Google Chrome for Business with Policy Template

Discussion in 'other software & services' started by wat0114, Jan 8, 2013.

Thread Status:
Not open for further replies.
  1. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    Thanks to member Kees1958 who provided the information, it is possible to harden Google Chrome with a Business version and importable Group Policy template found here.

    I've got many of the settings enabled/configured and so far it is functioning as expected, with the exception of the "Configure the home page URL" setting. For some reason Chrome won't open to it, but that is the only issue, a minor one, so far :)

    Some screen shots below...
     

    Attached Files:

  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    You don't need the business version, you can enforce policies via a .json file in all versions of Chrome. At that point it's a matter of setting the file so that only an administrator can change things.

    I don't see this as being useful unless you're hardening someone else's computer without giving them Admin access.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I actually believe that .json is only for Linux. Mac is MCX and Windows has group policies.

    Source: -https://support.google.com/chromeos/a/bin/answer.py?hl=en&answer=188447
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Installed policies:
    When the rules are installed they have same impact. So I understand your point of view.

    User interface
    Someone with programming/scripting skills would prefer JSON, others will problably prefer a mechanism they allready known, like GPO. Downside of GPO you need to have at least a Pro version. So again I understand your point of view.

    Authorisation
    Group Policy changes are UAC protected and can't be changed from the protected object itself (with medium/user rights), where as JSON is Javascript Object Notification File which can be installed by an extension. Everyone entitled to his/her own opinion, but let's agree to disagree on this authority issue

    Knowledge
    Finding out yourself is good for knowledge development, being an forum enthousiast (not an expert) it is easier to follow GPO templates provided by SANS and NSA security experts. Again let's agree to disagree on this copycat issue
    Link http://www.root777.com/security/goo...tings-and-configuration-guide-for-enterprise/
     
    Last edited: Jan 8, 2013
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    In terms of the JSON they (an attacker) would need access to it, which would be protected by simply setting the file to require admin access. If they already have admin access you're screwed, and even if they don't and you've set it to medium integrity you're assuming the process is compromised, meaning things like Javascript/Images won't really matter.

    I wasn't trying to say GPO is worse than JSON, and I think m00n is correct that on Windows you use GPO.

    What I mean is that this won't protect you. It's just useful for a business to stop users from changing default settings - I don't see a situation where having your scripting enforced through this as opposed to regular settings matters much.

    Can't hurt though.
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    @ WAT0114,

    Like you I have whitelisted my extensions (Bookmarks Menu = IE like bookmarks and New Tab Behaviour = new tab replaced by Startpage.com, also has the advantage that forced running incognito does not show the incognito tab). Blacklisting all except specified extensions, reduces Browser infection risks

    See pics for home page and startup page
     

    Attached Files:

  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last edited: Jan 8, 2013
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,983
    Location:
    Canada
    I see you're using this too, Kees :) I agree with Hungry this approach is not needed to govern oneself on a single user pc. However, on a multi-user pc this could help prevent others from messing with restrictive settings and adding useless and/or poor extensions, as well as restrict against running javascript in unwanted domains and such.

    Another good reason :thumb:
     
  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Since Vista I copy a subset of my GPO/SRP settings to my wife's laptop :D so copying GPO to other PC's in same network also is an usefull application
     
  10. exus69

    exus69 Registered Member

    Joined:
    Mar 15, 2009
    Posts:
    160
    Has anyone here tried the URL whitelisting/blacklisting option in the Chrome templates?? It simply refuses to work. I was using "Whitelist for Chrome" extension but now its behaving weirdly after the latest chrome update(Reminds me of why m00nbl00d prefers to use the native functionality than extensions).
     
  11. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I don't see how Chrome could seriously be considered to be used in a business environment. Chrome seems more for entertainment and a long ways from being ready for business.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    What exactly makes you say that?
     
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    The frequent updates present a browser that is essentially not stable enough to use in a business environment. Plus the way the browser handles documents and other business related tasks leaves a lot to be desired.
     
Loading...
Thread Status:
Not open for further replies.