings”.Ģ. In my domain, all users are in the ADPRO Users OU. Create a new GPO and link it to an organizational unit (OU) that contains all users. With the chrome GPO templates installed, the next step is to create the policy to disable password saving.ġ. Step 2: Create Chrome Password GPO Policy To learn more check out my guide on How to configure the Group Policy Central Store. This also allows administrators to use the same GPO templates and load them from multiple computers. Pro Tip: It is easier to manage and install group policy templates using the group policy central store. They will show up under policies -> Administrative Templates – > google for both computer and user configuration. Open the group policy editor, and from a new or existing GPO verify, the chrome templates are installed. The chrome GPO templates should now be installed. In the admx folder, copy and paste the two admx files (chrome.admx
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |